Regulatory compliance

From Wikipedia, the free encyclopedia

Jump to: navigation <#mw-navigation>, search <#p-search>
"Compliance (regulation)" redirects here. For other uses, see Compliance
(disambiguation) </wiki/Compliance_(disambiguation)>.
</wiki/File:Question_book-new.svg>
This article *needs additional citations for verification
</wiki/Wikipedia:Verifiability>*. Please help improve this article
<//en.wikipedia.org/w/index.php?title=Regulatory_compliance&action=edit>
by adding citations to reliable sources
</wiki/Help:Introduction_to_referencing/1>. Unsourced material may be
challenged and removed. /(February 2012)/
In general, *compliance* means conforming to a rule, such as a
specification, policy </wiki/Policy>, standard or law. *Regulatory
compliance* describes the goal that organisations aspire to achieve in
their efforts to ensure that they are aware of and take steps to comply
with relevant laws </wiki/Law> and regulations </wiki/Regulations>.
Due to the increasing number of regulations and need for operational
transparency, organizations are increasingly adopting the use of
consolidated and harmonized sets of compliance controls.^[1]
<#cite_note-1> ^[2] <#cite_note-2> This approach is used to ensure that
all necessary governance requirements can be met without the unnecessary
duplication of effort and activity from resources.
Contents
[hide <#>]
*
*
*
*
*
*
*
*
*
*

1 Standards and regulations <#Standards_and_regulations>

2 USA <#USA>
3 UK <#UK>
4 Australia <#Australia>
5 Canada <#Canada>
6 Challenges <#Challenges>
7 Definitions Related to Compliance <#Definitions_Related_to_Compliance>
8 See also <#See_also>
9 References <#References>
10 External links <#External_links>
Standards and regulations[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=1>]

The International Organization for Standardisation

</wiki/International_Organization_for_Standardisation> (ISO) produces
international standards such as ISO17799 </wiki/ISO17799>. The
International Electrotechnical Commission
</wiki/International_Electrotechnical_Commission> (IEC) produces
international standards in the electrotechnology
</wiki/Electrotechnology> area.
Some local or international specialized organizations such as the
American Society of Mechanical Engineers
</wiki/American_Society_of_Mechanical_Engineers> (ASME) also develop
standards and regulation codes. They thereby provide a wide range of

rules and directives to ensure compliance of the products to safety,

security or design standards.^[3] <#cite_note-3>
There are a number of other regulations which apply in different fields,
such as PCI-DSS </wiki/PCI-DSS>, GLBA </wiki/GLBA>, FISMA </wiki/FISMA>,
Joint Commission </wiki/Joint_Commission> and HIPAA </wiki/HIPAA>. In
some cases other compliance frameworks (such as COBIT </wiki/COBIT>) or
standards (NIST </wiki/NIST>) inform on how to comply with the regulations.
USA[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=2>]
Corporate scandals and breakdowns such as the Enron </wiki/Enron> case
of reputational risk </wiki/Reputational_risk> in 2001 have highlighted
the need for stronger compliance and regulations for publicly listed
companies. The most significant regulation in this context is the
SarbanesOxley Act </wiki/Sarbanes%E2%80%93Oxley_Act> developed by two
U.S. congressmen, Senator Paul Sarbanes </wiki/Paul_Sarbanes> and
Representative Michael Oxley </wiki/Michael_Oxley> in 2002 which defined
significantly tighter personal responsibility of corporate top
management for the accuracy of reported financial statements.
The Office of Foreign Assets Control (OFAC) </wiki/OFAC> is an agency of
the United States Department of the Treasury under the auspices of the
Under Secretary of the Treasury for Terrorism and Financial
Intelligence. OFAC administers and enforces economic and trade sanctions
based on U.S. foreign policy and national security goals against
targeted foreign states, organizations, and individuals.
Compliance in the USA generally means compliancy with laws and
regulations. These laws can have criminal or civil penalties or can be
regulations. The definition of what constitutes an effective compliance
plan has been elusive. Most authors, however, continue to cite the
guidance provided by the United States Sentencing Commission
</wiki/United_States_Sentencing_Commission> in Chapter 8 of the Federal
Sentencing Guidelines.^[4] <#cite_note-4> ^[/citation needed
</wiki/Wikipedia:Citation_needed>/]
On October 12, 2006, the U.S. Small Business Administration
</wiki/Small_Business_Administration> re-launched Business.gov
</wiki/Business.gov> (new Business.USA.gov)^[5] <#cite_note-5> which
provides a single point of access to government services and information
that help businesses comply with government regulations.
UK[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=3>]
There is considerable regulation in the UK, some of which is from EU
legislation. Various areas are policed by different bodies, such as the
FCA (Financial Conduct Authority </wiki/Financial_Conduct_Authority>),
Environment Agency </wiki/Environment_Agency> and Scottish Environment
Protection Agency </wiki/Scottish_Environment_Protection_Agency>,
Information Commissioner's Office
</wiki/Information_Commissioner%27s_Office> and others.
Important compliance issues for all organisations large and small
include the Data Protection Act 1998 </wiki/Data_Protection_Act_1998>
and, for the public sector, Freedom of Information Act 2000

