Economic and legal basis of implementation of compliance in business processes of enterprises

Размещено на http://www.allbest.ru

Economic and legal basis of implementation of compliance in business processes of enterprises

Liliia Amelicheva*,

Maryna Savchenko, Larysa Shaulska,

Valentyna Yehorova and

Iryna Holubenko

ABSTRACT

Background: In today's economic world, an effective compliance doctrine is a mandatory component of the management portfolio of any reputable business structure.

Currently, compliance strategy is being implemented in all countries of the globalised world, but in different ways: in some countries, actively and comprehensively, and in others, passively and fragmentedly. This study, using analytical and statistical methodological approaches, explains why compliance is implemented differently in businesses around the world. The authors evaluate the effectiveness of the leading types of compliance (anticorruption, criminal law, environmental, financial, and labour) in the economies of OECD countries and other countries. The authors also substantiate that to strengthen the political will of governments, especially those of developing countries, to extend compliance into the national business environment, it is necessary to develop a national strategic document on the phased implementation of the compliance system in business processes of enterprises, as well as to develop an international document of general application (in the form of a UN Convention) to promote more active implementation of all types of compliance by governments around the world.

Methods: The methodological apparatus of legal and economic sciences was used to study the compliance doctrine. The methodological apparatus of the study included mathematical calculation methods and graphical methods for assessing the degree of compliance implementation in countries of the world, probabilistic methods for providing recommendations for management actions and testing for clustering countries of the world. The study also uses special legal methods: formal legal methods for classifying the main features of the compliance phenomenon, comparative legal methods for comparing compliance regulation in different countries, and logical legal methods for improving legal regulation of compliance as a means of the economic well-being of enterprises.

Results and Conclusions: The article reveals the content of business process compliance; assesses the effectiveness of this instrument in the economies of OECD member states, the EU and other countries in priority areas; develops proposals for regulation, including legislative regulation and implementation of compliance at the international, national and enterprise levels in the context of digitalisation and sustainable development.

INTRODUCTION

business processe compliance

In today's economic world, an effective compliance doctrine is a mandatory component of the management portfolio of any respectable business structure.

The doctrine of compliance stipulates that this tool is introduced into the business processes of an enterprise as a set of preventive measures aimed at monitoring potentially dangerous factors (external and internal) and trends that may harm the economic security of the enterprise.

The extent to which this tool can cover elements of the company's management system is up to its top management. The key factor is that top management should be aware of the benefits of compliance and have the will to make virtuous changes by developing appropriate compliance policies and documents at the private law level of business process regulation and inspire all staff to implement and use this tool. It has long been a postulate in pedagogy that behaviour, not words, is the first to be copied. If words are at odds with behaviour, the behaviour is perceived as a role model. Oleksandr Okunev, Olegh Boyko and Serghij Lukin, Manual for the Training Program for Persons Responsible for the Implementation of the Anti-Corruption Program (Professional Association of Corporate Management 2018) 55. Therefore, if management promotes compliance in good faith through its actions, then, according to the law of fractality, staff will also do so.

With the development of economic relations in a globalised and information society, various risks (corruption, sanctions, tax, environmental, etc.) have been growing in enterprises' business processes. These risks are caused by external and internal factors. External factors include:

insufficiently fair competitive business environment in the current climate,

the impact of the crime situation on the business landscape, which is being improved over time by changing the methods and means of offences, instability and volatility of international financial relations, which significantly affect the business landscape through the application of sanctions, growing uncertainty (demand volatility) in the business environment at the national level under the influence of globalisation of the world economy, which reduces the financial capacity to implement the compliance doctrine at enterprises, low level of awareness of small and medium-sized enterprises about the benefits of implementing compliance in business processes.

Internal factors that contribute to strengthening management control include the following:

corporate and labour conflicts,

insufficiently good business reputation of the enterprise and its management in the business environment, increased economic losses of the company due to the dynamism and unpredictability of changes in tax and sanctions legislation,

unprofessionalism or low level of professional training of compliance staff,

insufficient level of legal culture of the company's top managers.

The key trends that can harm the economic security of an enterprise are currently associated with increased globalisation and aggressive enforcement of existing rules at both the international and national levels.

The global reach of business process regulation has created new challenges generated by relocating businesses abroad. Focusing on the headquarters and a few hotspots that are the nuclei of economic activity for a large organisation (e.g., a multinational company) is no longer sufficient. Enforcement requires vigilance throughout the organisation. It also means that organisations now face potentially conflicting regulatory schemes when moving from country to country and must be prepared to adjust their compliance programme to respond to these differences. Stuart Altman and others, `Developing an Effective Compliance Strategy: Roundtable' (2015) 3(March) Financier Worldwide <https://www.financierworldwide.com/roundtable-developing-an- effective-compliance-strategy> accessed 15 October 2023.

