Zhifengyun: In the construction of compliance, enterprises often face such a difficult problem, whether to establish a comprehensive compliance system or a special compliance system, that is, to choose large compliance or small compliance.
Author|Zhiben Consulting State-owned Enterprise Reform Data Center Bai Jiaxin
Responsible Editor|Billion Editor|Ah Ling
Especially compliance as a major project in the process of enterprise management, if starting from the construction of a comprehensive compliance system, the construction of a "large and complete" compliance management system, seems to face the dilemma that the input and output in a short time are not proportional, especially for most of the group's secondary and tertiary enterprises, not only consume a lot of time, energy, including manpower, resources, but also may not see the effect, so that compliance floats on the surface.
However, if we start from the construction of a special compliance system and build a "specialized and refined" management system, it seems that it is facing possible compliance omissions and management loopholes, especially if compliance management is going through a critical stage of development from small compliance to large compliance, will it contradict it.
How do you balance this compliance challenge? The answer is nothing more than six words:
One is to look at adaptation, the second is to look at matching, and the third is to look at maturity, and then comprehensively consider to find a balance between the two systems.
See if the scale adapts
How to solve it? Let's first look at a case study to see how this company handled this problem.
Enterprise A is a well-known world-class enterprise, in the early stage of compliance construction, it has established a "management-oriented" compliance system construction idea, from the four dimensions of compliance culture construction, resource investment, process system construction and professional ability improvement, to establish a top-down "big and complete" compliance management system.
However, as compliance governance enters the "deep water", this "compliance with the rules" thinking exposes more and more problems. Therefore, enterprise A gradually shifts its attention to compliance risks and forms a "risk-oriented" compliance management system.
Finally, Company A concentrated its compliance management system construction in three areas: export control, anti-commercial bribery and data protection, and established three special compliance management systems: export control compliance plan, anti-commercial bribery compliance plan and data protection compliance plan.
So far, we can see that A, as a large enterprise, has chosen to enter the "deep water area" of compliance governance on the basis of the existing "big and complete" compliance management system, built a special compliance system for its own business development, and gradually shifted the focus from "macroscopic daily prevention" to "concrete reality control" compliance management system construction.
For state-owned enterprises, it can be said that this model of "going to the deep water area" is not only in line with the needs of real business practice, but also in line with the compliance management policies advocated by many state-owned enterprises that have been introduced, and it is also in line with the future development trend of compliance management construction of state-owned enterprises, and truly realizes "based on formal compliance and paying attention to substantive compliance".
At present, with the deepening of compliance management, seventy percent of central enterprises have completed the construction of major compliance, basically realizing a more complete compliance system, smoother operation mechanism, a more sound responsibility system and a more solid work foundation.
Therefore, in this context, when large-scale group state-owned enterprises continue to further promote compliance management, they need to start from the vertical depth, subject relationship and business relevance of compliance management to judge the situation:
In terms of vertical depth, we should pay attention to the full coverage of all levels of compliance management.
On the one hand, subsidiaries usually have their own business scenarios, business volumes and business models, and the parent company's large and comprehensive compliance system may not be applicable to every subsidiary.
Therefore, it is necessary to avoid too much control concentrated in the parent company, resulting in untimely and incomplete identification of compliance risks, and inefficient compliance policies in the specific implementation process;
On the other hand, due to compliance risks in the subsidiary, the parent company may be exposed to the potential risk of joint and several liability. Therefore, it is necessary to avoid compliance risks caused by excessive decentralization and insufficient supervision.
In terms of subject relationship, it is necessary to clarify the relationship that "the group is the key, and the subordinate enterprises are the foundation".
Group-type state-owned enterprises shall, based on the larger system, guide their subordinate enterprises, explore the establishment of special compliance management that is more in line with different business development, formulate and optimize the compliance governance baseline of subsidiaries and set and optimize corresponding standards around the compliance governance construction goals of subsidiaries;
Subsidiaries can actively improve their ability to independently build a compliance system by formulating special compliance management rules, achieve independent and differentiated governance of compliance above the baseline, and be responsible for governance results.
In terms of business relevance, it should be noted that if it is a larger enterprise with more complex compliance risks like Company A above, it is necessary to consider building a sound compliance management system at the decision-making level, management level and executive level, and at the same time consider setting up full-time compliance liaison personnel in key areas;
For smaller enterprises with low compliance risk, relevant departments can be considered to perform compliance management duties.
Conversely, if the scale of the enterprise is small, the degree of business relevance is low, and it is difficult to adapt to large compliance, you can consider starting with the special compliance of the sub-enterprise.
Second, see whether the demand matches
How should we consider the specific architecture? If it is too complicated, it will lead to additional operating costs, and if it is too simple, it may create risks that cannot be controlled.
The answer to this question lies in - "whether the shoe fits or not, the foot has the final say". Let's take the complex architecture of group-subsidiary enterprises as an example to illustrate.
According to the two layers of the group and its subsidiaries, at the upper group level, the board of directors is the executive body, the management level and the compliance management committee (which can be independent or co-signed), and then the chief compliance officer and the compliance management department.
