Share in shareholders & investors

What is compliance?

Find out what compliance is, how companies make sure their employees are up to date and what role it plays in the organisational culture of companies.

Lucia-Altamirano

Lucía Altamirano Follow

Reading time: 7 min

How would you define the role of Compliance in our organisation?

I would like to start by giving a brief definition. Compliance is, first and foremost, an organisational function and, like any function, it involves a series of activities aligned with responsibilities that are grouped together to achieve the objectives of the organisation.

Traditionally, we are familiar with the functions of finance, operations or marketing, for example. However, with the evolution of markets, digital disruption and society in general, new functions have emerged, such as Compliance.

At Telefónica, Compliance is a function that ensures that activities and businesses are carried out in accordance with the legal system, current regulations and the policies and procedures established in the company.

In my opinion, the role of Compliance is both strategic and operational. On the one hand, it is strategic because, in addition to the most recognised responsibility of ensuring the strengthening and improvement of ethical and business regulations and standards, it also:

  • It protects reputation and brand value.
  • reduces costs, avoiding fines, sanctions or remediation events.
  • increases the confidence of our customers, investors and stakeholders.
  • facilitates entry into new markets by demonstrating solid regulatory compliance practices.

And on the operational side, Compliance is integrated into the operation, it is incorporated into business processes, it implements and manages reporting channels that enable transparency, it participates in the implementation of new technologies, such as AI, advising and reviewing ethical implications, it manages compliance risks and the controls to mitigate them. I would say that, like a lighthouse, it illuminates the right path for our actions.

We work based on the global compliance model divided into 3 main activities, 1) Prevention, 2) Detection and 3) Reaction – Response; if you were to ask me where we are focusing our efforts to strengthen the role of Compliance, I would say that it is in Prevention and that is where we will be concentrating our efforts this year.

Footnote:

In 2024, Uruguay obtained 76 out of 100 points and advanced 3 positions to reach 13th place out of 180 countries, followed by Canada and Germany, in the index that measures the perception of corruption in the public sector of each country, the CPI, Corruption Perceptions Index. The CPI is measured on a scale of 0 to 100, where 0 indicates high corruption and 100 maximum transparency.

How do you ensure that all employees are aware of the compliance policies?

Through the compliance programme that has been running for 7 years in Telefónica in Uruguay, which deploys all training and awareness activities and communicates through formal channels such as Workplace, Intranet and Email.

This year we will be resuming a practice that was very well received in previous years, namely ‘Coffee with Compliance’, which consists of a voluntary, unstructured and enjoyable session with the aim of raising awareness of the different subjects that Compliance works on and of clarifying doubts about situations that may arise in everyday life, accompanied by a coffee or mate.

We are aware that it is not an easy subject to understand, even at the beginning some people do not find it attractive or never find it attractive, that is the main challenge to overcome when it comes to ensuring that people know where to find the regulations, what to do and what they are for.

We should all understand that the compliance function is implemented to do things right.

Other attractive forms are informative capsules and, by the way, this year we were inspired by what the Telefónica team in Spain and Chile did, for example, publishing short awareness-raising videos among colleagues who kindly dedicate a space for this purpose.

New recruits are also given an overview of compliance policies and where to find them.

Finally, as part of our advisory role, we provide a consultation mailbox for all the organisation’s collaborators.

What kind of training is offered to employees on compliance and business ethics?

There is a training window planned and promoted by the Global Compliance Department where we offer the following:

Required:

  • Code of Ethics and Conduct: Integrity and the Fight against Corruption.
  • Information security practices.
  • Privacy principles and BCRs.

Then we have these basic courses that we make available to all employees and use for the awareness plan:

  • Principles of responsible business.
  • Competition law.
  • Foreign corrupt practices act (FCPA) at Telefónica.

We also provide a prepared grid for employees who perform specific functions such as Purchasing that are not compulsory for the rest.

What tools or technologies do you use to monitor regulatory compliance?

We currently rely on internal reviews with the different areas of the business and reports at different established intervals. On the other hand, as part of the risk control and updating initiatives, we also use the risk map on a six-monthly basis with the Audit team.

Controls are carried out in the area of anti-corruption and other specific issues for the compliance risk area.

For everything related to due diligence requests, we use the Supervisa tool to see where alerts arise, for example, from Country Risk. We review the requirements and documentation of the requests, the third party’s code of conduct.

When it comes to international controls, we use OFSI (UK Office of Financial Sanctions Implementation), the EU Sanctions Map and OFAC (Office of Foreign Assets Control) to check for any international economic or trade sanctions.

We also use other tools

  • Complíter
  • Conflict of Interest
  • Responsible AI Tool
  • Privateca
  • Whistleblowing channel, among others.

Can you share an example of a compliance challenge?

In our area of B2B digital services development, it is a constant challenge to reconcile the needs of our business customers, commercial requirements and legal demands with regulations on privacy and personal data protection.

Being open, detailed and proactive in aspects such as contracts with customers and suppliers allows all interests to be aligned, and working according to the policies determined by the organisation is, in the long run, a way of making the work of the area easier and more effective.

Another challenge that I want to highlight and where we will also focus our efforts is undoubtedly the analysis and assessment of the risks of Artificial Intelligence and their impact and likelihood, with the aim of avoiding negative consequences or non-compliance towards our clients, the organisation, as well as towards society in general, to give you a couple of examples: biases in algorithms that can lead to discrimination, lack of transparency in how algorithms make decisions or in the use of personal data, false positives or negatives that can have an unwanted impact on certain groups in society, etc.

A well-known case that happened in the USA is something we don’t want to happen to us: a world-renowned automotive company implemented ChatGPT as part of its sales process, with direct interaction with its customers, recommending models and features that suit their needs and tastes, and it ended up recommending the purchase of a competitor’s car. To avoid or minimise risks as much as possible, AI must be accompanied from the design stage by our principles of responsible AI.

Our principles ensure that Artificial Intelligence is fair, transparent, people-centred, does not violate human rights and guarantees privacy and security in the P&S that we develop, as well as when we acquire it from third parties. At Telefónica, AI is one of the subjects that form part of the global compliance model.

What role does organisational culture play in the success of the compliance programme?

I believe it plays a fundamental role given that we do not measure the success of the programme in terms of ‘a check’ on the implementation of regulations or validation of controls, but rather, in the equation of success, the main component is people.

The compliance team does not work in isolation from the organisation, it is not in a silo, but on the contrary, it is constantly dealing with people from all areas. This seems obvious, but it is often overlooked. This implies that the success of the compliance programme depends on how people act, on the values they transmit and how they behave with our clients, with the organisation and in general with society and its different actors.

In short, the success of the programme is based on a culture of integrity that generates trust, projects credibility and promotes long-term sustainability.

The Five Stars recognition programme is an active and directly aligned with the culture we seek in the organisation, it recognises those values and behaviours that stand out r

Share it on your social networks

#

Word of the week

Data

Most read in the last week

    technological inventions that have changed the world, such as the telephone,contenidos destacados
  1. 9 technological inventions that have changed the world 
    Communication Team
  2. 7 advantages and disadvantages of ICTs in education  
    Communication Team
  3. Technology and the environment: a battle between harm and benefit
    Yanina Chalup
  4. Technology and its impact on sport
  5. Automating Network Capacity Creation with AI: Vivo's Fractal Project
    Gerson-Kazumi

Related Content

Communication

Contact our communication department or requests additional material.

Background formBackground form mobile

Subscribe to Telefónica's blog

For example, [email protected]

close-link