Regulation problems, including legal regulation of business processes and control over them, are currently one of the key trends for enterprises, which can reduce efficiency. Organisations must manage existing and emerging risks, including anti-competitive behaviour, industry regulation, international trade and economic sanctions, bribery and corruption, and data protection. ibid, Eastwood.

Considering that the main purpose of compliance is to safeguard the economic interests of an enterprise from factors that may adversely affect its financial components and reputation, TV Romanchik, `Place of Compliance in Ensuring Economic Security of the Enterprise' (Actual Issues of Organization and Management of Enterprises' Activities in Modern Economic Conditions: 7th Scientific and Practical Conference, National Guard Military Academy of Ukraine, Kharkiv, 29 November 2017) 154. the role of compliance is expected to become increasingly important in the risk management of business structures in developed countries. Moreover, in developing countries, this tool will likely actively spread, further strengthening its already significant role. The need to substantiate the growing role of compliance in countries around the world is one of the main objectives of this economic and legal study.

The purpose of this study is to highlight the essence of business process compliance and assess the effectiveness of this tool in the economies of OECD member states, the EU and others in priority areas. Employing a synergistic approach characterised by a combination of methodological achievements of legal and economic sciences, the study seeks to develop proposals for regulation, including legal regulation, of compliance implementation at the international, national and enterprise levels in the context of digitalisation and sustainable development.

The issue of implementing compliance into business processes is the subject of study by practitioners and scholars of many sciences, but primarily economic and legal ones. Thus, modern scholars and specialists have studied the theoretical and methodological foundations of the compliance doctrine, substantiation of methodological approaches and practical recommendations for ensuring compliance security of an industrial enterprise. TO Kobielieva, Industrial Enterprise Compliance-Security: Theory and Methods (Planeta-Prynt 2020).

The authors describe the legal framework and analyse the content of the definitions of compliance available in the specialised literature. Danylo Ghloba, `Compliance in FPG: Features and Legal Aspects' (YouControl Blog, 22 May 2023) <https://youcontrol.com.ua/articles/komplaiens-v-fph-2> accessed 15 October 2023. They investigate the essence of its main types - anti-corruption compliance, Richard A Posthuma, `High Compliance Work Systems: Innovative Solutions for Firm Success and

Control of Foreign Corruption' (2022) 65(2) Business Horizons 205, doi: 10.1016/

j.bushor.2021.02.038. tax compliance, Emin Abliaiev, `Tax Compliance as a Tool for Ensuring the Financial Security of Enterprises' (Results of the Development of Scientific Thought - 2022: 2nd International Student Scientific Conference, Youth Scientific League, Sumy, 23 December 2022) 24. labour compliance Liliia Petrivna Amelicheva, `Anti-Corruption Compliance as an Important Element of Private Law Regulation of Labor Relations' (2021) 10 Actual Problems of Social Law 8. and others. Additionally, they clarify the role of security-oriented management tools in ensuring the economic security of an enterprise Larysa Serghijivna Liubokhynets, `Flexible Management in the Ensuring of the Economic Security of Industrial Enterprises' (DPhil (Econ) thesis, Khmelnytskyi National University 2022). Tetiana Oleksandrivna Kobielieva, `Development of Recommendations by Formation of the Integrated Indicator Complex Safety Industrial Enterprise' (2018) 48 Bulletin of the National Technical University “Kharkiv Polytechnic Institute”: Economic Sciences 46. and propose a methodology for assessing the effectiveness of compliance implementation at an individual enterprise.11 However, without detracting from the value of these scientific works, there has not yet been a comprehensive study of compliance as a means of increasing the efficiency of enterprises in countries that are important players in the global economy, have membership in the OECD, EU, etc., using the methodology of economic and legal sciences. At present, further research and scientific substantiation of criminal law issues, environmental and labour functions of compliance, and compliance monitoring are needed.

LEGAL ASPECTS

The study of the introduction of compliance into the business processes of an enterprise in the legal discourse is relevant in various areas.

Firstly, given that the compliance doctrine is constantly being improved and its theoretical provisions are being developed and reflected in legal acts, it is important to identify and study the modern system of categories in compliance at the legislative level. After all, it is now fully possible to state that compliance has been institutionalised in international standards, in the legislation of many countries, at the level of an individual enterprise whose business processes comply with the principles of compliance and integrity. The lexical and semantic field of compliance used in legislative techniques today includes the following concepts: `compliance management, `compliance risk', `compliance policies', `integrity, `compliance officer, `compliance department, etc. The study of this issue is important for the universalisation of the system of categories in compliance as a multidimensional and multifunctional phenomenon in the future.

