When it comes to corporate compliance, this applies to the rules, regulations and practices an organization puts into place for compliance, this of course according to both external regulations and internal policies. On the other hand regulatory compliance applies to the rules, regulations and practices an organization puts into place for compliance, this only according to external regulations. We can see how both are very similar, and the main difference between them is whether their policies come from internal or external regulations.
There are two main types of compliance that denote where the framework is coming from: corporate and regulatory. Both consist of a framework of rules, regulations, and practices to follow
We can say that compliance is the process of comply with legal and regulatory requirements, industry standards, and community expectations. A business is compliant when it is operating in conformance with legal and regulatory requirements, industry standards, and community expectations.
Regulatory compliance can be a daunting task for any business, but it’s essential for operating legally and avoiding penalties, fines, or legal action. In this blog post, we’ll break down what regulatory compliance is and provide examples of similar regulations internationally.
Regulatory compliance refers to the process by which a company adheres to the complex rules, policies, and procedures that regulate business practices in a particular jurisdiction. This can include compliance with federal, state, and local laws, as well as industry—specific regulations. Compliance with these laws and regulations is often required in order to operate legally and avoid penalties, fines, or legal action.
To ensure compliance, businesses may need to implement policies, procedures, and controls, and conduct regular audits or reviews to ensure that they are in compliance. It’s also important for organizations to stay informed about changes in laws and regulations that may affect their operations.
Here are some examples of regulations that organizations may need to be compliant with:
- Sarbanes—Oxley Act of 2002 (United States). The Sarbanes—Oxley Act was enacted in response to the high—profile Enron and WorldCom financial scandals to protect shareholders and the public from accounting errors and fraudulent practices. Among other provisions, the law sets guidelines on storing and retaining business records in IT systems. Similar legislation in other countries includes Germany’s Deutscher Corporate Governance Kodex, and Australia’s Corporate Law Economic Reform Program Act 2004.
- Can Spam Act of 2003 (United States). The Can Spam Act requires businesses to label commercial emails as advertising, use legitimate return email addresses, provide recipients with opt—out options, and process opt—out requests within 10 business days.
- Health Insurance Portability and Accountability Act (HIPAA) of 1996 (United States). HIPAA Title II includes an administrative simplification section that mandates standardization of electronic health records systems and includes security mechanisms designed to protect data privacy and patient confidentiality.
- Dodd—Frank Act (United States). Passed in 2010, this act aims to reduce federal dependence on banks by subjecting them, to regulations that enforce transparency and accountability to protect customers.
- Payment Card Industry Data Security Standard (PCI DSS) (United States). PCI DSS is a set of policies and procedures created by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit, and cash card transactions.
- General Data Protection Regulation (GDPR) (European Union). GDPR is legislation that went into effect in the European Union in 2018 that updated and unified data privacy laws. The purpose of GDPR is to protect individuals and the data that describes them, and to ensure organizations that collect this data do so responsibly.
- Data Privacy Act (DPA) ( Philippines) The Data Privacy Act of 2012 is a law in the Philippines that regulates the collection, use, and storage of personal information. It is designed to protect the right of individuals to privacy and data protection.
- Personal Data Protection Act (PDPA) (Singapore) The Personal Data Protection Act (PDPA) is a data privacy law that regulates the collection, use, and disclosure of personal data. The PDPA was introduced in 2012 and came into full effect in 2014.
As a result, multinational organizations and companies that are looking to expand must be cognizant of the regulatory compliance requirements of each country they operate within. For example, GDPR applies to all organizations that are based outside the European Union, as long as they also operate in the EU.
As we can see, compliance can be a complex and ever-changing landscape. But by staying informed about the regulations that apply to your business and implementing policies, procedures, and controls, you can ensure compliance and avoid penalties, fines, or legal action.
Reducing the Risk of Policy Failure: Challenges for Regulatory … – OECD. https://www.oecd.org/gov/regulatory-policy/46466287.pdf.
Cole, Ben. “What Is Regulatory Compliance? – Definition from Techtarget.com.” CIO, TechTarget, 9 June 2022, https://www.techtarget.com/searchcio/definition/regulatory-compliance.
“What Is Regulatory Compliance and Why Is It Important?” PowerDMS, https://www.powerdms.com/policy-learning-center/what-is-regulatory-compliance-and-why-is-it-important.
“Data Protection under GDPR.” Your Europe, 7 June 2022, https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm.