Seven key compliance regulations you need to know

22 June 2015 Sean O'Mara

When you get on a plane, turn on your TV, or buy a sandwich from a supermarket, you do so with a certain level of confidence. You don’t expect to have an incompetent pilot, see a misleading advert or contract food poisoning from spoiled ham.

This confidence you enjoy as a consumer is due in no small part to the role of compliance regulations.

Despite the safeguards we enjoy as customers, there are few dirtier words in business than “compliance.” We see compliance differently when it’s us that has to comply.

To a marketing department, compliance means having to run every idea past a team of people who seem to exist only take the fun out of life. For the SME CEO, compliance means rules, regulations and finding the resource to stick to them. But without compliance regulation, business would struggle to earn trust from their customers.

What are compliance regulations?

These are the rules put in place to keep your industry and your business in check. It’s easy to scoff at ‘red tape’ but compliance is in place to protect customers.

Compliance is the reason we don’t expect to get food poisoning from McDonalds or to be mislead by our bank. We expect these businesses to be regulated and to comply with those regulations.

From a customer point of view, compliance is – theoretically – a good thing. From a business point of view though, it can be a source of anxiety.

Regulated industries

All industries are regulated to a degree. The law of the land does a lot of the regulating all by itself – for example via the Sale of Goods Act or the Consumer Rights Act – but in some cases, extra controls are required to protect us customers.

Banking, finance, healthcare, education, legal services, charities, transport; these are some of the industries subject to extra regulation.

Who enforces compliance?

Where there are regulations you will find regulators. These are quasi-autonomous non-governmental organisations or “quangos.” They exist as a branch of government but are non partisan and non departmental.

You tend to only hear from or about regulators when things go wrong, which gives these guys a bit of an undeserved reputation. Here are some of the nation’s ‘favourite’ regulators:

  • Advertising Standards Authority – Think you’ve been mislead by an advert? The ASA has your back.
  • British Board of Film Censors – Worried that your kids are exposed to too much violence? That’s what the BBFC and their age certificates are for.
  • Competition and Markets Authority – Thank the CMA for keeping the UK free from cartels.
  • Charity Commission for England and Wales – These guys make sure your kind donations go to the right place.
  • Civil Aviation Authority – And these guys make sure the plane that takes you on holiday is clean and safe.
  • Environment Agency – Don’t want businesses dumping chemicals in your rivers and streams? The EA are all over that.
  • Financial Conduct Authority (formerly the Financial Services Authority) – Keeping your bank in check and your mortgage lender honest.
  • General Medical Council – The reason we don’t have dodgy doctors and nurses in the NHS.
  • Independent Press Standards Organisation – You may not think it at times, but the press are heavily regulated.
  • Information Commissioner’s Office – Theoretically keeping spammers and scammers out of your inbox since 1984.
  • Ofcom – Doing their best to deal with cold callers and mid-contract price hikes from mobile phone companies.
  • Ofgem – ‘Regulating’ the UK’s gas and electricity suppliers the best they can.
  • Ofsted – Looking after schools and nurseries.
  • The Pensions Regulator – Busy handling auto-enrollment for the past few years.
  • Independent Police Complaints Commission – The go-to regulator if you’ve had problems with the police.

Seven key compliance regulations you need to understand

1.Handle with care – data protection

What you do (or don’t do) with customer data can land you in legal hot water and if you’re in a highly regulated industry this can lead to loss of licence. Data protection revolves around the concept of personal data; that is any data that can identify a living person.

How you acquire, manage, store, share, modify and destroy that data is subject to heavy regulation. Read up on your responsibilities before requiring any personal data.

2.Information security – can you prove you’ve done the right thing?

If you hold people’s data, you’ve got to protect it and you’ve got to be able prove that you’re protecting it. Modern I.T managers need to know as much about compliance and regulations as they do about mainframes and servers.

It’s not good enough to simply encrypt, secure, backup and protect customer data, you’ve got to be ready to prove it.

3.More than just how to lift a box – health and safety for employees

Health and safety regulation comes in for lots of undeserved stick. In 2014 the Health and Safety Executive celebrated 20 years in the game with the lowest number of workplace fatalities since they assumed responsibility for that rather high pressure KPI.

Yes, sometimes we have to show new starters how to lift a box properly and it’s a bit of a giggle, but complying with health and safety regulations is massively important for your business. If the HSE even suspects you’ve breached their regulations, they can intervene and they don’t intervene for free.

Insufficient deference to the HSE handbook can cost you money, even before you’ve been sued. But don’t freak out and wrap your team in cotton wool, the onus is as much on them to follow your guidelines as it is on you to provide them.

4.Financial marketing – don’t say “will” when you mean “may”

Financial services are one of the fastest growing industries in the world. According to an Accenture study conducted this year (2015), global investment in ‘fintech’ (financial technology) tripled from 2013 to 2014. The mechanics of financial services are tightly regulated for good reason. Otherwise banks would be able to do what they fancy with your cash.

But the marketing of financial services are subject to very strict compliance procedures too.

Imagine you’re launching a money transfer app and you Tweet about it to your friend to tell her she “will save money” with your app. You’ve just broken FCA regulations. If you say she “may save money” you’re all good. Subtle differences.

FCA-regulated businesses need to be extremely careful about what they say. In 2010 a Natwest advert claimed they would keep branches open even if it was the “last bank in town.” When residents of Farsley in West Yorkshire pointed out that Natwest – the last bank in their town – had been closed, the FSA (now FCA) banned the advert. Be careful what you say.

5.“Recent graduate required” – Avoiding inadvertent discrimination

The Equality and Human Rights Commission regulate all places of work to ensure nobody is treated unfairly. While most businesses have practices – not to mention a culture – that promote diversity and equality, there are some lesser known compliance issues you need to be aware of.

Discrimination based on age is illegal. Protect yourself from accusations of age discrimination by removing all direct and indirect references to age from application forms and adverts. Stipulating that a position is for recent graduates implies a preference for young people. Don’t do this.

Where you choose to advertise can also constitute discrimination. If you only place adverts in male-centric media, you’re not only ruling out almost half of the workforce, you’re leaving yourself open to accusations of discrimination.

Work status protection is regulated by the Equality and Human Rights Commission too. Compliance with this regulation means you can’t treat non-permanent and non full time employees unequally. Because women are statistically a lot more likely to work part time compared to men, favouring full time workers over part time workers is considered to be sexual discrimination.

6.Do you consent to cookies? Data protection compliance

The use of website cookies comes under the data protection act. If you use them, you have to tell people you use them and give them the option to consent to their use. This is a fairly easy regulation with which to comply as you only have to tell a user once about cookie usage. It’s also fairly easy to implement. A simple website pop-up that explains your cookie policy is enough.

7.Have you washed your hands? Food safety and your business

Food hygiene certificates are not compulsory, even for food retailers. But if food is prepared on your business premises you do need to be capable of proving that you are taking action to ensure food is safe to eat. So even making a few sandwiches for a customer meeting means you’ll need to comply.

The biggest area of non-compliance in this respect is the lack of a sink in which to wash your hands. If you don’t have one, don’t offer people food prepared on your premises.

Regulatory compliance is designed to protect your people and your customers. It’s not there to mess with you or cause you extra work, but lack of understanding can lead to compliance anxiety. Understanding what regulations apply to your business and your industry is the best way to get started down the road of regulatory compliance. You’ll sleep better for it.