Secondly, in the context of economic globalisation, the convergence of legal regulation of implementation of various types of compliance into business processes of enterprises in many countries of the world, which are parties to numerous bilateral and multilateral agreements in the economic and financial spheres in the international arena, is difficult. Given that many of these countries are members of various respected international institutions that produce international compliance standards, the problems of this convergence are even more acute. The lack of research on this issue in the legal discourse also directs the authors of this study to identify some of the main problems and find ways to solve them in compliance implementation in enterprises' business processes.

Thirdly, the issue of giving preference to a particular type of compliance (anti-corruption, financial, criminal, labour, environmental, etc.) at the national legislative level and the enterprise level is debatable. This issue is particularly acute for enterprises in developing countries, as compliance is not a cheap management tool.

Fourthly, according to the authors of the study, it is now important to assess the effectiveness of the application of the most leading types of compliance (anti-corruption, criminal law, environmental, financial, labour) in the economies of OECD member states and other countries, using a synergistic approach characterised by a combination of methodological achievements of legal and economic sciences. This author's approach may be controversial. However, the development of high-quality content of regulatory legal acts in the field of compliance must have an economic empirical basis. Therefore, the need for this study seems reasonable.

The Growing Role of Compliance in Countries Around the World

In the modern world, compliance strategies are implemented in all globalised countries, but in different ways. In some countries, it is active and comprehensive, while in others, it is passive and fragmented. In this study, it is important to use analytical and statistical methodological approaches to find out why compliance is implemented in different ways in enterprises around the world.

In terms of meaning and etymology, compliance (derived from the English word compliance - agreement, conformity) is derived from the verb to comply - `to comply, to obey'. `Compliance, Comply' (Cambridge Dictionary, 2023) <https://cutt.ly/Ynkd97I> accessed 15 October 2023.

The economic and legal phenomenon of compliance first emerged in the 1930s, when the Agency of the US Department of Health and Human Services began to function. The Agency began to carry out legal compliance regulation, developing rules that entrepreneurs (employers) in the pharmaceutical and food industries and their staff, especially top management, had to follow. After massive corruption scandals involving managers of American companies and government officials in the 60s and 70s of the twentieth century, the Foreign Corrupt Practices Act was adopted in 1977. This document established strict rules for controlling the anti-corruption behaviour of the staff of US employers both within the US and abroad. It introduced strict requirements for accounting and financial documentation. In other words, the legislator has made compliance more structured and systematic. Under this law, anti-corruption compliance extended to the employment relations with government officials and the relations between them and managers of companies that lobbied for certain business interests. Subsequently, the corruption scandals of the 1980s directed the development of anticorruption compliance not only to comply with the mandatory provisions of anticorruption legislation but also with ethical business rules. Natalija Smetanina and Dar'ja Popova, `The Importance of Implementing Compliance Programs to Increase the Transparency of Ukrainian Business' (2018) 3 Law Review of Kyiv University of Law 267-8. Compliance as a tool for security-oriented enterprise management has gradually been implemented in all sectors of the economy and in various areas of business processes of enterprises, where new positions of compliance officers (compliance managers) were introduced, or separate compliance departments were created as independent structural units.

Currently, professional associations of compliance officers (compliance managers) are already operating in many countries. One of the largest of them, the SCCE & HCCA (Society for Corporate Compliance and Ethics & Healthcare Compliance Association), which operates in the United States, already has 19,000 members worldwide as of the end of 2022. The SCCE & HCCA exists to advocate for ethical practice and compliance standards and to provide the necessary training, publications, certification and other resources for ethics and compliance professionals. Society of Corporate Compliance and Ethics and Health Care Compliance Association, Annual Report 2022 (SCCE HCCA 2023).

Another international association of professionals in this field is the International Compliance Association (ICA), a company established in the UK in 2001. It is represented in more than 50 jurisdictions, has regional offices in Dubai and Singapore, and has more than 10,000 members who exchange information and experience on the ICA's website. Natalija Smetanina, `International Experience of Implementing Corporate Compliance as a Means of Preventing Corruption in the Private Sector' (Effective Criminal Justice System as a Factor of Sustainable Economic Development: III Panel Discussion of the Second Kharkiv International Legal Forum, Yaroslav Mudryi National Law University, Kharkiv, 27 September 2018) 110.

Such organisations are created not only in developed countries. The Ukrainian Network of Integrity and Compliance (UNIC), established in Ukraine in 2017 at the initiative of Ukrainian business, is a community of practitioners in various areas of compliance and ESG to share global challenges, knowledge, and tools to address new problems with unfair business practices. The Business Ombudsman Council of Ukraine, the Organisation for Economic Cooperation and Development, and the European Bank for Reconstruction and Development supported the initiative to create UNIC in Ukraine. The purpose of the UNIC community is to promote compliance and business integrity and, accordingly, improve the business environment in Ukraine. `About the Network' (Ukrainian Network of Integrity and Compliance (UNIC), 2023) <https://unic.org.ua/en/about-us/about-the-network> accessed 15 October 2023.

