Law, the Roman ius romana, was conceived to model individual freedom based on respect for the freedom of others, and thus articulate coexistence in societies. Therefore, compliance is not an option; it is an obligation. And it is an obligation for everyone: for individuals, for administrations, and also for companies. It is in the latter that Compliance (which comes from the Latin complere: to comply) takes on its meaning, as an instrument at the service of compliance.
Although rules are by definition subjective, the division of powers in a state governed by the rule of law ensures that the legal system avoids arbitrary temptations. The legislature produces the laws, the executive develops and implements them, and the judiciary interprets and enforces them. In turn, each has a role to play in monitoring the others. Democracy, the sovereignty of the nation over the nation, relies for most of its effectiveness on this system of balances.
Legal persons are not, strictly speaking, democracies. However, like states, they require an organisation for the fulfilment of their purposes. This organisation is leveraged not only by a system of corporate governance, but also by an environment of checks and balances, in which all units of the entity must play a leading role. Hence the hackneyed adage: ‘compliance is everyone’.
It is in this system of controls that Compliance unfolds its full potential.
Defining the scope
In effect, a Compliance programme is a homogeneous and ordered set of functions, whose design and execution is entrusted by the management body to a specific area of the company, Compliance, and whose objective is to prevent the risks derived from potential non-compliance and, coherently with the above, to improve the company’s ethical culture.
There is no statute in the legal systems that defines what a Compliance programme should specifically consist of. And this is as it should be, because in this way those in charge can freely decide where they are most useful in order to achieve their goals. In any case, beyond the essential initial risk analysis, it seems reasonable that, in permanent harmony with the administrative and management bodies (the so-called tone at the top), they should play a role in the development and interpretation of internal rules (which have their ultimate basis in the legal systems). They should also be involved in the supervision of the company’s ecosystem of relationships (e.g. with administrations and third parties), in the development of initiatives that contribute to training and awareness-raising of the entire organisation, in the management of tools that enable the detection of possible irregularities and their investigation, and in ensuring that such irregularities have consequences and are, moreover, lessons learned for the future.
It can be deduced from the above that Compliance, with an auctoritas that must be earned by hand (using both left and right hands with dexterity), actively meanders through the intricacies of the company to achieve in it what the Constitutions aspire for States with their systems of division of powers: to prevent arbitrariness.
And perhaps it could be concluded that, in this steady but intricate journey, Compliance rears its head in different territories that, in a state, would be associated with each of the three powers: the legislative, the executive and the judiciary.
The paradigm
The keys to a good compliance programme are laid down by the US Department of Justice: that it is well designed, that it has the resources and authority to carry out its functions, and that it works in practice.
This paradigm applies not only to a global compliance system, but also to all those specific programmes that, to an increasing extent, national and transnational regulations admit as mitigating factors for liability: criminal liability models, anti-corruption or international sanctions programmes, tax, labour or competition compliance models, privacy programmes, etc.
The authorities are becoming convinced that, ultimately, any discipline is likely to enjoy the benefits of a good compliance programme; a good example could be the one developed by companies to face the new regulatory challenges related to artificial intelligence. In all these areas, both traditional and emerging, Telefónica can boast of having led or leading from the forefront.
Uniqueness
Let us leave for the end another of the characteristics that, in my opinion, a Compliance programme in a company like ours, so diverse in its geographies and businesses, must have: uniqueness. The aim is for all Group employees to be recognised in an instrument that is flexible (to accommodate all the specialities, mainly regulatory, of our complex corporate conglomerate), but at the same time unique, that is uniform in its approach and that inspires everything we do.
In this way, we will be leaving our mark on the company’s cultural heritage of which, in our centenary year, we are so proud.