Compliance function transformation

In an era marked by rapid change and unprecedented complexity in Saudi Arabia, the landscape of regulatory compliance is evolving at an extraordinary pace driven by Vision 2030 initiatives and programs, economic diversification efforts, regulatory reforms, along with the focus to align with international standards.

As Saudi Arabia economy expands further, more organizations have been established within the public and private sectors, and many multinational businesses have established their presence in the Kingdom. Thus, the oversight role of regulators has become more critical to interpret the legal requirements and regulations in addition to the enforcement of compliance with such regulations.

This publication focuses on the need for organizations and more specifically compliance functions to transform in response to the rapid changes regulatory frameworks and compliance obligations. In doing so, entities in the private and public sectors are evaluating their current compliance practices to define and initiate their transformation journey.

Enterprise versus regulatory compliance

Compliance functions are typically focused on ensuring adherence to regulatory requirements and obligations which are applicable to the organization’s mandate. Complying with external obligations (such as laws, regulations, royal decrees and other directions from regulatory bodies) is considered mandatory.

Organizations may also opt for compliance functions to focus on ensuring adherence to internal compliance matters such as the policies, procedures and processes. However, this is not considered a common practice and is classified as ‘voluntary’ compliance rather than mandatory as per ISO 37301 – Compliance Management System.

To decide on the coverage of compliance function mandate, few points should be considered and those include:

settings

Specialization

Having a specialized team focusing on regulatory compliance and operational team focusing on policies, procedures and processes will enhance credibility, accuracy and relevance of conclusions on status of compliance.

dynamic_feed

Efforts overlap

If compliance takes on regulatory and enterprise-wide compliance including policies and procedures, there might be efforts overlapping with other assurance functions such as risk management, quality and operational excellence, internal audit, etc.

av_timer

Effective utilization of resources and time

Absence or ineffective management of overlapping possibilities will lead to ineffective utilization of resources and time across assurance providers. In addition, this will also potentially lead to extensive time investment from management to address requirements on similar subjects.

verified_user

ISO 37301:2021 Compliance Management System

ISO compliance status remains intact if the compliance function primarily takes responsibility for ensuring adherence to external obligations, while the quality or operational excellence functions remain responsible for ensuring adherence with internal policies, procedures and processes.