There is a problem with the official recognition of the compliance officer profession in countries around the world. As a rule, this profession is officially recognised in developed countries such as the United States, Canada, etc. and is among the most prestigious. This is because the compliance officer is perceived as a courageous and incorruptible defender of the business, endowed with the ability to make balanced and strong-willed decisions, with organisational design skills and the ability to develop his or her people. Olena Lynnyk, `Work in Compliance' (2017) 7/8 Ukrainian Lawyer 18.

In developing countries, the profession of `compliance officer' is not included in the nomenclature of professions, and HR departments are forced to use the names of professions that are directly related to the internal/external control of the organisation's activities, the development of corporate standards or are characterised by certain labour functions inherent in the compliance system. In Ukraine, for example, the following professions replace the title `compliance officer': manager (administrator) of administrative activities (CP code 1475.4); corporate governance professional (CP code 2413.2); corporate governance specialist (CP code 3411). DK 003:2010 National Classifier of Ukraine: Classifier of Professions <https://zakon.rada.gov.ua/ rada/show/va327609-10#Text> accessed 15 October 2023.

In developing countries, compliance remains a relatively new concept for businesses. Introducing a compliance function allows participants in all business segments to operate more efficiently. It contributes to an atmosphere of trust and transparency both in the domestic market and on the global stage. Incorporating compliance measures into daily operational processes will help to minimise risks and introduce the right business culture in accordance with both national and international legislation. Olena Dubovsjka, Anatolij Udivanov and Olena Boghusheva, `Compliance in Agribusiness' (2019) 12 UNIC Digest of Business Integrity <https://www.kernel.ua/wp-content/uploads/2020/01/unic-digest- 12_ukr.pdf> accessed 15 October 2023.

To help businesses worldwide, the International Organisation for Standardisation (ISO) has developed ISO 37301:2021 `Compliance management system - Requirements with guidance for use'. Implementing such a standard in an enterprise is a responsible and expensive undertaking. Therefore, the introduction of an effective compliance system is primarily carried out by large businesses (corporations, banking financial groups, holdings, etc.) with an extensive corporate structure and many divisions and employees worldwide. Small and medium-sized businesses with an effective compliance control system are also significantly protected in the economic and legal sphere. However, this is unacceptable to everyone, as compliance is not a cheap tool. To help small and medium-sized businesses implement it, it is necessary to provide interested entrepreneurs with the opportunity to master this tool on favourable terms through business incubators. It is also necessary to assist such businessmen in calculating the cost of implementing compliance in the most problematic areas of business processes and, importantly, to standardise this tool based on ISO 37301:2021 `Compliance Management System - Requirements with Guidelines for Use'. ISO 37301:2021 Compliance Management System: Requirements with guidance for use <https://www.iso.org/standard/75080.html> accessed 15 October 2023.

G. Shaw, Chairman of the Technical Committee of the International Organisation for Standardisation (ISO), rightly notes that `compliance is not only about avoiding fines and should not be limited to one department. It is everyone's business. Organisations want to work with companies they can trust. And trust is based on a corporate culture of doing the right thing, where every employee contributes because they understand the importance of doing so and believe in its importance. The key to this is good leadership and clear values that must come from the top'. Serghij Lysenko, `The New Standard in the Field of Compliance Systems ISO 37301:2021' (GRACERS, 2021) <https://gracers.com/pres-centr/iso-373012021-novyy-standart-v-oblasti-komplaens-sistem/> accessed 15 October 2023.

Thus, there is already an international standard based on which compliance can be implemented in the business processes of an enterprise in any country. It should be noted that governments, especially those of developing countries, do not always have the political will to extend this tool to the national business environment to develop a strategic document on the phased implementation of the compliance system, especially at state-owned enterprises engaged in foreign economic activity and contributing to the creation of an internationally respected image of their country in the world.

Theoretical Framework

The theoretical foundations for forming and developing the modern compliance doctrine are diverse and multifunctional. Such principles include the concept of sustainable development, the most promising ideology of the 21st century, supported by all world leaders of the UN member states at the Millennium Summit in New York in September 2000 and the UN Summit on Sustainable Development in September 2015. Liliia Petrivna Amelicheva, Theoretical and Axiological Principles of Legal Regulation of Decent Work in Modern Conditions of State Formation (Tvory 2020) 50-1. Global Sustainable Development Goals aimed at ultimately ensuring the balanced development of civilisation through a careful attitude to natural resources and the internalisation of external environmental influences by taking into account the economic reporting of enterprises (environmental component), through responsible consumption and production, decent work and economic growth, in particular, at the enterprise level, which is achieved through moderate management, one of the means of which is compliance management (economic component), through the fair distribution of goods, including through the payment of fair decent wages to employees at the enterprise level (social component).

