Compliance Breach Policy Template

What is a Compliance Breach?

The general definition of a compliance breach is any divergence from a standard operating procedure (SOP). Such divergence usually results in a failure to meet the required compliance standards. These can be regulatory, contractual or legal standards. Some industries also follow specific codes of conduct which require the following of defined procedures.

It is essential that a business who has to follow rules or regulations has a Compliance Breach Policy and Procedures in place. This provides employees with the steps to take should a breach occur. It can also document what can be classed as a breach and what the reporting lines are.

Compliance breaches can result in emotional, reputational and/or financial damage to individuals, entities or the business itself. It certain instances, breaches can also result in fines and penalties, such as with GDPR breaches or AML breaches.

How Can Compliance Breaches Occur?

Breaches in terms of external violations are usually dealt with under the Information Security Program. These can include breaches of firewalls, malware or viruses. They can also relate to physical security breaches such as unauthorised access.

The internal compliance breaches referred to in this article usually result form human error and can include (but are not limited to): –

  • Data protection breaches (i.e. disclosed personal data or violating an individual’s personal data rights)
  • Not performing adequate due diligence on customers
  • Not screening employees prior to employement
  • Inadequate transaction monitoring relating to money laundering
  • Failing to turn off phone recording when taking a customers’ credit card information
  • Not providing easy to access complaint handling procedures
  • Disclosure of system/confidential data to unauthorised personnel or third parties
  • Not following mandatory regulatory procedures (i.e. those set by the FCA for authorised firms)