Experience Azeus Convene

Learn how Azeus Convene can give you a great meeting experience. Get a 30-day free trial with no cost or obligation

All fields marked with * are required

United Kingdom (+44)
(+44) *
Convene Video Conferencing

Convene Video Conferencing

A new innovation for our award-winning board meeting software has arrived! Azeus Convene’s new video conferencing feature supports everything required to hold a successful and productive remote meeting.

Learn More

public sector compliance

What Does Compliance Mean for the Public Sector?

by Francesca Dosayla on and last update on May 21, 2020

In 2020, compliance challenges that public organizations need to prioritize include data protection, identity verification, protection for the vulnerable, conflict of laws and governance. In responding to these compliance challenges, public organizations need to consider a mix of both traditional mechanisms (such as training and internal audit), as well as technological/automated solutions.

It is often assumed that the private sector has the most significant compliance challenges. The assumption, perhaps, is that a commercial motive means that private industry is less interested in the public good. Increasingly, however, compliance challenges are ‘sector-neutral’: they apply equally to the public and non-profit sectors as they do to the private sector.

In this article, we consider some of the key compliance challenges that any public organization needs to take into account in 2020. These are:

  • Data protection
  • Identity verification
  • Protection of the vulnerable
  • Conflict of laws

We look at each of these challenges in turn before looking at the steps a public organization needs to take in response.

What is the public sector? What are public organizations?

There is no universally applicable definition of the ‘public sector’ or ‘public organizations’. Traditionally, the public sector was either part of, or funded by, the state or government. However, as organizations that don’t fit this definition have increasingly taken on jobs previously carried out by arms of the state, this definition has expanded.

Increasingly the public sector has come to be defined not by its funding or ownership structure, but by its purpose: a public organization is one not primarily motivated by profit, but rather by the public good or welfare.

While this definition leaves the border between the public and non-public somewhat fuzzy, seen in this way, examples of public organizations could include:

  • National/federal/state government departments
  • Local/municipal/county government departments
  • Schools
  • Universities or colleges
  • Utility and energy companies
  • Emergency services
  • Postal services

Data protection

Increasingly, we conduct our transactions online. When we pay taxes, pay electricity bills or register for schools via the internet, we place significant amounts of our information in the hands of a public organization.

Regulators have recognized that individuals still have rights to that information, and that that information needs to be protected. Perhaps the most well-known is the European Union’s General Data Protection Regulation (GDPR), introduced in early 2018. Other similarly comprehensive data protection and privacy regimes include:

These laws and regulations do have significant differences, but all of them require that organizations have robust procedures, policies and training in place to protect personal information. They also all require that data breaches be notified and that organizations be able to demonstrate their compliance.

Some data protection requirements that might apply, depending on the jurisdiction, include:

  • A right of the individual to access their personal information;
  • A right of the individual to update or delete their personal information;
  • A right of the individual to opt-out of an organization collecting or making certain uses of their personal information.

Public organizations also have the special data compliance challenge of complying with any ‘freedom of information’ laws that apply in their jurisdiction. These laws generally require that public or official information be disclosed to the public unless there is a good reason not to do so.

Identity verification

Public organizations need to ensure that the people or entities they are dealing with are who they say they are. There has been considerable emphasis on how special identifying codes (such as ‘Legal Entity Identifiers’, or ‘SWIFT’ codes) can be used by private businesses to ensure that parties to financial transactions are aware of the risk profile of the other party they are dealing with. However, identity verification is just as important – if not more important – for public organizations.  For example, identity verification is increasingly a legal/compliance requirement in order to:

  • Ensure that the right person receives a service (such as enrollment in a school or a government subsidy)
  • Protect individual privacy (such as where an organization has access to sensitive health data).

Protection of the vulnerable

There is an increasing expectation that all public organizations do more to protect the vulnerable in society. And this is increasingly recognized by the law. Consider, for example, the requirement that utility companies provide special protections for vulnerable customers. Another example is the requirement that schools enroll students with disabilities in federally-funded schools.

All public organizations need to ensure that they have mechanisms in place to ensure compliance with the particular protections that apply to their customers or clients.

Conflict of laws

Increasingly organizations are operating across international borders. In response, regulators are increasingly extending the reach of laws and regulations across those borders. For example, both the General Data Protection Regulation and the California Consumer Privacy Act apply to organizations outside the European Union and California, respectively, where they serve clients or customers in those areas. Another example is the requirement to follow European verification rules when conducting certain transactions (e.g., trading derivatives) with a European organization.

All public organizations need to have a system in place to recognize all the different sources of their legal and compliance obligations.

Governance

There have been many highly publicized cases where a failure in governance was seen as the downfall in a public organization. Increasingly it is expected that the governors of the organization (they may be called boards of directors, boards of trustees, or simply ‘the board’), step up and take on a more conscientious role.

A key aspect of this has been the role of boards as identified in International Standards. It is a requirement in various International Standards that boards have oversight of risk management, remuneration policies, internal audit, compliance management systems and other matters.

It is not acceptable for board members to attempt to delegate their oversight responsibility to executives and management.

How might public organizations respond to these compliance challenges?

Some elements of a robust compliance program are timeless. For example, all public organizations need to consider:

  • All staff should be regularly trained in their compliance obligations. Records of the training need to be kept and the training process needs to be incorporated into employee and contractor performance review;
  • Internal Audit/Compliance Review. All organizations need to consider how they will review or audit their processes to ensure that there is follow-through on compliance policies and programs. If an organization is not big enough to have its own unit, it should consider outsourcing to a third party. This function needs to report to the Board (not just the CEO or CFO);
  • Compliance spend. Organizations need to consider whether they have devoted enough financial and staffing resources to ensure that they have prioritized compliance.

One aspect of a high-performing compliance program that is a newer development, however, is the role that automation and ‘Software as a service’ (SaaS) can play in the process. Just as technology creates some of the compliance headaches we have identified, it may also provide the ‘aspirin’. Automation that might improve compliance as well as reducing costs could be implemented in the following areas:

  • Data protection. Technological tools can be used to keep data secure, collate personal information, reduce duplication and streamline responses to the public (for example, responses to data access or deletion requests).
  • Identity verification. Software can be used to quickly identify that an individual or entity is who they say they are.
  • Vulnerable customers and conflict of laws. Training software can be used to ensure that any staff, managers or contractors dealing with vulnerable customers are on top of their obligations and that all applicable laws are being complied with.
  • Governance. Automated solutions can keep track of the upcoming scheduled actions for the board (for example, dates for internal audit plans and compliance reviews), as well as the outcomes of meetings.
Governance and Leadership
Share this article

Related Articles

Comments [0]


Start a Discussion

Your email address will no be published

Experience Azeus Convene

Learn how Azeus Convene can give you a great meeting experience. Get a 30-day free trial with no cost or obligation

All fields marked with * are required

United Kingdom (+44)
(+44) *