In the context of the transformation of post-industrial society into information and the increased digitalisation of business processes, the theory of financial policy of the enterprise is of great importance. This theory is based on the balance between the transparency of financial reporting and the information security of the enterprise. Svitlana Bevz and others, `Confidential Information and the Right to Freedom of Speech' (2021) 10 International Journal of Criminology and Sociology 648, doi:10.14505//jarle.v11.4(50).12. When implementing compliance and developing compliance policies (the ideological component), a modern enterprise must be based on the principles of both sustainable development and decent work.

Developing compliance policies at any enterprise is based on Lindenberg's Goal-Setting Theory (GFT), which ensures the formation of multi-purpose benefits. Julien Etienne, `Compliance Theory: A Goal Framing Approach' (2011) 33(3) Law & Policy 305, doi:10.11 n/j.1467-9930.2011.00340.x. This theory allows us to formulate new compliance goals and change the traditional ones from time to time, which allows this tool to constantly improve and respond to new challenges and threats to economic relations in the business environment in a timely manner.

Since the doctrine of compliance is centred on the theory of risk, which is implemented for enterprises through a few risk management mechanisms, MV Savchenko and VYu Vyshnevskyi, `Directions for Increasing the Effectiveness of Risk

Management in the Context of Integrated Risk Assessment of Enterprises in the Electric Power Industry' (2023) 1 Economic Bulletin of Dnipro University of Technology 114,

doi:10.33271/ebdut/81.090. it should be noted that this doctrine is closely linked to the theory of economic security, Tetiana Tkachenko, `The Genesis of the Development of Economic Security Theory and a Systemic Approach to its Treatment' (2021) 19 Economic Bulletin of National Technical University of Ukraine “Kyiv Polytechnical Institute” 20, doi: doi:10.20535/2307-5651.19.2021.240451. in which the risk theory is also the core. Ensuring the economic security of enterprises as competitive entities involves implementing a certain aspect of management aimed at the formation, development and realisation of their competitive advantages. MV Savchenko and OV Shkurenko, `Management of the Competitiveness of the Enterprise in the Context of Provision of Economic Security' (2019) 3 Visnik of the Volodymyr Dahl East Ukrainian National University 156. The development of competitive advantages is the most important condition for an enterprise to get super profit and strengthen its economic security. Larysa Shaulska and others, `Strategic Enterprise Competitiveness Management under Global Challenges' (2021) 20(4) Academy of Strategic Management Journal <https://www.abacademies.org/ articles/strategic-enterprise-competitiveness-management-under-global-challenges-10917.html> accessed 15 October 2023. In addition, the specialised literature notes that compliance as a set of preventive measures aimed at monitoring potentially negative factors and trends that can cause economic damage to an enterprise is currently considered a promising direction for developing economic security theory. TV Romanchyk, `Compliance Risks in the System of Ensuring Economic Security of the Enterprise' in OV Prokopenko, VYu Shkola and VO Shcherbachenko (eds), Management of the Innovative Component of Economic Security: Management of the Innovative Basis of the Financial and Investment Component of Economic Security, vol 3 (Trytorija 2017) 270.

Management theory, which considers an organisation as a system in the unity of its parts and links with its external environment, has an equally important influence on the formation of the compliance doctrine Hubert Spahn, `Effective Compliance Management Reduces Liability Risks' (DQS Holding

GmbH, 26 January 2022) <https://www.dqsglobal.com/intl/learn/blog/effective-compliance-

management-reduces-liability-risks> accessed 15 October 2023. and the theory of fractality, according to which any subsystem also has the characteristic properties of the system. LD Garmider, `Fractal approach to staff potential development of trading enterprise' (2014) 3 Scientific Bulletin of Poltava University of Economics and Trade: Economic Sciences 154. These theories allow the business environment to form an understanding that there is only one enterprise management system, into which standards-based tools are integrated to improve it, such as compliance, implemented based on ISO 37301:2021, `Compliance Management System - Requirements with Guidelines for Use'. Also, these theories contribute to maintaining axiological values in the enterprise that are important for compliance (integrity, openness, transparency, social responsibility, and zero tolerance for corruption). If senior management strongly supports compliance policies based on such axiological principles, then the same positive attitude will be towards these policies and the entire staff.

Important theoretical provisions are currently formed in the compliance doctrine itself. Specialist literature notes three structural (organisational) models of compliance management existing in practice. Tetiana Oleksandrivna Kobielieva, `Organizational Compliance Structure in Industrial Enterprises' (2018) 47 Bulletin of the National Technical University “Kharkiv Polytechnic Institute”: Economic Sciences 127. This literature substantiates the importance and necessity of introducing an independent compliance unit into the organisational structure of an industrial enterprise, the functioning and management of which is carried out based on a centralised, decentralised, or combined structure. Kobielieva (n 5) 313.

