You may have been using compliance registers at work without even realising. But they are vital in documenting breaches and mitigating fines.
Compliance registers are simple documents used to record certain employee actions or incidents. They are a vital source of evidence in the regulatory compliance process.
Whether it be offering gifts or hospitality or more serious compliance breaches, recording such occurrences and the subsequent actions taken is an important means of supporting staff compliance.
Documenting events and actions will protect organisations and employees from the risk of allegations of improper conduct.
Example of key compliance registers
The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) requires organisations of 10 or more employees to keep an up-to-date and readily available accident book or electronic equivalent.
The Health and Safety Executive (HSE) states that organisations must keep a record of work-related accidents to employees and ‘non-workers’ and document dangerous occurrences (near misses).
Failing to report accidents under RIDDOR may result in custodial prison sentences of up to 2 years for the responsible persons and an unlimited fine for the business.
Compliance breach log
A compliance breach occurs when an employee fails to comply with established company policies or regulatory guidelines.
Breaches can occur as a result of human error, technical issues or deliberate malfeasance. Employees are required to report any breach or misconduct in a log to maintain a record of events.
GDPR breach notification log
All organisations must report certain personal data breaches to The Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
In addition, organisations must record any personal data breaches, regardless of whether or not its severity warrants notifying the ICO.
GDPR breach fines from the ICO can reach up to £8.7 million or 2% of global turnover if the breach is not reported within the allowable time.
Organisations must have a robust breach-reporting process to detect and notify breaches on time and provide necessary details.
Gifts & hospitality register
Organisations should have policies in place for staff to follow when giving or receiving gifts and hospitality. Gifts or hospitality must not be offered or accepted as a means of influencing a business decision.
So recording such offers in a register of gifts and hospitality is an essential part of complying with anti-bribery law.
The Bribery Act 2010 states that three key factors should be considered to identify whether a gift is acceptable: intention, value and timing. There is no limit to the acceptable value of gifts, and common-sense judgement is required. That's why it is important to keep a record of gifts to evidence such decision making.
The repercussions for breaching anti-bribery law range in scale and scope depending on the violation, and fines may be imposed on an individual or organisational level.
One example is Airbus, which paid €3.6bn to settle the largest ever corporate bribery case after admitting to paying bribes to win contracts in 20 countries.
Who completes compliance registers & how often?
A compliance register is required to identify, assess, record and report breaches of compliance obligations.
These compliance registers should be reviewed every 6 to 12 months to reflect company and regulatory policy accurately. All employees are required to report any action on a compliance register if the action falls within the scope of the registry policy.
As an example, every employee is required to declare an offer of a gift or hospitality, regardless of value, whether they accept the offering or not.
By ensuring staff document each event as it happens, compliance managers can produce a full audit trail of employee compliance and evidence staff behaviour in line with company policy.
Manual compliance registers
It is common practice for managers to create and distribute compliance registers via email or physical documents.
Considering the frequency with which these documents need to be updated, distributed and collected, this manual method is neither sustainable nor economical. And what happens if it is lost, damaged or destroyed?
Moreover, compliance registers can often highlight events that require immediate attention, and managers cannot afford to be late to raise actions as this can result in regulatory penalties.
Reviewing compliance registers manually also increases the risk of human error. Sending and receiving these documents via email or physical post can cause them to be lost or missed amongst the reams of documents managers encounter.
The coronavirus pandemic and resulting remote/hybrid working have heightened these risks. With the labour force spread across countries and sometimes continents, the job of the compliance manager has become notably harder in terms of collecting timely submissions and spotting compliance breaches.
Benefits of online compliance registers
RegTech solutions enable compliance registers to be created and completed online, mitigating the aforementioned issues associated with manual compliance.
a. Real-time customisation and completion
RegTech technologies allow for compliance register data fields to be edited in real-time to reflect business needs.
These alterations can be cascaded through the organisation to all devices instantly, making it far easier to keep compliance in line with evolving regulatory requirements.
Similarly, online compliance registers enable employees to register an entry via any device in real-time, removing the need for physical forms and subsequently reducing the risk of late submissions.
Once an entry has been completed, compliance managers can create parameters to monitor employee’s entries automatically and generate appropriate actions.
An automated email function alerts line managers to any requests that need attention, and they can approve or deny requests and leave notes to give a transparent audit.
Online compliance register technology enables users to filter and view activity in a reporting console, making it easy to identify issues like multiple gifts given to a particular person or other instances of suspicious activity.
By utilising RegTech solutions to supplement workflows, organisations can free up time and resources to focus on other tasks while reducing the risk of human error.
c. Bulletproof audit trails
An online compliance register enables managers to maintain registry responses effortlessly, create audit trails and auto-generate reports.
This can be done for all entries by employees across an entire organisation, meaning managers can do away with physical documents or huge desktop folders in favour of a lean and efficient online solution.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!