</wiki/Freedom_of_Information_Act_2000>.
The UK Corporate Governance Code (formerly the Combined Code) is issued
by the Financial Reporting Council </wiki/Financial_Reporting_Council>
(FRC) and sets out standards of good practice in relation to board
leadership and effectiveness, remuneration, accountability and relations
with shareholders. All companies with a Premium Listing of equity shares
in the UK are required under the Listing Rules to report on how they
have applied the Combined Code in their annual report and accounts (The
Codes are therefore most similar to the US' Sarbanes-Oxley Act).
Australia[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=4>]
Standards Australia </wiki/Standards_Australia> revised the standard
titled "AS 3806 - Compliance Programs". While many aspects of the
original standard produced in 1998 standard appear in the 2006 version
there are additional principles covered. The regulators in Australia
</wiki/Australia> continue to endorse and encourage (by regulation) the
use of the standard when establishing a compliance framework.
The regulators are the Australian Securities and Investment Commission
</wiki/Australian_Securities_and_Investment_Commission> and the
Australian Prudential Regulation Authority
</wiki/Australian_Prudential_Regulation_Authority> (APRA).
Compliance demands in the superannuation industry continue to increase
due to the new licensing regime implemented by APRA. The new licensing
regime requires trustees of superannuation funds to demonstrate to APRA
that they have adequate resources (human, technology and financial),
risk management systems and appropriate skills and expertise to manage
the superannuation fund. The licensing regime has lifted the bar for
superannuation trustees with a significant number of small to medium
size superannuation funds exiting the Industry due to the increasing
risk and compliance demands.
Canada[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=5>]
See Keeping the Promise for a Strong Economy Act (Budget Measures), 2002
</wiki/Keeping_the_Promise_for_a_Strong_Economy_Act_(Budget_Measures),_2002>,
commonly known as C-SOX or "Bill 198".
Challenges[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=6>]
Data retention is a part of regulatory compliance that is proving to be
a challenge in many instances. The security that comes from compliance
with industry regulations can seem contrary to maintaining user privacy.
Data retention laws and regulations ask data owners and other service
providers to retain extensive records of user activity beyond the time
necessary for normal business operations. These requirements have been
called into question by privacy rights advocates.^[6] <#cite_note-6>
Compliance in this area is becoming very difficult. Laws like the
CAN-SPAM Act </wiki/CAN-SPAM_Act> and Fair Credit Reporting Act
</wiki/Fair_Credit_Reporting_Act> in the U.S. require that businesses