The first model of compliance is a centralised structure, the specificity of which is that one compliance officer is responsible for the entire compliance function, regardless of its scope. Okunev, Boyko and Lukin (n 1) 50. In such circumstances, compliance controllers report to business unit managers or directly to the head of the compliance function. In this case, the head of the compliance service is responsible for the effectiveness of the organisation and operation of the compliance system, the fulfilment of its tasks and powers, and the implementation of compliance policies. The head of the compliance function may be a separate structural and personnel unit or may combine this position with another, for example, the head of the legal or accounting department.

The second model of compliance is a decentralised structure, which is characterised by the fact that the head of the compliance service is responsible for one or more components of the system, for example, only anti-corruption compliance issues (for him/her, compliance is an additional function). ibid 51. Labour law compliance is handled by the HR department, tax compliance is handled by the finance or accounting department, antitrust and corporate governance compliance is handled by the legal department, etc. Each of the department heads is responsible for risk assessment, preparation and implementation of policies and procedures, and staff training.

The third model of compliance is a combined structure based on a combination of positive features and qualities of centralised and decentralised structures. Under this structure, the chief compliance officer is responsible for general management, organising training for management and staff, organising interaction with all company units on compliance issues, monitoring compliance, organising and participating in internal investigations, and communicating with external partners on compliance issues. Each department head is responsible for risk assessment, preparation and implementation of policies and procedures in their respective priority areas. ibid 51-2.

Often, more profitable and experienced companies prefer a combined structure. After all, it can combine the positive and diverse characteristics and qualities of both centralised and decentralised structures, which in turn allows to minimise the disadvantages inherent in the organisation of compliance at enterprises to a negligible level.

Specialist literature also suggests that there is no ready-made compliance model. ICC Commission on Competition, The ICC Antitrust Compliance Toolkit: Practical Antitrust Compliance Tools for SMEs and Larger Companies (ICC 2013). Each company should create a model that meets its needs and risks. The form of such a compliance group should reflect both the risks faced by the company and its internal business and organisational structure.

The compliance doctrine identifies the stages of implementation of compliance in the business processes of the enterprise. Ukrainian Network of Integrity and Compliance (UNIC), `Compliance: Basic Principles of Risk Identification and their Minimization: Instruction' (UNIC, 25 October 2022) <https://unic.org.ua/ en/news/proponuyemo-dostupnu-instrukciyu-osnovni-principi-viyavlennya-rizikiv-ta-yih-minimizaciyi- 376/> accessed 15 October 2023.

In the first stage, an external compliance audit of the company's processes and internal and external documentation is conducted by independent compliance specialists. Next, in the second stage, a compliance officer is appointed and their work is coordinated, or alternatively, the the functions of compliance may be delegated to the legal department. Following this, the third stage involves the implementation of tolls to eliminate/minimise identified risks, the development/improvement of internal policies, acts and procedures, amendments to corporate and labour documents, adjustments to contracts, and the conducting of training (both internal and external - for the company's counterparties). After that, the fourth step entails implementing a system for assessing and managing compliance risks through the documents mentioned above, job responsibilities and control mechanisms. In the fifth stage, the focus shifts to systematically training existing and new employees, as well as key counterparties, to comply with the rules set out in compliance policies, considering the specifics of their functions. In the sixth stage, the effectiveness of internal compliance documents is regularly monitored, with periodic reviews and updates (at least once a year) to accommodate changes in legislation, law enforcement practices of state authorities, and the emergence of new risks.

In the specialised scientific literature, compliance theory defines many different types of compliance. This variety depends on the specifics of the business processes in which the tool is used. Compliance may be aimed at 1) prevention of money laundering; 2) counteraction to financial support of terrorism; 3) security of banking activities; 4) protection of intellectual property and innovation activities of the enterprise; 5) preservation of natural and production environment; 6) ensuring antitrust policy of the enterprise; 7) ensuring stability and efficiency of the insurance, securities market, listing. Mykyta Mozharovskyi, `Business Entity Compliance: Concepts, Types and Principles' (2021) 2 Law Review of Kyiv University of Law 205-6.

Based on the purpose of implementing compliance in business processes, the following special types of compliance can be identified (Tab. 1). Compiled by the authors on the basis of Mozharovskyi (n 39); `Types of Compliance and when it may be Needed' (YouControl Blog, 9 November 2020) <https://youcontrol.com.ua/articles/compliance_ guide/> accessed 15 October 2023.

This typology of compliance is sufficient to identify priority areas, but it should be noted that the typology of compliance is constantly being improved. Currently, there is a need to study another type of compliance - sales compliance.

Business processes and the business environment are constantly changing; some types of compliance are becoming more popular, while others are already playing a secondary role.

