Section 1

Understanding the Basics

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Get Started with Compliance Fundamentals

From creating a top-notch code of conduct to understanding the role compliance plays in your organization, this is the place to learn the core elements of an effective compliance program.

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Each compliance program is unique with disparate risks and various levels of maturity. Although there are a number of nuances determined by your company’s size, industry and location, there are still basic principles that are best practices across the board. In this section you’ll learn about the key skills every compliance professional should have as well as the general knowledge base effective compliance professional have and harness throughout their careers.

Just as there are key skills every modern compliance professional should possess, there are fundamental elements every effective compliance program should practice. This section will introduce you to those key components of a robust compliance program and provide the guidance you need to move your career and program to its next level of sophistication. 

The Ever-Growing List of Compliance Terminology

Improve your compliance vocabulary and become the most well-versed compliance professional you know. Stay up-to-date with this ever-growing list of governance, risk and compliance terms.  

Use the list below to identify and understand the many terms related to governance, risk and compliance, including regulatory definitions and words and phrases about corporate governance and risk mitigation.

 

Audit

An examination performed by an independent third party that verifies the guidelines outlined by a regulatory body

 

Attestation

The acknowledgement of understanding and abidance to policies, procedures or training

 

Benchmarking

Analyzing your data year over year by comparing one's own business processes and performance against the industry standard to reveal compliance program effectiveness and determine needed improvements.

 

Blockchain

A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions. Growing as completed blocks, the most recent transactions are recorded and added to the chain in chronological order allowing market participants to track digital currency transactions without central recordkeeping. Each node (a computer connected to the network) gets a copy of the blockchain that is downloaded automatically.

Originally developed as the accounting method for the virtual currency Bitcoin, blockchains use what is now known as distributed ledger technology (DLT). This technology creates indelible records that cannot be changed, as the authenticity can be verified by the entire community using the blockchain instead of a single centralized authority. 

 

Bribe

An incentive given or offered to a person or organization to encourage that person/organization to take an action that benefits the giver

 

Chief Privacy Officer

A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access

 

Chief Risk Officer

The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. The position is sometimes called chief risk management officer or simply risk management officer

 

Code of Conduct or Code of Ethics

An organization’s Code of Conduct is its policy of all policies. It’s a central guide and reference for users in support of day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. As a reference, it can be used to locate relevant documents, services and other resources related to ethics within the organization.

 

Compliance

Compliance is either a state of being in accordance with established guidelines or specifications, or the process of becoming so

 

Compliance Audit

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparedness. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit

 

Compliance Burden

Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity

 

Compliance Framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation

 

Compliance Risk

Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices

 

Corporate Governance

Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulations

 

Cyber Security

Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

 

Dodd-Frank Act

The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. The legislation, enacted in July 2010, aims to prevent another significant financial crisis by creating new financial regulatory processes that enforce transparency and accountability while implementing rules for consumer protection

 

Ethical Dilemmas

Situations that require ethical judgment calls. Often, there is more than one right answer and no win-win solution in which we get everything we want

 

Ethics

The decisions, choices and actions (behaviors) we make that reflect and enact our values

 

FCPA

The Foreign Corrupt Practices Act is a federal law enacted in 1977 to prohibit companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.

 

Fraud

To intentionally lie or cheat to get something to which one is not entitled

 

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a legal framework that sets new guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR lays out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation applies to all organizations that deal with EU citizen data, making it a critical regulation for corporate compliance officers at banks, insurers, and other financial organizations. On May 25, 2018 GDPR will come into full-effect across the EU. 

 

Governance

The act, process or power of exercising authority or control in an organizational setting

 

Governance, Risk and Compliance (GRC)

Governance, Risk and Compliance (GRC) is a combined area of focus within an organization that developed because of interdependencies between the three components. GRC software products, available from a number of vendors, typically facilitate compliance with legal requirements, such as those specified in the Sarbanes-Oxley Act (SOX) or occupational health and safety regulations.

 

Gramm-Leach-Bliley Act (GLB)

Federal legislation enacted in the United States to control the ways that financial institutions deal with the private information of individuals

 

Hotline

A common reporting system giving anonymous telephone access to employees seeking to report possible instances of wrongdoing.

