An increasing number of companies are looking to make a positive social impact in addition to making a profit. Sustainable business practices are seen as a basic requirement for companies to gain the approval of their customers and investors. Customers, investors, financiers and other stakeholders expect companies to do more than just obey the law, they expect them to act ethically and respect both human rights and the environment. It is best when sustainability is directly linked to a company's strategy. This should also be reflected in the compliance function.

Sustainable companies are expected to not just comply with national legislation, but to exceed the minimum requirements in their business. The responsibility of commercial operations is regulated, among other things, through soft law instruments, such as recommendations. Though not legally binding norms, companies that break such rules risk their legitimacy and their social licence to operate.

The question is whether certain practices have the approval of the community. Without such approval, a project could run into trouble and a company could suffer significant reputational damage. Management could have to resign, even if no laws or binding regulations have been breached.

An Independent Compliance Organisation Supports Sustainability Goals

The company's board of directors is responsible for the management of the company and for the appropriate arrangement of the company's operations.  The board must also ensure that the company has sufficient internal control ensuring that the company operates in accordance with binding laws and regulations.

Corporate management should have up-to-date information on any deficiencies in compliance, and companies should have a compliance organisation to carry out this function. In order to support sustainable business practices, management needs a credible compliance department that is independent of business operations and reports directly to the board of directors.

Sustainability Requires Assessing the Impacts of Operations

The design of compliance functions, programmes and processes requires a strategic approach and a solid understanding of what norms are most key to the company in question. In some sectors, such as the financial and insurance sectors, compliance functions are required by law.

Some binding legislation is central to all companies:

  • The duty to prevent bribery and fraud applies to all companies.
  • Competition regulations apply to nearly all companies.
  • The addition of turnover-based sanctions to data protection legislation raised awareness of this field of law.
  • Employment regulations apply to all business operations, but the risks depend a great deal on the field of operation.

For some companies, compliance with and knowledge of anti-money-laundering laws and trade sanctions are a basic requirement for doing business. For other companies, environmental legislation and legislation concerning waste and chemicals are paramount.

The obligation to prevent corruption in its various forms is a duty that all companies share. Even this could prove to be a pitfall, including in Finland. For example, are old boy networks and the conflicts of interest of a small country recognised as problematic from the perspective of corruption?

From the perspective of sustainability, a duty of care is imposed on companies. Companies are required to carry out human rights due diligence. The assessment of due diligence is influenced by the company's field of operation, geographical reach, size and other risk factors.

Supervising Your Own Group or Securing Sustainability Throughout Your Supply Chain?

While compliance work is usually focused on the compliance of your own operations or those of your group companies, sustainability turns attention  towards supply chains and subcontracting.

There is currently a debate concerning whether there is a need for binding corporate responsibility legislation in the EU or nationally in Finland. The debate is particularly focused on international supply chains:

  • Have companies reviewed their own human rights or environmental impacts in their supply chains?
  • Are subcontractors complying with international human rights conventions?
  • Are companies complying with the duty of care in ensuring the quality of operations in their supply chains?
  • How can responsibility be ensured?
  • Are companies obligated to compensate damage they have caused?

These questions become particularly pronounced, for example, if the local legislation in the country in which a subsidiary operates does not meet the requirements of human rights conventions or the western understanding of responsible business.

Why Should Compliance Also Sustainability into Account?

Economic downturns and difficult financial situations highlight the importance of functioning compliance. The pressure to develop sustainable business practices is constantly growing, which also puts pressure to develop internal compliance functions.

Today, the verdict for unethical or irresponsible actions is often given by the press or the general public. It typically takes years for the courts to render a decision, and by then the damage to the company's reputation has already been done. Incorporating wider responsibility and sustainability perspectives into compliance work will help companies see the full picture of their risks.

Originally Published by DIF – Directors' Institute Finland on 26 November 202

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.