give people the right to be forgotten. In other words, they must

remove individuals from marketing lists if it is requested, tell them
when and why they might share personal information with a third party,
or at least ask permission before sharing that data. Now, with new laws
coming out that demand longer data retention despite the individuals
desires, it can create some real difficulties.
Definitions Related to Compliance[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=7>]
*Compliance data* is defined as all data belonging or pertaining to
enterprise or included in the law, which can be used for the purpose of
implementing or validating compliance. It is the set of all data that is
relevant to a governance officer or to a court of law for the purposes
of validating consistency, completeness, or compliance
See also[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=8>]
* China Compulsory Certificate </wiki/China_Compulsory_Certificate>
* Business Motivation Model </wiki/Business_Motivation_Model>. A
standard for recording governance and compliance activities
* Call Report </wiki/Call_Report>
* Chief compliance officer </wiki/Chief_compliance_officer>
* Governance, Risk Management, and Compliance
</wiki/Governance,_Risk_Management,_and_Compliance>
* Compliance and ethics program </wiki/Compliance_and_ethics_program>
* Enforcement </wiki/Enforcement>
* Health Care Compliance Association
</wiki/Health_Care_Compliance_Association>
* Law enforcement agency </wiki/Law_enforcement_agency>
* Law enforcement templates by country or region
</wiki/Category:Law_enforcement_templates_by_country_or_region>
* Society of Corporate Compliance and Ethics
</wiki/Society_of_Corporate_Compliance_and_Ethics>
References[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=9>]
1. *Jump up ^ <#cite_ref-1>* /Integrated Governance, Risk, and
Compliance Standard Terminology List/
<http://www.integrated-grc.com/Terminology.php#IntegratedAudits> ^[/dead
link </wiki/Wikipedia:Link_rot>/]
2. *Jump up ^ <#cite_ref-2>* Silveira, P., Rodriguez, C., Birukou, A.,
Casati, F., Daniel, F., D Andrea, V., Worledge & C., Zouhair, T.
(2012), /Aiding Compliance Governance in Service-Based Business
Processes/
<http://www.igi-global.com/chapter/handbook-research-service-oriented-system
s/60900>,
IGI Global, pp. 524548
3. *Jump up ^ <#cite_ref-3>* Boiler and Pressure Vessel Inspection
According to ASME
<http://www.tuv.com/en/corporate/business_customers/plants_machinery_1/press
ure_equipment_2/asme_1/asme.html>
4. *Jump up ^ <#cite_ref-4>* USSC.gov
<http://www.ussc.gov/orgguide.htm>^[/dead link
</wiki/Wikipedia:Link_rot>/]

5. *Jump up ^ <#cite_ref-5>* Business.USA.gov

<http://www.business.USA.gov/>
6. *Jump up ^ <#cite_ref-6>* "Compliance Challenge: Privacy vs.
Security"
<http://content.dell.com/us/en/enterprise/d/large-business/challenge-privacy
-vs-security.aspx>.
Dell.com. Retrieved 2012-06-19.
Regulatory Compliance Terminology
<http://www.lombardrisk.com/blog/regulatory-compliance-terminology>
External links[edit
</w/index.php?title=Regulatory_compliance&action=edit&section=10>]
* Business.USA.gov <http://www.business.USA.gov/>, Official U.S.
Government Portal for Complying with Regulations.
* European Project COMPAS <http://www.compas-ict.eu>, European Project
COMPAS - Compliance-driven Models, Languages, and Architectures for
Services; funded by the EU 7th Framework Programme Information and
Communication Technologies Objective.
* Do you comply? <http://www.microtool.de/en/project-management/comply/>
Retrieved from
"http://en.wikipedia.org/w/index.php?title=Regulatory_compliance&oldid=633850306
"
Categories </wiki/Help:Category>:
* Regulatory compliance </wiki/Category:Regulatory_compliance>
Hidden categories:
* All articles with dead external links
</wiki/Category:All_articles_with_dead_external_links>
* Articles with dead external links from February 2012
</wiki/Category:Articles_with_dead_external_links_from_February_2012>
* Articles needing additional references from February 2012
</wiki/Category:Articles_needing_additional_references_from_February_2012>
* All articles needing additional references
</wiki/Category:All_articles_needing_additional_references>
* All articles with unsourced statements
</wiki/Category:All_articles_with_unsourced_statements>
* Articles with unsourced statements from February 2012
</wiki/Category:Articles_with_unsourced_statements_from_February_2012>
Navigation menu
Personal tools
* Create account
</w/index.php?title=Special:UserLogin&returnto=Regulatory+compliance&type=si
gnup>
* Log in
</w/index.php?title=Special:UserLogin&returnto=Regulatory+compliance>
Namespaces

* Article </wiki/Regulatory_compliance>
* Talk </wiki/Talk:Regulatory_compliance>
Variants<#>
Views
* Read </wiki/Regulatory_compliance>
* Edit </w/index.php?title=Regulatory_compliance&action=edit>
* View history </w/index.php?title=Regulatory_compliance&action=history>
More<#>
Search
</wiki/Main_Page>
Navigation
*
*
*
*
*
*