Table 1. Special types of compliance and their purpose

OVERVIEW OF COMPLIANCE LEGISLATION AND REGULATIONS

International acts, extraterritorial legislation (legislative acts of general action) and regulatory acts are the basis that mediates organisational, legal and methodological requirements for the implementation and use of compliance in business processes of enterprises.

International acts from influential global institutions regulating compliance issues include the following:

The UN Convention against Corruption of October 31 2003, which for the first time obliged UN Member States to establish criminal liability in their national legislation for the following acts: bribery of national and foreign public officials and officials of intergovernmental organisations; theft, misappropriation or other misuse of property by a public official; abuse of influence (pressure, promise of favour, etc.); abuse of office; illicit enrichment of a public official; bribery in private, United Nations Convention against Corruption (UNGA Res 58/4 of 31 October 2003) <https://www.refworld.org/docid/4374b9524.html> accessed 15 October 2023.

The UN Declaration on Combating Corruption and Bribery in International Business Transactions of December 16 1996, the provisions of which are aimed at promoting the social responsibility of private and public corporations, including transnational corporations, and individuals engaged in international business transactions. The declaration emphasises the application of appropriate ethical standards, in particular by complying with the laws and regulations of the countries in which they conduct their business operations and taking into account the economic and social consequences of their activities. To this end, the Declaration states that UN Member States, both individually and through international and regional organisations, will take measures consistent with the constitution and fundamental legal principles of each State and relevant national laws. These measures are intended to be effective and concrete in combating all forms of corruption, bribery and other corrupt practices in international commercial transactions, United Nations Declaration against Corruption and Bribery in International Commercial Transactions (UNGA Res 51/191 of 16 December 1996) <https://www.refworld.org/docid/ 5290addf4.html> accessed 15 October 2023.

The OECD Conventions are important conventional mechanisms for combating bribery of foreign public officials in international business transactions and combating base erosion and profit shifting within the OECD. Anatolij Petrenko, `Conventional Regulation of International Cooperation within the Framework of the OECD' (2020) 2 Law Review of Kyiv University of Law 478. The main document in this group is the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions of December 17 1997, according to which each OECD Member State will take all necessary measures to establish that, under national law, the knowing offer, promise or giving, directly or indirectly, of any material, pecuniary or other advantage by any person or entity to or for the benefit of a foreign public official is illegal. OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (adopted on 17 December 1997) <https://www.oecd.org/corruption/oecdantibriberyconvention.htm> accessed 15 October 2023. This group also undoubtedly includes the Convention on Mutual Administrative Assistance in Tax Matters of January 25 1988, as amended by the Protocol of May 27 2010, OECD Convention on Mutual Administrative Assistance in Tax Matters <https://www.oecd.org/ tax/exchange-of-tax-information/convention-on-mutual-administrative-assistance-in-tax- matters.htm> accessed 15 October 2023.and the Multilateral Convention for the Implementation of Tax Treaty-Related Measures to Prevent Base Erosion and Profit Shifting of November 24 2016. OECD Multilateral Convention to Implement Tax Treaty Related Measures to Prevent Base Erosion and Profit Shifting (adopted on 24 November 2016) <https://www.oecd.org/tax/treaties/multilateral- convention-to-implement-tax-treaty-related-measures-to-prevent-beps.htm> accessed 15 October 2023. The provisions of these documents were adopted to establish an effective taxation mechanism in the OECD member states and other signatory states,

The Council of Europe Criminal Law Convention on Corruption ETS No. 173 of January 27 1999 Council of Europe Criminal Law Convention on Corruption (ETS 173 adopted on 27 January 1999) <https://rm.coe.int/168007f3f5> accessed 15 October 2023. is an important anti-corruption standard primarily for European countries. The document's provisions oblige the member states of the Council of Europe and other signatories to the Convention to implement a common criminal policy aimed at protecting society from corruption, including the adoption of relevant regulations and preventive measures, as a matter of urgency.

Extraterritorial legislation includes several important laws that, although adopted at the national level in some highly developed countries, have a significant impact on other countries whose businesses are closely interconnected and develop based on compliance.

It is well known that the first law to provide for criminal liability for corruption offences abroad was the Foreign Corrupt Practices Act (FCPA), which was enacted in the United States in 1977 to prevent and deter bribery of foreign government officials, increase transparency in financial reporting, and create a competitive environment for companies operating abroad. The FCPA considers corruption offences committed by publicly traded companies to be particularly dangerous, as such actions undermine the stability of the US financial system. US Foreign Corrupt Practices Act 1977 <https://www.justice.gov/criminal/criminal-fraud/foreign- corrupt-practices-act> accessed 15 October 2023.

