Compliance registers are simple documents used to record certain employee actions or incidents. They are a vital source of evidence in the regulatory compliance process.
Whether it be offering gifts, hospitality, or more serious compliance breaches, recording such occurrences and the subsequent actions taken is an important means of supporting staff compliance.
Documenting events and actions will protect organisations and employees from the risk of allegations of improper conduct.
Examples of key compliance registers
The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) requires organisations of 10 or more employees to keep an up-to-date and readily available accident book or electronic equivalent.
The Health and Safety Executive (HSE) states that organisations must record work-related accidents to employees and 'non-workers' and document dangerous occurrences (near misses).
Failing to report accidents under RIDDOR may result in custodial prison sentences of up to 2 years for the responsible persons and an unlimited fine for the business.
Compliance breach log
A compliance breach occurs when an employee fails to comply with established company policies or regulatory guidelines.
Breaches can result from human error, technical issues or deliberate malfeasance. Employees must report any breach or misconduct in a log to maintain a record of events.
GDPR breach notification log
All organisations must report certain personal data breaches to The Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
In addition, organisations must record any personal data breaches, regardless of whether or not their severity warrants notifying the ICO.
GDPR breach fines from the ICO can reach up to £8.7 million or 2% of global turnover if the breach is not reported within the allowable time.
Organisations must have a robust breach-reporting process to detect and notify breaches on time and provide necessary details.
Gifts & hospitality register
Organisations should have policies in place for staff to follow when giving or receiving gifts and hospitality. Gifts or hospitality must not be offered or accepted to influence a business decision.
So recording such offers in a register of gifts and hospitality is essential to complying with anti-bribery law.
The Bribery Act 2010 states that companies must consider three key factors to identify whether a gift is acceptable: intention, value and timing. There is no limit to the acceptable value of gifts, and common-sense judgment is required. That's why it is important to record gifts to evidence such decision-making.
The repercussions for breaching anti-bribery law range in scale and scope depending on the violation, and fines may be imposed on an individual or organisational level.
One example is Airbus, which paid €3.6bn to settle the largest-ever corporate bribery case after admitting to paying bribes to win contracts in 20 countries.
Who completes compliance registers & how often?
A compliance register is required to identify, assess, record and report breaches of compliance obligations.
These compliance registers should be reviewed every 6 to 12 months to accurately reflect company and regulatory policy. All employees are required to report any action on a compliance register if the action falls within the registry policy scope.
For example, every employee is required to declare an offer of a gift or hospitality, regardless of value, whether they accept the offering or not.
By ensuring staff document each event, compliance managers can produce a full audit trail of employee compliance and evidence of staff behaviour in line with company policy.
Manual compliance registers
It is common practice for managers to create and distribute compliance registers via email or physical documents.
Considering the frequency with which these documents need to be updated, distributed and collected, this manual method is neither sustainable nor economical. And what happens if it is lost, damaged or destroyed?
Moreover, compliance registers can often highlight events that require immediate attention, and managers cannot afford to be late to raise actions as this can result in regulatory penalties.
Reviewing compliance registers manually also increases the risk of human error. Sending and receiving these documents via email or physical post can cause them to be lost or missed amongst the reams of documents managers encounter.
Remote/hybrid working has heightened these risks. With the labour force spread across countries and sometimes continents, the job of the compliance manager has become notably harder in terms of collecting timely submissions and spotting compliance breaches.
What is the benefit of online compliance registers?
RegTech solutions enable compliance registers to be created and completed online, mitigating the aforementioned issues associated with manual compliance.
a. Real-time customisation and completion
RegTech technologies allow compliance register data fields to be edited in real time to reflect business needs.
These alterations can be cascaded through the organisation to all devices instantly, making it far easier to keep compliance in line with evolving regulatory requirements.
Similarly, online compliance registers enable employees to register an entry via any device in real-time, removing the need for physical forms and reducing the risk of late submissions.
Once an entry has been completed, compliance managers can create parameters to monitor employees' entries automatically and generate appropriate actions.
An automated email function alerts line managers to any requests that need attention, and they can approve or deny requests and leave notes to give a transparent audit.
Online compliance register technology enables users to filter and view activity in a reporting console, making it easy to identify issues like multiple gifts given to a particular person or other instances of suspicious activity.
By utilising RegTech solutions to supplement workflows, organisations can free up time and resources to focus on other tasks while reducing the risk of human error.
c. Bulletproof audit trails
An online compliance register enables managers to maintain registry responses effortlessly, create audit trails and auto-generate reports.
This can be done for all entries by employees across an entire organisation, meaning managers can do away with physical documents or huge desktop folders in favour of a lean and efficient online solution.
Looking for more compliance insights?
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.