King III requires compliance with all applicable laws, rules, codes and standards. “This is not a new concept, as organisations have always had to comply with relevant legislation” says Rob Newsome, Enterprise Risk Management Leader and Partner at PricewaterhouseCoopers SA, said: “However, what King III does do is to elevate proof of such compliance, as well as make recommendations as to principles and practices that should be followed to ensure such compliance is achieved. As part of a comprehensive risk management process, companies must implement an effective compliance programme.”
Newsome says that highly-regulated companies, such as those in the financial services sector would already be doing this. “It is the more operationally-focussed companies as well as public sector enterprises that will have to improve in this regard.”
With a plethora of new regulations constantly challenging SA businesses, Newsome says companies will have to know exactly what all these new developments are and how they will be affected.
“Also required in terms of King III is that companies must now disclose how effective they believe their compliance was and how this level of compliance was achieved. It is not acceptable to simply highlight that the company has a compliance officer. The board must disclose details on how it has discharged its compliance responsibilities with regard to ensuring the establishment of an effective compliance framework and processes. Further disclosure includes any significant, or less material but regularly incurred, fines and penalties that were imposed.
“Compliance – in both implementation and disclosure – will now have to become far more proactive, rather than after the fact when there has been a breach that carried specific consequences.”
Companies should perform an annual review of their compliance universe, which is not only restricted to applicable laws. It extends to non-binding rules, codes and standards with which the company has voluntarily elected to comply, and hence places an ethical responsibility on the company to adopt non-binding best practices.
King III has placed the responsibility of many aspects of governance firmly with the board of directors, and Newsome says compliance is certainly no exception. “The board now has to monitor the company’s compliance with all applicable laws, rules and standards. King III allows the board to delegate the implementation of an effective compliance framework, policies and processes to management, and a compliance function/officer is highly recommended. However, ultimate responsibility rests with the board and the board should obtain assurance on the effectiveness of the company’s compliance procedures and control framework.
“Additionally, a further King III recommendation is that the board and each individual director must have a working knowledge of relevant law and applicable standards. It is therefore highly advisable that legislative and similar developments should form part of a board’s continuing education programme.”