 

Integrity

Making choices that are consistent with each other and with the stated and operative values one espouses. Striving for ethical congruence in one's decisions

 

Internal Control

An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk

 

NIST (National Institute of Standards and Technology)

A unit of the US Commerce Department that promotes and maintains measurement standards.

 

Ransomware

Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. 

 

Regulatory Compliance

Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. Violations of compliance regulations often result in legal punishment, including federal fines

 

Risk Assessment

Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct business

 

Risk Assessment Framework (RAF)

A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure

 

Risk Exposure

Risk exposure is a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses

 

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirements

 

Transparency

Transparency, in a business or governance context, is honesty and openness. Transparency and accountability are generally considered the two main pillars of good corporate governance

 

Values

The core beliefs we hold regarding what is right and fair in terms of our actions and our interactions with others. Another way to characterize values is that they are what an individual believes to be of worth and importance to their life

 

Values-centered Code of Ethics

Offers a set of ethical ideals, such as integrity, trust-worthiness and responsibility, which companies want employees to adopt in their work practices

 

Whistleblower

A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization. This organization could include a government department, a public company or a private organization

 

Workplace Harassment

As defined by the Equal Employment Opportunity Commission (EEOC):

Harassment is unwelcome conduct that is based on race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability or genetic information. Harassment becomes unlawful where 1) enduring the offensive conduct becomes a condition of continued employment, or 2) the conduct is severe or pervasive enough to create a work environment that a reasonable person would consider intimidating, hostile, or abusive. Anti-discrimination laws also prohibit harassment against individuals in retaliation for filing a discrimination charge, testifying, or participating in any way in an investigation, proceeding, or lawsuit under these laws; or opposing employment practices that they reasonably believe discriminate against individuals, in violation of these laws.

Petty slights, annoyances, and isolated incidents (unless extremely serious) will not rise to the level of illegality. To be unlawful, the conduct must create a work environment that would be intimidating, hostile, or offensive to reasonable people.

Improve your compliance vocabulary and become the most well-versed compliance professional you know. Stay up-to-date with this ever-growing list of governance, risk and compliance terms.  

Use the list below to identify and understand the many terms related to governance, risk and compliance, including regulatory definitions and words and phrases about corporate governance and risk mitigation.

 

Audit

An examination performed by an independent third party that verifies the guidelines outlined by a regulatory body

 

Attestation

The acknowledgement of understanding and abidance to policies, procedures or training

 

Benchmarking

Analyzing your data year over year by comparing one's own business processes and performance against the industry standard to reveal compliance program effectiveness and determine needed improvements.

 

Blockchain

A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions. Growing as completed blocks, the most recent transactions are recorded and added to the chain in chronological order allowing market participants to track digital currency transactions without central recordkeeping. Each node (a computer connected to the network) gets a copy of the blockchain that is downloaded automatically.

Originally developed as the accounting method for the virtual currency Bitcoin, blockchains use what is now known as distributed ledger technology (DLT). This technology creates indelible records that cannot be changed, as the authenticity can be verified by the entire community using the blockchain instead of a single centralized authority. 

 

Bribe

An incentive given or offered to a person or organization to encourage that person/organization to take an action that benefits the giver

 

Chief Privacy Officer

A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access

 

Chief Risk Officer

The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. The position is sometimes called chief risk management officer or simply risk management officer

 

Code of Conduct or Code of Ethics

An organization’s Code of Conduct is its policy of all policies. It’s a central guide and reference for users in support of day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. As a reference, it can be used to locate relevant documents, services and other resources related to ethics within the organization.

 

Compliance

Compliance is either a state of being in accordance with established guidelines or specifications, or the process of becoming so

 

Compliance Audit

A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparedness. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit

 

Compliance Burden

Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity

 

Compliance Framework

A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation

 

Compliance Risk

Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices

 

Corporate Governance

Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulations

 

Cyber Security

Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

 

Dodd-Frank Act

The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. The legislation, enacted in July 2010, aims to prevent another significant financial crisis by creating new financial regulatory processes that enforce transparency and accountability while implementing rules for consumer protection

 

Ethical Dilemmas

Situations that require ethical judgment calls. Often, there is more than one right answer and no win-win solution in which we get everything we want

 

Ethics

The decisions, choices and actions (behaviors) we make that reflect and enact our values

 

FCPA

The Foreign Corrupt Practices Act is a federal law enacted in 1977 to prohibit companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.

