A company’s compliance programme should be tailored to the organisation’s strategy, says Sasol chief compliance and ethics officer Dr Yondela Ndema.
Discussing compliance strategy and corporate culture at the ninth Chartered Secretaries Southern Africa Corporate Governance conference, in Johannesburg, on Monday, she said Sasol’s compliance programme was aligned with the organisation's business model, strategy, priorities, group risks and organisational values.
“It is focused on operating model entity (OME) activities with the highest risks and prioritises these OMEs and functions to address critical business processes,” she said.
She added that it was also important to promote a compliant and ethical culture.
Ndema pointed out that Sasol has four major business units, which included operating business units, regional operating hubs, strategic business units and group functions.
“We don’t have a single business unit that doesn’t have a compliance officer,” she said.
She further noted that Sasol’s compliance programme was aligned with the organisation’s group risks, which included environmental legislation, antibribery and anticorruption legislation, data privacy laws and international sanctions.
Ndema pointed out that it was impossible to employ a one-size fits all approach to compliance, noting that, in 2012, the US Securities and Exchange Commission, together with the Department of Justice, published their first guidance document related to the Foreign Corrupt Practices Act, called ‘A Resource Guide to the US Foreign Corrupt Practices Act’.
The guide recommends a risk-based approach appropriate to the organisation's size and complexity, she said.
“Compliance programmes should be tailored to individual circumstances, and continually evolved and strengthened in light of the risks inherent to the organisation's business.”
She added that it was also crucial to focus on risk management, pointing out that regulators have emphasised the need for strong compliance programmes to be risk-based.
“This sort of programme focuses on risk management and not complete risk elimination,” she said.
“Good corporate citizenship is key. Ethical leadership and good governance are important in setting the ‘tone from the top’, thereby entrenching a culture of compliance,” she said.
She also noted the importance of stakeholder management and frequent engagements with regulators in countries where companies have operations, and treating regulators as business partners, rather than fostering adversarial relationships, was key.