From the words of the former Deputy Attorney General of the United States, the renowned prosecutor Paul McNulty:

"The cost of non-compliance with rules is extremely high and can be extremely severe. If you consider a compliance system to be an expensive and unnecessary attribute, try not complying with compliance requirements at least once", – he noted with irony.

In Uzbekistan, the term "compliance" was initially perceived as a new and unfamiliar concept. However, today, this system is recognized at the government level as one of the most important tools for strengthening the legal foundations of the "New Uzbekistan" and a key factor in the successful implementation of ongoing reforms.

Compliance – a necessity or obligation?

In particular, in Uzbekistan, the question arises: what specific benefits does the implementation of a compliance control system provide to companies, and especially to joint-stock companies with state participation?

At the state level, the issue of domestic companies entering foreign markets and building equitable and mutually beneficial cooperation with foreign partners has always remained relevant.

In this regard, the tasks of improving the investment climate, attracting new investors, primarily foreign direct investment, into the national economy, establishing the production of industrial products with high added value, and introducing advanced modern equipment and technologies continue to be a priority on the agenda of the country's leadership.

Solving the problems of this scale requires guaranteed compliance with anti-corruption requirements and regulations, objective and professional risk assessment in production processes, business and financial transactions, procurement and sales of products, and administrative procedures. And most importantly, the implementation of an effective, efficient, and proportionate compliance control system capable of preventing and minimizing these risks is required.

It is the professional and systematic solution of these problems that constitutes the primary function of the compliance system.

Why is this system important?

The history of compliance control dates back almost a century. Its development was sparked by major corruption scandals in the United States, including the infamous Watergate scandal.

In 1977, the Foreign Corrupt Practices Act (FCPA) was passed in the United States. This law established requirements for monitoring the financial statements of US companies, defined the minimum standards for such reporting, and introduced rules regulating interactions between large companies and government officials.

In the next stage of compliance development, the development of regulations alone was no longer sufficient. Companies began to be required not only to comply with legal norms but also to develop their own codes of business ethics and to strictly adhere to established ethical standards.

In particular, in the 1990s, the Federal Sentencing Guidelines were adopted in the United States. Within the framework of these documents, recommendations were developed for the creation of effective ethical management and compliance control programs, which were widely implemented in the activities of companies.

In 2004, these guidelines were supplemented with provisions requiring top managers of major companies to be aware of the key requirements of compliance programs, strictly adhere to them, and set a personal example for employees when implementing these programs.

The bankruptcy of the energy corporation ENRON in 2001 had a significant impact on the further development of the compliance system. The bankruptcy was caused by serious management misconduct, a disregard for compliance requirements, the widespread use of offshore asset and financial asset allocation schemes, and the concealment and falsification of financial statements.

The bankruptcy of such a large company triggered a so-called "domino effect." Criminal charges were initiated by US federal authorities against the audit firm Arthur Andersen, which provided an opinion on ENRON's financial statements. A similar situation also affected companies such as WorldCom and Qwest Communications, which were subsequently declared bankrupt.

As a result of these events, the Sarbanes-Oxley (SOX) Act was passed at the initiative of US legislators. This law tightened financial reporting requirements for companies and formally obligated them to submit reports to US regulators.

Following the scandal, most large US companies revised their business strategies, created compliance departments and ethics committees, and significantly strengthened internal compliance requirements.

In a number of countries, compliance systems were initially implemented in the banking sector, with the function of an effective tool for combating money laundering through monitoring banking transactions and financial flows.

Over time, the functions, tasks, rights and powers of compliance departments have consistently expanded and strengthened, and compliance control is now recognized as one of the most effective internal anti-corruption mechanisms.

The term "compliance" means adherence to requirements and conformity with established rules and regulations. In business, this term refers to a company's compliance with international ethical business standards, as well as strict adherence to national legislation and internal codes.

The absence of an effective compliance system in a company can have serious consequences: damage to its business reputation, sanctions, restrictions on operations, multi-million dollar fines, and ultimately, bankruptcy.

The path to introduction of compliance control system

In the context of globalized markets, every company planning to enter international markets or already operating in them is obliged to ensure the effective organization and functioning of internal anti-corruption mechanisms.

To ensure the true effectiveness of the system, it is necessary to objectively and thoroughly assess the degree of corruption vulnerability in all areas of activity, identify high-risk areas, and take effective measures to eliminate or minimize them.

In practice, the most common types of compliance risks are:

Reputational risks are the risk of negative information about the company, its management, shareholders, founders, affiliates, and beneficiaries being disseminated in the media.

Legal risks are the risk of violating legal requirements and regulatory acts, including international sanction regimes.

