Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Regulatory compliance AI simulator
(@Regulatory compliance_simulator)
Hub AI
Regulatory compliance AI simulator
(@Regulatory compliance_simulator)
Regulatory compliance
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer (specific deterrence) and by others (general deterrence). This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium (Becker 1968). However, psychological research on motivation provides an alternative view: granting rewards (Deci, Koestner and Ryan, 1999) or imposing fines (Gneezy Rustichini 2000) for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.
Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Regulations and accrediting organizations vary among fields, with examples such as PCI-DSS and GLBA in the financial industry, FISMA for U.S. federal agencies, HACCP for the food and beverage industry, and the Joint Commission and HIPAA in healthcare. In some cases other compliance frameworks (such as COBIT) or even standards (NIST) inform on how to comply with regulations.
Some organizations keep compliance data—all data belonging or pertaining to the enterprise or included in the law, which can be used for the purpose of implementing or validating compliance—in a separate store for meeting reporting requirements. Compliance software is increasingly being implemented to help companies manage their compliance data more efficiently. This store may include calculations, data transfers, and audit trails.
The International Organization for Standardization (ISO) and its ISO 37301:2021 (which deprecates ISO 19600:2014) standard is one of the primary international standards for how businesses handle regulatory compliance, providing a reminder of how compliance and risk should operate together, as "colleagues" sharing a common framework with some nuances to account for their differences. The ISO also produces international standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes. They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards.
Regulatory compliance varies not only by industry but often by location. The financial, research, and pharmaceutical regulatory structures in one country, for example, may be similar but with particularly different nuances in another country. These similarities and differences are often a product "of reactions to the changing objectives and requirements in different countries, industries, and policy contexts".
Australia's major financial services regulators of deposits, insurance, and superannuation include the Reserve Bank of Australia (RBA), the Australian Prudential Regulation Authority (APRA), the Australian Securities & Investments Commission (ASIC), and the Australian Competition & Consumer Commission (ACCC). These regulators help to ensure financial institutes meet their promises, that transactional information is well documented, and that competition is fair while protecting consumers. The APRA in particular deals with superannuation and its regulation, including new regulations requiring trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems, and appropriate skills and expertise to manage the superannuation fund, with individuals running them being "fit and proper".
Regulatory compliance
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer (specific deterrence) and by others (general deterrence). This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium (Becker 1968). However, psychological research on motivation provides an alternative view: granting rewards (Deci, Koestner and Ryan, 1999) or imposing fines (Gneezy Rustichini 2000) for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.
Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Regulations and accrediting organizations vary among fields, with examples such as PCI-DSS and GLBA in the financial industry, FISMA for U.S. federal agencies, HACCP for the food and beverage industry, and the Joint Commission and HIPAA in healthcare. In some cases other compliance frameworks (such as COBIT) or even standards (NIST) inform on how to comply with regulations.
Some organizations keep compliance data—all data belonging or pertaining to the enterprise or included in the law, which can be used for the purpose of implementing or validating compliance—in a separate store for meeting reporting requirements. Compliance software is increasingly being implemented to help companies manage their compliance data more efficiently. This store may include calculations, data transfers, and audit trails.
The International Organization for Standardization (ISO) and its ISO 37301:2021 (which deprecates ISO 19600:2014) standard is one of the primary international standards for how businesses handle regulatory compliance, providing a reminder of how compliance and risk should operate together, as "colleagues" sharing a common framework with some nuances to account for their differences. The ISO also produces international standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes. They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards.
Regulatory compliance varies not only by industry but often by location. The financial, research, and pharmaceutical regulatory structures in one country, for example, may be similar but with particularly different nuances in another country. These similarities and differences are often a product "of reactions to the changing objectives and requirements in different countries, industries, and policy contexts".
Australia's major financial services regulators of deposits, insurance, and superannuation include the Reserve Bank of Australia (RBA), the Australian Prudential Regulation Authority (APRA), the Australian Securities & Investments Commission (ASIC), and the Australian Competition & Consumer Commission (ACCC). These regulators help to ensure financial institutes meet their promises, that transactional information is well documented, and that competition is fair while protecting consumers. The APRA in particular deals with superannuation and its regulation, including new regulations requiring trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems, and appropriate skills and expertise to manage the superannuation fund, with individuals running them being "fit and proper".