Main page </wiki/Main_Page>

Contents </wiki/Portal:Contents>
Featured content </wiki/Portal:Featured_content>
Current events </wiki/Portal:Current_events>
Random article </wiki/Special:Random>
Donate to Wikipedia
<https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=d
onate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en>
* Wikimedia Shop <//shop.wikimedia.org>
Interaction
*
*
*
*
*

Help </wiki/Help:Contents>
About Wikipedia </wiki/Wikipedia:About>
Community portal </wiki/Wikipedia:Community_portal>
Recent changes </wiki/Special:RecentChanges>
Contact page <//en.wikipedia.org/wiki/Wikipedia:Contact_us>
Tools

* What links here </wiki/Special:WhatLinksHere/Regulatory_compliance>

* Related changes
</wiki/Special:RecentChangesLinked/Regulatory_compliance>
* Upload file </wiki/Wikipedia:File_Upload_Wizard>
* Special pages </wiki/Special:SpecialPages>
* Permanent link
</w/index.php?title=Regulatory_compliance&oldid=633850306>
* Page information </w/index.php?title=Regulatory_compliance&action=info>
* Wikidata item <//www.wikidata.org/wiki/Q626741>
* Cite this page
</w/index.php?title=Special:CiteThisPage&page=Regulatory_compliance&id=63385
0306>

Print/export
* Create a book
</w/index.php?title=Special:Book&bookcmd=book_creator&referer=Regulatory+com
pliance>
* Download as PDF
</w/index.php?title=Special:Book&bookcmd=render_article&arttitle=Regulatory+
compliance&oldid=633850306&writer=rdf2latex>
* Printable version
</w/index.php?title=Regulatory_compliance&printable=yes>
Languages
* Deutsch <//de.wikipedia.org/wiki/Compliance_(BWL)>
*
<//ko.wikipedia.org/wiki/%EC%BB%B4%ED%94%8C%EB%9D%BC%EC%9D%B4%EC%96%B8%EC%8A
%A4>
* Bahasa Indonesia <//id.wikipedia.org/wiki/Kepatuhan>
* Italiano <//it.wikipedia.org/wiki/Compliance_normativa>
* Nederlands <//nl.wikipedia.org/wiki/Compliance>
*
<//ja.wikipedia.org/wiki/%E4%BC%81%E6%A5%AD%E3%82%B3%E3%83%B3%E3%83%97%E3%83
%A9%E3%82%A4%E3%82%A2%E3%83%B3%E3%82%B9>
* Polski <//pl.wikipedia.org/wiki/Compliance>
* Portugus <//pt.wikipedia.org/wiki/Compliance>
*
<//ru.wikipedia.org/wiki/%D0%9A%D0%BE%D0%BC%D0%BF%D0%BB%D0%B0%D0%B5%D0%BD%D1
%81>
* <//zh.wikipedia.org/wiki/%E5%AE%88%E8%A7%84>
Edit links <//www.wikidata.org/wiki/Q626741#sitelinks-wikipedia>
* This page was last modified on 14 November 2014 at 20:02.
* Text is available under the Creative Commons Attribution-ShareAlike
License
<//en.wikipedia.org/wiki/Wikipedia:Text_of_Creative_Commons_Attribution-Shar
eAlike_3.0_Unported_License><//creativecommons.org/licenses/by-sa/3.0/>;
additional terms may apply. By using this site, you agree to the
Terms of Use <//wikimediafoundation.org/wiki/Terms_of_Use> and
Privacy Policy <//wikimediafoundation.org/wiki/Privacy_policy>.
Wikipedia is a registered trademark of the Wikimedia Foundation,
Inc. <//www.wikimediafoundation.org/>, a non-profit organization.
*
*
*
*
*

Privacy policy <//wikimediafoundation.org/wiki/Privacy_policy>

About Wikipedia </wiki/Wikipedia:About>
Disclaimers </wiki/Wikipedia:General_disclaimer>
Contact Wikipedia <//en.wikipedia.org/wiki/Wikipedia:Contact_us>
Developers
<https://www.mediawiki.org/wiki/Special:MyLanguage/How_to_contribute>
* Mobile view
<//en.m.wikipedia.org/w/index.php?title=Regulatory_compliance&mobileaction=t
oggle_view_mobile>
* Wikimedia Foundation <//wikimediafoundation.org/>
* Powered by MediaWiki <//www.mediawiki.org/>