Corruption risks are risks arising during financial and economic activities, including fraud, conflicts of interest, and other violations.

Business risks are risks associated with the violation of internal procedures, lack of proper controls, and insufficient transparency and accountability.

Compliance control program should address not only these risks but also any other risks that could impact the company's performance.

It is important to emphasize that the compliance system does not replace the functions of lawyers, auditors, economists or analysts. It applies to all the areas of the company's operations and requires the coordination of all departments within the framework of uniform ethical standards.

The ultimate goal of implementing a compliance system is to create effective mechanisms for identifying and continuously analyzing potential corruption areas of activity, as well as the timely detection of legal and financial risks and the adoption of measures to eliminate them.

Effective compliance system ensures comprehensive protection of the company's interests from legal, tax, economic, reputational, and sanctions risks.

Another equally important objective of compliance is to foster an atmosphere of intolerance to corruption within the company, developing a corporate culture of integrity and commitment to high ethical standards.

Across all areas and functions of the company's activities (including the tasks, functions and responsibilities of executives, management personnel, engineering and technical staff), it is necessary to organize the identification and initial assessment of existing and potential corruption risks, as well as the development of a compliance system and internal regulations. All this serves as the foundation for creating an effective compliance control system.

In the next stage, the developed documents are implemented, and their integration is continuously reviewed and analyzed as part of compliance monitoring and compliance control activities.

Effective compliance structure typically includes regular monitoring and control functions in the following areas:

• All sectors, areas, and lines of the company's operations, including financial and economic activities, procurement and sales, human resources management (HR), investment projects, contracting, warehouse operations, accounting and reporting, asset management, the lease and sale of land, buildings and structures, equipment and machinery, fuel and lubricants, charitable and sponsorship activities, the procedure for giving and receiving gifts by officials, and ongoing production activities – all of these must be monitored for strict compliance with internal regulatory and local compliance system documents, as well as compliance with ethical business standards;
• monitoring potential and actual conflicts of interest, that is, situations where an employee's personal gain (direct or indirect) may influence or be expected to influence the performance of their official duties, as well as cases where personal interest conflicts with the interests of the company or the state; submitting proposals to the Ethics Commission to resolve such conflicts;
• ensuring compliance with anti-monopoly laws and competition development requirements;
• introduction of modern digital mechanisms for verifying the reliability of partners, investors, customers, suppliers, contractors, and intermediaries;
• monitoring compliance with measures to protect confidential information, including the personal data of partners and company employees;
• regularly reviewing and analyzing the compliance of internal regulatory documents with current legislation, and preparing proposals for bringing them into compliance with new requirements and amendments;
• monitoring company management's compliance with employee rights, and ensuring compliance with labor laws and internal discipline;
• ensuring compliance with anti-corruption, anti-money laundering, and countering the shadow economy laws, as well as other similar regulations.

There's a common misconception that compliance controls hinder business development and production. In fact, if the system is built correctly, this doesn't happen.

Introduction of internal regulations and procedures, a careful and objective review of existing business processes, optimization of company expenses, and cost reduction are all accomplished with the active participation of compliance departments which act as the leading unit in these matters.

Overall, compliance control has already proven its effectiveness in practice: it ensures sustainable business development and protects the company's interests from potential and actual threats and risks.

How are the results evaluated?

The effectiveness of compliance system in any company is assessed by the following criteria:

• The number of identified and prevented cases of fraud, corruption crimes and violations, as well as the number of practical measures taken to identify and prevent other business threats;
• risk and threat mitigation, the amount of financial losses prevented, the amount of savings, measures to prevent bankruptcy and minimize the likelihood of sanctions from international and national regulators, including local authorities and territorial regulatory bodies;
• systematic and ongoing monitoring of identified and assessed corruption risks;
• the level of development of the internal corporate culture;
• increased competitiveness of the company in the global market and increase in its stock price;
• improved business reputation and authority of the company in the international arena.

Uzbekistan is at the initial stage of active implementation of compliance control systems.

This process was officially launched in October 2020.

In a historically short time, the system has proven its viability and necessity, which was recognized at the national leadership level.

Like any innovation, the national compliance system faced certain challenges: difficulties in document development, misunderstandings, and even resistance during its implementation. All of this should be objectively assessed as a natural process.

Therefore, every company must systematically train its employees, especially compliance specialists, study international experience, continually improve their skills, and comprehensively support the system during its implementation.

In this process, it is crucial to leverage international experience and adapt the best modern compliance practices to the specific circumstances of Uzbekistan.

Only then will the compliance system become a key advantage for the successful integration of Uzbek businesses into the global economy.

Shukhrat Juraev,

Head of Compliance Service of JSC Almalyk MMC