Business Process Compliance

Process compliance is the regulation and maintenance of industry standards and guidelines.

Most industries have standards and guidelines relating to the execution of their business processes. Some of these are actual laws and non-compliance can result in stiff penalties or even jail time for company officers. Several examples are listed below:

• ANSI – American National Standards Institute
• ISO – International Standards Organisation
• HIPAA – Health Insurance Portability and Accountability Act
• SOX – Sarbanes–Oxley Act

What differentiates process compliance from just compliance?

Process Compliance specifically means ensuring that an organization’s business processes follow all relevant internal policies, industry standards, legal regulations, and ethical guidelines. It’s about making sure the way work is done adheres to the rules.

While compliance is the overall act of following rules, process compliance focuses on how those rules are implemented within specific business activities and workflows. Think of it this way: compliance is the “what,” and process compliance is the “how” within the context of business operations.

Process compliance involves the regulation and maintenance of industry standards and guidelines within an organization’s processes. Many industries have specific standards and laws for how business should be conducted, and failing to comply can lead to serious penalties. As businesses grow internationally, this becomes even more complex due to different countries having different rules, like the US SOX and Germany’s Deutscher Corporate Governance Kodex.

Here are some examples to illustrate the difference:

• GDPR Compliance: A company must meet GDPR requirements. Process Compliance: Implementing a process to get user consent on their website.
• AML Compliance: A bank needs to follow anti-money laundering rules. Process Compliance: Having a “Know Your Customer” process for new clients.
• Environmental Compliance: A factory must adhere to waste disposal laws. Process Compliance: Defining a process for properly disposing of hazardous waste.
• HIPAA Compliance: A hospital must protect patient data. Process Compliance: Having a secure process for accessing electronic health records.

---

To address these issues organisations are increasingly turning to specialised software or consultancies. In addition, to hiring a significant compliance department along with a chief compliance officer (CCO). The main responsibilities of this department and/or CCO is to both maintain compliance and pass compliance audits. These compliance audits are not static, they vary on a variety of factors including industry, size, data and a myriad of other circumstances.

However, once these things are in place they can provide training for the rest of the organisation leading to an effective compliance process. Therefore, it’s a good investment to get these things in place so that as new compliance audits come in, you’re ready to make the necessary adjustments in a quick cost-effective manner.

Further resources on Process Compliance:

• Read our process improvement plan
• Business Process Management Common Body of Knowledge (BPM CBOK, Version 4.0 2019), The Association of Business Process Management Professionals

Related Links:

• Compliance
• Why audits are not enough for social responsibility
• Governance Risk and Compliance (GRC)

---

Explore more about different process improvement terms in our BPM Glossary.