Five Compliance Best Practices Every Multinational Company Should Consider For … Identifying And Implementing Core Compliance Policies

Foley & Lardner


Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
As an accompaniment to our biweekly series on What Every Multinational Should Know About various international trade, enforcement, and compliance topics...
United States International Law
To print this article, all you need is to be registered or login on

As an accompaniment to our biweekly series on What Every Multinational Should Know About various international trade, enforcement, and compliance topics, below find an update to our series on compliance checks that every multinational company should consider. Give us two minutes, and we will give you five suggested compliance best practices that will benefit your international regulatory compliance program.

Identifying core compliance policies is essential for establishing a comprehensive and effective compliance program within an organization. A key first step for multinational companies is to consider what compliance policies they consider to be their "core" compliance policies. At most multinational organizations, as a rough rule of thumb, these core policies cover between 18 and 22 areas.

The best compliance is always tailored compliance, which reflects the multinational company's business and risk profiles as well as its internal operation of its compliance program. When coming up with a tailored set of core compliance policies, five items to consider are as follows:

  1. Start with an Understanding of Typical Core Compliance Areas: Foley has published a list of core and suggested compliance policies, which is a good start for multinational companies looking to benchmark the scope of their own programs.
  2. Understand Legal and Regulatory Requirements: You should ensure that you have a good understanding of your organization's risk profile and how it is impacted by industry-specific regulation. A good starting point for gaining this understanding is to conduct a thorough review of relevant laws, regulations, industry standards, and contractual obligations that apply to your organization to identify the key compliance areas and requirements that your organization should be addressing. The specific risks and vulnerabilities faced by your organization based on its industry, size, geographic locations, business operations, and regulatory environment inform the types of compliance policies that need emphasis at your organization.
  3. Review Industry Standards and Best Practices: Multinational companies should prioritize compliance areas based on their importance to the organization's operations, exposure to risk, regulatory scrutiny, and potential impact on stakeholders. One good guide to identifying these risk areas is to research industry-specific standards, best practices, and guidelines for compliance in your business sector. In some cases, industry associations have established recognized frameworks or model policies that can serve as a starting point for establishing core compliance areas and then modifying to tailor them to your organization. You also can consider international standards and best practices for compliance, such as ISO 19600 (Compliance Management Systems) or ISO 37001 (Anti-Bribery Management Systems), as potential starting points.
  4. Review Existing Policies and Procedures: Particularly for core compliance polices, it is important to have up-to-date and complete policies. You should review existing policies, procedures, and internal controls within the organization to identify gaps, redundancies, or areas for improvement. Determine which policies are outdated, ineffective, or no longer relevant to the organization's operations, or which ones cover core compliance areas only in passing.
  5. Ensure Your Core Compliance Permeates Your Compliance Structure: A well-functioning compliance system carries the core compliance policies throughout its compliance structure, in a coordinated way. This means that core compliance areas should be covered in the company's ethics statement, within individual compliance policies, and implemented by tailored internal controls. Compliance training, as well, should stress core compliance areas, including coverage of the internal controls that implement the core compliance measures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More