Top five priorities to focus on in compliance programs for 2023

13 June 2023
Knowledge Base

by Alex Movchan

We recently conducted an interview together with Timur Khasanov-Batirov (the Netherlands), Co-founder of Dutch Compliance Club. This particular talk focused on topics such as top priorities for compliance officers, the implementation of compliance programs, current trends in large organisations, and ESG. 

Hi Timur. You’re a recognised expert in compliance, co-founder of Dutch Compliance Club. Please share with us your view on top priorities that compliance officers definitely don’t want to miss this year, given the macroeconomic situation and current risk background in Europe. 

Timur Khasanov-Batirov : “I would highly recommend Compliance Officers in Europe to pay attention to the following risks.

Firstly, that would be compliance with sanction regime. The number of sanctions against Iran, Russia and few other ex-Soviet states is constantly increasing. Even for practitioners like myself who used to work in the Eurasian region sometimes it is difficult to monitor all updates. On top of that we have a significant regulatory trend both in the US and the EU on setting export controls that should be also observed by the European companies. Strengthening measures of regulatory bodies aimed on prevention of sanctions circumvention push compliance practitioners to ensure effective sanctions compliance for their companies globally.

Secondly, please pay attention to ESG. Currently probably there are more questions than answers on how the effective ESG framework could be set in the companies. However, we have a very tight deadlines on start of making disclosures per CSRD.

Thirdly, anticorruption. Per my conversation with the compliance officers of international companies that are headquartered in Europe I have noticed that this risk is viewed not always with attention it desires. Probably the US Foreign Corrupt Practices Act which is the most active cross-border enforcement instrument is viewed as something distant and not relevant to the EU businesses. It is a big mistake that can lead to a very painful experiences should the European company has a nexus to the US.

Fourth, GDPR. I have seen across the EU different approaches to implementation of data privacy rules in the companies ranging from ‘paper compliance’ to extremely advanced data privacy controls. I believe the number of fines and enforcement actions in data privacy will be increasing first of all for hi-tech and healthcare companies. So I recommend to check if you have adopted an adequate measures on compliance with GDPR and similar foreign laws in cases when your company has subsidiaries abroad.

Number five in my list is compliance with competition laws. Specifically it becomes important if you have businesses in few nations. To start with the regulatory regimes might vary from country to country so your sales teams have to know what is allowed and what’s not. On top of that sometimes country managers might not realise their accountability to ensure compliance with applicable laws. These factors might lead to significant problems.”

What could be the obstacles to implement compliance programs and related action points? And what solutions should compliance officers focus on, to overcome those?

Timur Khasanov-Batirov : “Sometimes companies do not have compliance programs as such. Compliance officers do certain compliance related work like internal investigations but there is no a comprehensive set of compliance controls that form a corporate compliance program. The same situation might take place in situation when technically compliance program exists on paper but still is not implemented. Why does it happen? The answer is pretty simple. The majority of compliance officers have legal background so they are focused on relatively clear to them compliance activities as drafting anticorruption clauses or policies.

What is missing is internal controls mindset which is essential base for setting and effective compliance programs aimed on prevention of breaches. Thus, trainings for personnel, engagement of senior management, incorporation of controls in business processes along with other elements are mandatory arrangements which are needed to form an effective compliance program in organisation.”

I know that you have substantial prior experience with emerging markets, combined with current experience in the Netherlands and Western Europe in a wider perspective. What would be the differences in approach and perspectives that compliance officers in these geographies have? Perhaps there are other important factors that compliance officers have to consider?

Timur Khasanov-Batirov : “I might sound a bit provocative but the difference lies not in geographies, but in corporate cultures. Another important factor is maturity level of the control environment in the organisation. Another critically important matter is the positioning of the Chief Compliance Officer. It should be a trustworthy and experienced professional to bring changes in the organisation no matter where it has its HQ. The question of getting trust from the top management and personnel is extremely important for compliance officer in any country. I fully share this idea expressed by my friend Thomas Fox in one of our joint compliance podcasts a few years ago.

Another significant change that I have been observing last 10 years is an increasing difference between different generations of employees. So it might be that people of the younger age  from various countries have much more in common regarding views for example on what constitutes harassment than their older compatriots.”

Current trends in larger organisations are that compliance professionals typically pooled in one unit, working closer together and being interchangeable covering regions of one another, if support is needed. What would be the recipe for successful cooperation between Compliance professionals from these regions to ensure effectiveness and synergies?

Timur Khasanov-Batirov : “With regards to teamwork in compliance teams, I would emphasise the necessity to hear each other out. Every country and every single corporate culture in its subsidiary have their own specifics. Talk to each other more often to learn best practices and find out what really matters in different offices as this knowledge might be of use to you as well.

In the case when compliance officers become accountable for a new region, I think the key to success is constant communications with stakeholders and country leads. Another important thing is the positioning of compliance officers. If he or she is viewed as a person who is eager to help, that will make all integrity efforts more effective.”

The topic of ESG is actively gaining traction recently in Europe, but also globally. From your perspective, what should the role of compliance officers be in defining ESG strategies and implementing those in organisations? 

Timur Khasanov-Batirov : “Compliance officers should take a leading role in helping businesses to design and implement effective disclosure, internal controls and risk management mechanisms per ESG requirements. While the substance of disclosing aspects vary from ecological matters to fighting corruption, in my view compliance people are in position to suggest effective solutions to their organisations regarding effective reporting and corporate governance measures.

Recently, I have participated in a panel dedicated to ESG at one of the conferences. The very shocking outcome was that compliance practitioners in many cases are not aware for example about CSRD and forthcoming ESRS standards. My volunteering activities will be focused on raising awareness among compliance, legal and internal controls practitioners about their roles in effective ESG management at their respective organisations. We have a long and challenging way ahead.

However, ESG is a noble goal so I encourage ESG practitioners in the Netherlands and EU to get in contact with me (Timur Khasanov-Batirov | LinkedIn) for making steps towards ESG goals in a joint journey.”

The author, Alex Movchan CIA CICA CFE is the President of the Institute for Internal Controls – Central and Eastern Europe. He is also the Chief Risk Officer in a global medical devices company and a blogger for the English language website of the Risk & Compliance Platform Europe.

  • Michael van Woerden

    Many thanks for sharing your constructive observations. I remember from the start of the Compliance industry about 20 years ago that the need for integrated risk management and related reporting was an important driver for alignment and team-up by Compliance to gain more impact. The focus however was on the own organisation and senior management ‘only’ . A major shift now is the need for transparency to meet demands of external stakeholders and society as a whole on ESG matters. This should make the program stronger and much more ‘stakeholder driven’. The next important step – in my view – should be that governments and (other) large tendering parties do reward companies for a proven strong ESG compliance performance. This is increasingly the case already for investments in safety and care for the corporate environmental footprint. This might become another game changer for Compliance… Michael van Woerden (DeComplianceMonitor)

Leave a Reply

Your email address will not be published. Required fields are marked *