36601078


Compliance Manager

This section provides guidance in relation to the appointment by an organisation of a compliance manager (Measure 5 of the Anti-Corruption Programme for Organisations).

A manager or a management function should be given the responsibility for overseeing the effective development and implementation of the anti-corruption programme.  This oversight responsibility of the compliance manager is separate from:

  • the direct day-to-day management responsibility of department or function managers to ensure compliance by personnel within the organisation’s different departments or functions;
  • the individual responsibility of all personnel to conduct their activities in a manner which complies with the policy.

This compliance management responsibility can be on either a full-time or part-time basis, depending on the size of the organisation and the nature and extent of corruption risks which the organisation faces.

In a small organisation, the compliance manager is likely to be one person who is assigned the responsibility on a part-time basis, and who can combine this responsibility with other responsibilities. In this case, care should be taken to ensure that the other responsibilities of the compliance manager could not conflict with the compliance responsibilities.  For example, it would probably be inappropriate for the organisation’s sales director also to manage the compliance function, as the pressure to sell can often conflict with the need for compliance.  It is better for a non-operational role, such as finance director, or in-house lawyer, to hold the role of compliance manager in addition to their finance or legal responsibilities.  In a very small organisation, it may be impossible to avoid some conflict of roles, in which case the appropriate person must to the best of her/his ability separate their operational responsibilities from their compliance responsibilities so as to be impartial.

Where the compliance work load is sufficiently large, or the organisation’s corruption risk is sufficiently high, one full-time manager may be assigned by the organisation to the compliance manager role.

In large organisations, there may be a compliance function, rather than one manager, which is staffed by several people.

Some organisations may appoint a compliance committee to assume the compliance responsibility.

The compliance manager role, or compliance function, should be undertaken by personnel who have the appropriate competence, status, authority and independence.

  • Competence means that the relevant person(s) assigned the compliance responsibility must have the personal ability to deal with the requirements of the role, and the willingness and enthusiasm to learn about the role and perform it appropriately.  As this role is relatively new, and there is only a small pool of people with prior experience of it, the person does not need to have prior experience of such a role.
  • Status means that the relevant person(s) assigned the compliance responsibility must be sufficiently senior in the organisation that other personnel will listen to and respect the person’s opinions.
  • Authority means that the relevant person(s) assigned the compliance responsibility must be granted sufficient authority by the board so as to be able to undertake the compliance responsibilities effectively.
  • Independence means that the relevant person(s) assigned the compliance responsibility must as far as possible not be personally involved in the activities of the organisation which are exposed to corruption risk (see comments above on conflict).

The compliance manager should have direct access to the board in order to communicate relevant information. The compliance manager should not have to report to another manager in the chain who then reports to the board, as this increases the risk that the message given by the compliance function is not fully or clearly received by the board.

The responsibilities of the compliance manager should include:

  • overseeing the design and development of the anti-corruption programme;
  • developing or approving the core procedure documents which form part of the anti-corruption programme;
  • overseeing implementation of the anti-corruption programme by the organisation;
  • overseeing compliance by personnel with the anti-corruption policy and anti-corruption programme;
  • ensuring that the anti-corruption policy and anti-corruption programme are consistent with good practice, and aid compliance with all relevant laws;
  • providing advice and guidance to personnel on the anti-corruption policy and anti-corruption programme and issues relating to corruption;
  • monitoring the effectiveness of the anti-corruption programme;
  • recommending necessary improvements to the anti-corruption programme, and ensuring that these improvements are implemented;
  • communicating as appropriate with the board and relevant senior management on compliance risks and issues;
  • leading or co-ordinating compliance investigations.

Where the organisation comprises more than one independently managed organisation (such as a subsidiary company, or a joint venture which it controls), then the board should ensure that a suitably qualified or experienced manager is appointed within each such organisation as responsible for overseeing compliance with the anti-corruption policy and anti-corruption programme within each such organisation.

The name, e-mail address and telephone number of the compliance manager should be communicated to all relevant personnel, and be published on the organisation’s web-site (if it has one).

The anti-corruption responsibilities of the compliance manager, and of any other manager appointed to the compliance department, should be set out in their terms of appointment.  See sample Compliance Manager Scope of Work.

The appointment of the compliance manager should be confirmed by board resolution.  See sample Board Resolution (paragraph 5)

Implementation checklist for Measure 5

  1. The organisation should assess whether the work likely to be required of the compliance manager means that a part time or full time appointment is necessary, or whether, in a large organisation, a compliance function with more than one person is necessary.
  2. The organisation should identify a person(s) of appropriate competence, status, authority and independence to assume the compliance manager role or function.
  3. The Board should agree the scope of work of the compliance manager or function (see sample Compliance Manager Scope of Work).
  4. The Board should appoint the compliance manager or function to implement the agreed scope of work.
  5. The Board should pass a resolution (at a meeting or by a signed resolution) (see paragraph 5 of sample Board Resolution) which agrees and records the appointment of the compliance manager or function.  [This resolution can deal with measures 1, 2, 3 and 5 of the anti-corruption programme, or separate resolutions can be passed].
  6. The name, e-mail address and telephone number of the compliance manager or function should be communicated to all relevant personnel, and should be published on the organisation’s web-site (if it has one).
  7. The compliance manager or function should commence the agreed scope of work.

Updated on 10th April 2020

© GIACC