Regulatory compliance, within a company, is the set of procedures, processes, and control systems that a company uses to ensure its compliance with rules, provisions or standards.
Within a company, the compliance function can perform different roles and tasks, according to the various regulations and needs of the sector.
The world of logistics shows some peculiar elements compared to other sectors and, in recent years, logistics companies have made considerable progress in terms of compliance.
What are the main compliance activities for logistics companies?
Self-regulation rules and external legislation
The compliance activities include, first of all, the drafting and maintenance of an internal procedural system, which is drawn up to adapt both to external regulations, national and international, and to the rules of self-discipline imposed autonomously.
An example of this type of regulation is the Code of Ethics, or Code of Conduct. It is a document prepared on a voluntary basis which summarizes the company's values, behavioral rules, and ethical-social principles that all members of the organization undertake to respect.
The procedural system of the Contship group is well drawn and represents a valid control method for the most critical business processes (e.g. procure-to-pay, personnel selection / management, travel expense management etc.).
Procedural compliance is a particularly delicate issue, as the formalization of control rules and protocols often risks to be perceived as a necessary activity that, if not correctly managed, might slow down company processes.
Another significant compliance activity in Italy, especially for logistics companies, consists in drafting and maintaining the so-called Model 231 - organization, management and control model.
Model 231 is one of the voluntary tools that companies can choose to adopt and it responds to Legislative Decree no. 231/2001, which, for the first time in Italy, has regulated the administrative liability of entities in the event of the commission of an offense by a natural person in the interest and for the benefit of the company.
Since 2001, many companies have started to adopt a Model 231. However, compared to other businesses (e.g. power & utilities), the logistics sector has been conforming to Legislative Decree 231 only recently.
The most complex part of applying compliance 231 to this type of business consists in identifying the risks and potential offenses applicable, an activity included during the risk assessment phase.
The intervention of multiple actors and the interaction of complex processes make the value chain of the logistics business very wide and articulated. It is therefore challenging to create a 360° mapping of all possible applicable offenses. A further element of complexity is related to the presence, in many links of the supply chain, of the Public Administration Authorities, or, as in our case, of the Port or Customs Authority.
Another theme belonging to the compliance sphere is Whistleblowing, a regulation that protects the employee who reports an offense or behavior which is in breach of the code of ethics or of a rule of good conduct, and that the employee has come to know in the within of the employment relationship.
Whistleblowing protects the whistleblower, guaranteeing anonymity and the absence of retaliation. Reporting agents may be even rewarded when they help the company intercept those who, with their behavior, have determined a risk for the company itself.
Following the report, the whistleblowing system must ensure the company investigates and takes appropriate measures, moving within a delicate ground that often touches on interpersonal relationships among employees.
One of the main challenges related to whistleblowing is promoting and making this protection system known internally within the company.
GDPR - General Data Protection Regulation
From a regulatory point of view, respect for privacy falls fully within the general sphere of compliance. Furthermore, the information systems, which are the basis for the collection and management of (also sensitive) data, are a crucial element in the world of logistics.
Unlike the aforementioned Model 231 and Code of Ethics, compliance with the GDPR is a stringent and necessary requirement, as it is a mandatory adaptation to EU Regulation no. 2016/679. Nonetheless, there are still many companies that risk incurring penalties from the Privacy Guarantor, as they have not yet been able to set up a system of preparatory practices and procedures for compliance with the GDPR.
The challenge is to make all internal employees aware of the risks which may arise, especially in the world of logistics, when companies are considering new suppliers or the introduction of new information systems, which manage sensitive data.
What are the benefits of compliance and the risks of non-compliance?
The "culture of Compliance" can actively contribute to the creation of value by minimizing risks through the implementation of rules, safeguards and management / operational control activities that guarantee compliance by facilitating or, at least, not hindering the performance of production processes.
The advantages for a company that has implemented an effective compliance system are manifold.
First, the whole organization is improved and more efficient, internal processes are more fluid, and the entire operation is able to perform better within structured and regulated processes.
Second, the existence and availability of internal models and codes contributes to strengthening the company's image and reputation, reassuring its stakeholders (customers, employees, shareholders and suppliers) about its reliability and showing its solidity in structural terms.
Last but not least, being compliant with the legislation allows companies to avoid the penalties related to a failure to comply.
In fact, it is necessary to remember that in many cases, when we talk about compliance, we are talking about legal obligations which, if not fulfilled, can result in the application of different types of sanctions. These are pecuniary sanctions, confiscation of the profit deriving from the commission of the offence and disqualifying sanctions (which block the company's operations for a certain period of time).
Damage to reputation and image, that may result from the publication of judgements, must be considered too.
Compliance in Contship Italia
The Contship Italia Group’s Code of Ethics was drafted in 2015 and updated in 2018.
Group-wide compliance procedures are issued by Contship Italia S.p.A., which provides the general guidelines, the regulatory framework, the necessary authorization flows and forms. These procedures are then declined in the various group companies based on their operations, from the La Spezia maritime terminal to the intermodal companies at the Melzo terminal.
Some companies within the Contship Italia Group have adopted a Model 231, the latest update of which dates back to 2018. The Supervisory Body, made up of both external and internal members, meets formally four times a year.
Procedural compliance is also checked at least once a year through an audit performed by internal staff with the support of external specialists, who complete the skills of the audit team in verifying the effective implementation of procedures and regulations in general.
In 2018, the Contship Italia Group also implemented a whistleblowing system, with the person authorized to receive the reports and take care of the subsequent analysis being an external appointee.
Finally, the company implemented a structured process of compliance with the GDPR, with a multifunctional team which, after the preliminary analysis, appointed the DPO (Data Protection Officer). This person will deal exclusively, as required by the reference standard, with the protection of personal data, keeping up with the risks and security measures that the Company will have to implement.
Providing a holistic view of risk and regulatory compliance is critical for any company in any industry. Having a Compliance function has become a necessity, not only because law requires it, but above all because the challenges that must be faced impose it: the speed of the market, the complexity of the activities carried out, the progressive computerization of the operating activities entail a considerable increased risk.
For Compliance to bring actual benefits to the business, it is essential that it be treated as a support program for operations and not, as it is often perceived, as an imposition of rules.
This is particularly true in the logistics sector which, having to operate quickly and flexibly to anticipate or adapt to market demands, needs to receive support for its operations and not obstacles and bureaucracy.
The difficulties that can be encountered when applying the concept of compliance in logistics, as well as in other sectors, require working on raising the awareness of internal employees, to make people understand the importance of the control step, which should not be experienced as a slowdown but as a lever for improvement.
In fact, if the control system is well designed and effectively applied, it does not only provide protection for the company and the employee, but it is also an element that can facilitate the process itself, enabling a better performance and, ultimately, the achievement of a competitive advantage.