The setting of these three layers of defense and their responsibilities have been briefly discussed in the previous "Compliance Management System and Organizational System, "44533" Core Cheats", and I will not explain it here.
So at the sub-enterprise level, how to build?
First, the general law can be set and set up at two levels; Or set up compliance officers in different subsidiaries, through such settings, the group compliance officer and the compliance officer of the subsidiary enterprise form a vertical management relationship, and can also ensure the independence of corporate compliance to the greatest extent.
Second, special compliance management departments and business departments can be set up as needed. Among them, the setting of the compliance management department of the subsidiary enterprise needs to be set according to the scale of the enterprise, and the department can be set up for the large and the compliance officer can be selected for the small; The business unit is mainly responsible for enforcing compliance rules according to relevant policies and business risks, and reporting risk information.
In other words, the construction of the corporate compliance organizational structure should match the actual needs of the enterprise and be consistent with the business model of the enterprise.
The compliance management plan should cover all levels of the parent company and subsidiaries worldwide, it is recommended to form a classification and hierarchical compliance management plan for subsidiaries, a compliance management plan for the whole life cycle of subsidiaries, and further consider how to further clarify the positioning of parents and subsidiaries and achieve accurate compliance management.
Figure: Organizational system construction
Source: Zhiben Consulting
In practice, we also need to pay attention to the fact that the structure or position setting needs to be set up according to the enterprise business.
For example, enterprises operating globally, especially those whose business involves international sanctions and trade export controls, need to consider setting up a special sanctions list review position; If you are considering joining an international industry organization, you must respect the requirements of international acceptance.
Third, see whether the conditions are ripe
An enterprise's compliance management system needs to be adapted to the requirements of its risk prevention and control related systems, which means that when the construction of the compliance management system of the subsidiary enterprise becomes more mature, the subsidiary enterprise can consider establishing its own compliance management system.
Second, when conducting compliance management around subsidiaries, the Group needs to formulate and optimize the compliance governance baseline of the subsidiary and set and optimize the corresponding standards, help subsidiaries actively improve their ability to independently build a compliance system, achieve independent and differentiated governance of compliance above the baseline, and be responsible for the governance results.
This is an extremely important project, especially if there are multiple second-level and third-level subsidiaries under a group enterprise, in order to avoid waste of resources, it can be considered for trial implementation and comprehensive rollout.
In this regard, the practice of Beijing electronic control is worth learning:
In December 2020, the Beijing Municipal State-owned Assets Supervision and Administration Commission approved the "Beijing Electronic Control Compliance Management Pilot Plan" reported by Beijing Electronic Control, and Beijing Electronic Control fully launched the establishment of a compliance system.
With "1+4+N" as the main line, before 2022, four key enterprises in Beijing Electronic Control and listed companies BOE Technology Group Co., Ltd., North Huachuang Technology Group Co., Ltd., Beijing Electronics City High-tech Group Co., Ltd., and Yandong Microelectronics Co., Ltd., which is in the process of IPO, will first establish a compliance management system.
In 2022, all second-level units under Beijing Electronic Control began to establish a compliance management system to promote the basic coverage of the compliance system of second-level units.
Third, the compliance management of subsidiaries can usually adopt three modes: independent governance, differentiated governance, and control governance. But no matter what type, we need to be clear about the principle that "business management must manage compliance". Therefore, the construction of compliance management needs to be built from the bottom up and ensure that it is led by the group.
- Independent autonomy: build an independent compliance governance system, copy the parent company structure under its own compliance management committee, and improve compliance governance capabilities;
- Differentiated governance: While copying the compliance management structure of the parent company, it needs to make appropriate adjustments according to its own business characteristics to make it conform to its own development stage and development characteristics;
- Control model: The parent company provides advisory services to enhance supervision, evaluation, and disposal decisions. In the role of compliance consultant, the parent company provides compliance management tools, carries out subsidiary compliance training, compliance professional qualification certification and exchange activities, guides the preparation of compliance manuals, etc., and carries out subsidiary risk assessment and compliance inspection to guide subsidiaries to fill in gaps. The parent company imposes supervision on the subsidiary to ensure that compliance governance objectives are achieved.
Here we still take Beijing Electronic Control as an example to see its handling of the compliance construction relationship between the group and its subsidiaries:
According to the headquarters positioning of "control + empowerment", Beijing Electronic Control clarifies the two-level risk management responsibilities and establishes a coordination mechanism; Establish a two-level risk management checklist and develop coordinated responses.
The risks of Beijing electronic control system are based on full research, interviews, and reference to the risks that enterprises are concerned about, and form a system-level risk list. The risks of the affiliated enterprises fully reflect the risks that the system pays attention to, and at the same time, the risk list at the enterprise level is formed in combination with the industry situation.
Photo: Compliance construction of Beijing Electronic Control Group and its subsidiaries
Source: Zhiben Consulting
In general, the construction of a multi-layer compliance management system involves many entities and complex relationships, and the key problem-solving ideas need to comprehensively consider scale adaptation, demand matching and mature conditions, so as to find a balance between the two systems and continuously adjust dynamically.
Produced by Mixed Reform Fengyun New Media
Unauthorized reproduction is prohibited
Welcome to share to Moments