A compliance officer is a key person in our industry where the volume of personal data handled is important, but are we fully aware of the responsibilities of the Compliance Officer? Let’s get more information about this specific role thanks to Katia Lyubimova our Compliance Officer.
Hi Katia, tell us more about yourself. How long have you been working as a Compliance Officer at iCOVER and what were your prior experiences in the legal and compliance field?
I can hardly believe that it was exactly one year ago that I started at iCOVER! Before joining the Group, I have had over 8 years of experience in various industries such as healthcare, business intelligence and risk consulting, asset management, financial services, where I held legal and/or compliance roles. These past opportunities helped me get a broader view of the profession and consolidated my appetite for compliance and privacy matters, which are my current focus at iCOVER.
What are the main responsibilities of a Compliance Officer?
The role of a Compliance Officer is essentially a risk management function. Being the second and sometimes even the third line of defense for compliance risk, the Compliance Officer must establish a comprehensive and effective compliance program, by partnering with different business stakeholders to implement policies and procedures fitting to the organization and ensure that high ethical standards and compliance are embedded in the company’s culture, strategy, daily activities, and processes.
To successfully manage this, performing regular risk assessments, adequate training, monitoring/auditing, and providing operational advice to teams, are fundamental.
Why is it so important to have a Compliance function within an organization?
For some companies that fall under the scope of the French Sapin II Law, for example, the creation of a compliance role may be inevitable. Nonetheless, any organization, large or small, would greatly benefit from having a Compliance expert on payroll or at least on a consultancy basis. The Compliance Officer will help keep the business in conformity with all applicable laws and regulations, thus, driving compliant growth within the organization. With a compliance expert on your side, you can be sure that the many risks that threaten your business are identified and mitigated, and that fostering a culture of compliance in your organization can be a great asset for your reputation.
What are your key areas of focus when implementing a compliance program?
From my point of view, the very first thing to do when stepping into a compliance role, is to understand the business, its structure, environment, its people, challenges, and priorities. The approach may depend on the industry, but it is always a best practice to start the implementation of the compliance program with a thorough company-wide risk assessment. The outcome of this exercise will determine the key areas where the most critical risks lie. Having this risk-based approach allows to tailor the program and its components to the organization and puts risk prevention at the center of its preoccupations.
Another key area that should never be neglected, is the third-party compliance aspect of the program. At iCOVER, a Partner Management Framework has been designed to manage the relationship with our third parties, from the on-boarding/assessment stage to audit.
Finally, compliance policies and procedures may well exist, but their efficient deployment and implementation only work if trainings are performed on a regular basis. It is therefore important to establish a training plan and adapt to the appropriate audiences.
iCOVER being a business entirely focused on processing personal data for pre-employment and KYC purposes, how do you ensure the compliance of the international services you offer to customers?
The compliance and legality of our products/services have always been iCOVER’s top priority. It is an everyday effort, endorsed by the Management and operationally lead by the Product team, strongly supported by the Legal and Compliance Department. Our customers require transparency in the way we obtain the data on their behalf and accuracy in terms of the information we collect and report. In this respect, an internal Product Compliance Policy is established, reminding everyone of the values we uphold, and ensuring that a strict compliant process is followed upon product creation stage as well as a compliance review of all products/services offered to customers, which go together with a monitoring of the background screening environment and data protection and employment laws.
We also make sure that our IT systems and tools embed privacy and compliance by design. Our Legal and Compliance Department regularly partners with IT teams internally to regularly review processes to keep improving our products and state-of-the-art technology.