 

Fraud

To intentionally lie or cheat to get something to which one is not entitled

 

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a legal framework that sets new guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR lays out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation applies to all organizations that deal with EU citizen data, making it a critical regulation for corporate compliance officers at banks, insurers, and other financial organizations. On May 25, 2018 GDPR will come into full-effect across the EU. 

 

Governance

The act, process or power of exercising authority or control in an organizational setting

 

Governance, Risk and Compliance (GRC)

Governance, Risk and Compliance (GRC) is a combined area of focus within an organization that developed because of interdependencies between the three components. GRC software products, available from a number of vendors, typically facilitate compliance with legal requirements, such as those specified in the Sarbanes-Oxley Act (SOX) or occupational health and safety regulations.

 

Gramm-Leach-Bliley Act (GLB)

Federal legislation enacted in the United States to control the ways that financial institutions deal with the private information of individuals

 

Hotline

A common reporting system giving anonymous telephone access to employees seeking to report possible instances of wrongdoing.

 

Integrity

Making choices that are consistent with each other and with the stated and operative values one espouses. Striving for ethical congruence in one's decisions

 

Internal Control

An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk

 

NIST (National Institute of Standards and Technology)

A unit of the US Commerce Department that promotes and maintains measurement standards.

 

Ransomware

Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid. 

 

Regulatory Compliance

Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. Violations of compliance regulations often result in legal punishment, including federal fines

 

Risk Assessment

Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct business

 

Risk Assessment Framework (RAF)

A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure

 

Risk Exposure

Risk exposure is a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential losses

 

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirements

 

Transparency

Transparency, in a business or governance context, is honesty and openness. Transparency and accountability are generally considered the two main pillars of good corporate governance

 

Values

The core beliefs we hold regarding what is right and fair in terms of our actions and our interactions with others. Another way to characterize values is that they are what an individual believes to be of worth and importance to their life

 

Values-centered Code of Ethics

Offers a set of ethical ideals, such as integrity, trust-worthiness and responsibility, which companies want employees to adopt in their work practices

 

Whistleblower

A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization. This organization could include a government department, a public company or a private organization

 

Workplace Harassment

As defined by the Equal Employment Opportunity Commission (EEOC):

Harassment is unwelcome conduct that is based on race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability or genetic information. Harassment becomes unlawful where 1) enduring the offensive conduct becomes a condition of continued employment, or 2) the conduct is severe or pervasive enough to create a work environment that a reasonable person would consider intimidating, hostile, or abusive. Anti-discrimination laws also prohibit harassment against individuals in retaliation for filing a discrimination charge, testifying, or participating in any way in an investigation, proceeding, or lawsuit under these laws; or opposing employment practices that they reasonably believe discriminate against individuals, in violation of these laws.

Petty slights, annoyances, and isolated incidents (unless extremely serious) will not rise to the level of illegality. To be unlawful, the conduct must create a work environment that would be intimidating, hostile, or offensive to reasonable people.

Comments

Lock Icon Icon of the outline of a padlock. Write your reply...

As a newcomer to the Compliance arena, this is a very useful resource.

0 Responses
March 29, 2019, 6:32 a.m. Stacy Light Stacy Light

This is great information. Having been in the industry for nearly 15 years, this represents a very thoughtful, well laid out resource. Thank you.

0 Responses
April 27, 2017, 2:31 p.m. LeBrin Odell LeBrin Odell

This is super informative and helpful!

1 Response
March 28, 2017, 10:44 a.m. Morgan Shaffer Morgan Shaffer

Agree. Simple and useful resource.

March 7, 2019, 5:02 p.m. David Banks David Banks

Ethical dilemmas are often at the core of workplace decisions that involve large groups of employees. Deciding carefully, with value systems in mind, helps to mitigate situations.

0 Responses
March 28, 2017, 9:44 a.m. Nancy Pyle Nancy Pyle

The Compliance Terminology resource is a great way to familiarize oneself with the specific terms related to Compliance. I recommend keeping it bookmarked so it's quickly accessible.

1 Response
March 28, 2017, 9:13 a.m. Stephanie Dixon Stephanie Dixon

I agree!

March 28, 2017, 10:46 a.m. Morgan Shaffer Morgan Shaffer