Another significant law in the field of corruption prevention is the UK Bribery Act, which came into force on July 1 2011. UK Bribery Act 2010 <https://www.legislation.gov.uk/ukpga/2010/23/contents> accessed 15 October 2023. Given that this law was adopted much later than the FCPA and taking into account the experience of FCPA enforcement, its differences from the FCPA are quite understandable and predictable: 1) it has similar objectives but stricter provisions;

it has a broader interpretation of violations; 3) it provides for liability not only for bribery of government officials but also for commercial bribery. Okunev, Boyko and Lukin (n 1) 21.

Another important piece of legislation is the Sarbanes-Oxley Act, passed on July 30 2002, which set new or improved standards for all US public company boards, management and audit firms. Sarbanes-Oxley Act 2002 <https://sarbanes-oxley-act.com> accessed 15 October 2023.

It is also important to note the French legislative framework (group of laws) on anticorruption SAPIN II, adopted on October 10 2016. Sonia Cabanis, `The Fight Against Corruption: The Sapin II Act, its pillars and their implementation'

(Deloitte, February 2023) <https://www2.deloitte.com/content/dam/Deloitte/fr/Documents/

risk/Book_Loi_Sapin_II_UK_V3.pdf> accessed 15 October 2023. The main provisions of the SAPIN II Law provide for the mandatory implementation of an anti-corruption compliance programme for French companies of a certain size. Companies may be fined for noncompliance. In addition, SAPIN II Law introduced a criminal settlement procedure, expanded the extraterritorial application of French criminal law in matters of international corruption and strengthened the protection of whistleblower status.

Regulatory acts include:

The Basel II of June 26 2004, document of the Basel Committee on Banking Supervision `International Convergence of Capital Measurement and Capital Standards: New Approaches', which contains methodological recommendations in the field of banking regulation. The main goal of the Basel II Accord is to improve the quality of risk management in banking, which, in turn, should help strengthen the stability of the financial system as a whole, Basel II: International Convergence of Capital Measurement and Capital Standards: A Revised Framework (comprehensive version) <https://www.bis.org/publ/bcbs128.htm> accessed 15 October 2023.

The Health Insurance Portability and Accountability Act (HIPAA), adopted on August 21 1996 to modernise the flow of health information and to provide for how personal information held by healthcare providers and health insurance industries should be protected from fraud and theft, Health Insurance Portability and Accountability Act 1996 <https://www.govinfo.gov/app/ details/PLAW-104publ191> accessed 15 October 2023.

standards and codes of practice, such as the 1996 Guide to Supply Chain Operations

(SCOR), Sarah K White, SK `What is SCOR? A Model for Improving Supply Chain Management' (CIO, 13 August 2021) <https://www.cio.com/article/222381/what-is-scor-a-model-for-improving-supply- chain-management.html> accessed 15 October 2023. an inter-industry standard and diagnostic tool in supply chain management of the Supply-Chain Council (a global non-profit consortium), ISO 9000:2015 `Quality management systems - Fundamentals and vocabulary, that describes the fundamental concepts and principles of quality management that can be universally applied to organisations seeking sustainable success through the implementation of a quality management system, ISO 9000:2015 Quality Management System: Fundamentals and Vocabularu <https://www.iso.org/ obp/ui/en/#iso:std:iso:9000:ed-4:v1:en> accessed 15 October 2023.

contracts with business partners,

corporate (internal) rules of local action (e.g., ethical standards of behaviour that are

established and relevant to a particular area of activity).

A very important and widely discussed event was the adoption and entry into force of ISO 37301:2021 `Compliance Management System - Requirements with guidance for use, ISO 37301:2021 (n 20). which established a single international standard for anti-corruption compliance in business. On the one hand, the document is often criticised, noting that the conditions of different businesses in different countries are so different that any standard in this area is currently incorrect. On the other hand, for companies established and operating in transition economies, such a standard is an excellent guide for developing and implementing their own anti-corruption programme, a "hint" both in terms of its structure and the content of certain measures to be implemented. Okunev, Boyko and Lukin (n 1) 21.

Such compliance with legal norms and requirements of legislation, standards and ethical norms (codes of conduct) may relate, in particular, to combating corporate fraud and corruption (anti-corruption compliance), antitrust regulation (antitrust compliance), personal data protection (information compliance), labour relations (labour compliance), etc.

METHODOLOGY

The information base of the study includes statistical data from analytical agencies, factual data from monographic and periodical literature, reports of international organisations, in particular the Organisation for Economic Co-operation and Development (OECD), regulatory documents, legislative acts that form the regulatory framework for compliance implementation in countries around the world, etc.

Due to the general scientific synergistic approach to the study of compliance, the work combines the methodological achievements of economic and legal sciences.

The methodological apparatus of the study includes such methods as methods of mathematical calculations and graphical methods for assessing the degree of compliance implementation in countries around the world; probabilistic methods for providing recommendations for management actions and testing for clustering countries around the world.