Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.
Some organizations keep compliance data—all data belonging or pertaining to the enterprise or included in the law, which can be used for the purpose of implementing or validating compliance—in a separate store for meeting reporting requirements.
The ISO also produces international standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
[5] Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes.
They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards.
[8] These regulators help to ensure financial institutes meet their promises, that transactional information is well documented, and that competition is fair while protecting consumers.
[14][15] These groups protect consumers, regulate how risk is controlled and managed, and investigate illegal action such as money laundering and terrorist financing.
A common definition of compliance is:'Observance of external (international and national) laws and regulations, as well as internal norms and procedures, to protect the integrity of the organization, its management and employees with the aim of preventing and controlling risks and the possible damage resulting from these compliance and integrity risks'.
It administers the various statutes pertaining to money, banking, insurance, securities and the financial sector in general, as well as currency issuance.
Now, with new laws coming out that demand longer data retention despite the individual’s desires, it can create some real difficulties.
Money laundering and terrorist financing pose significant threats to the integrity of the financial system and national security.
Additionally, a lack of clear and consistent legal frameworks defining the roles and responsibilities of EU and national authorities in AML enforcement can lead to situations where accountability is difficult to establish.
Corporate scandals and breakdowns such as the Enron case of reputational risk in 2001 have increased calls for stronger compliance and regulations, particularly for publicly listed companies.
[1] The most significant recent statutory changes in this context have been the Sarbanes–Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significantly tighter personal responsibility of corporate top management for the accuracy of reported financial statements; and the Dodd-Frank Wall Street Reform and Consumer Protection Act.
[41] The United States Department of Transportation also has various laws and regulations requiring that prime contractors when bidding on federally funded projects engage in good faith effort compliance, meaning they must document their outreach to certified disadvantaged business enterprises.