CONTENTS
- 1. Compliance management | Concept and Importance
- - Criminal Risk When Compliance Management Fails
- 2. Compliance management | Corporate Compliance Framework
- - Operating a Compliance Organization
- 3. Compliance management | Key Areas of Regulation
- - Fair Trade Compliance
- - Anti-Corruption and Anti-Graft Regulation
- - Personal Information and Data Security Regulation
- - ESG and Environmental Regulation
- 4. Compliance Management | Building an Internal Control System
- - Internal Investigations and Crisis Response
- - Corporate Risk Management Strategy
- 5. Compliance Management | How Daeryun Law Firm Can Help
1. Compliance management | Concept and Importance
Compliance management refers to a management framework that keeps a company's activities in line with the law, internal rules, ethical standards, and social responsibility.
Where compliance once focused merely on not breaking the law, it has now grown into a core element of management that affects a company's sustainability and reputation, its ability to attract investment, and even its global transactions.
The following shifts in the regulatory environment have made compliance management all the more significant.
- Tighter fair trade regulation
- Broader anti-corruption regulation
- Tighter personal data protection regulation
- Tighter financial and capital markets regulation
- The spread of ESG management
A company that fails to build a proper compliance management framework may run into the following problems.
Criminal Risk When Compliance Management Fails
A company that fails to build a proper compliance management framework can see liability extend to the criminal responsibility of its executives and employees.
In recent years, courts have increasingly held the representative director and officers, as the parties with genuine decision-making authority, directly criminally liable, which makes building an internal control framework all the more important.
Type of violation | Applicable law | Level of punishment |
Offering a bribe | Criminal Act | Up to 5 years' imprisonment or a fine of up to KRW 20 million |
Improper solicitation and acceptance of money or valuables | Improper Solicitation and Graft Act | Up to 3 years' imprisonment or a fine of up to KRW 30 million |
Collusion and unfair trade | Monopoly Regulation and Fair Trade Act | Up to 3 years' imprisonment or a fine of up to KRW 200 million |
Personal data breach | Personal Information Protection Act | Up to 5 years' imprisonment or a fine of up to KRW 50 million |
Trade secret leak | Unfair Competition Prevention and Trade Secret Protection Act | Leak abroad: up to 15 years' imprisonment or a fine of up to KRW 1.5 billion Domestic leak: up to 10 years' imprisonment or a fine of up to KRW 500 million |
Accounting fraud | External Audit Act | Up to 10 years' imprisonment or a fine of 2 to 5 times the gain obtained or the loss avoided through the violation |
Insider trading | Financial Investment Services and Capital Markets Act | At least 1 year's imprisonment or a fine of 4 to 6 times the unfair gain |
Embezzlement and breach of trust | Criminal Act | Up to 10 years' imprisonment or a fine of up to KRW 30 million |
In particular, where a company's internal control failure is confirmed, the joint penalty provision may also impose criminal liability on the company itself.
For this reason, compliance management is now seen not as a mere response to regulation but as a core management strategy for a company's sustainability.
2. Compliance management | Corporate Compliance Framework
Compliance management refers to the internal control system of the organization as a whole, and a company's compliance framework is generally structured as follows.
The compliance officer system
One of the core mechanisms of a compliance management framework is the compliance officer system.
It requires a company to appoint a dedicated officer who checks whether the company complies with the law and oversees the internal control system.
The compliance officer system is based on Article 542-13 of the Commercial Act.
The compliance officer's main duties
Duty | Content |
Checking compliance with the law | Confirming whether the company is in breach of the law |
Managing internal control | Operating internal rules and the compliance system |
Compliance training | Providing compliance training for officers and employees |
Internal investigation | Investigating unlawful conduct and recommending improvements |
Risk reporting | Reporting to the board of directors and the representative director |
Operating a Compliance Organization
Large corporations and financial institutions sometimes run a separate compliance organization. Its main roles are as follows.
- Establishing internal control policy
- Checking compliance with laws and regulations
- Internal audit
- Risk management
- Operating an internal reporting system
This allows a company to manage its legal risks in advance.
3. Compliance management | Key Areas of Regulation
Corporate compliance management touches on a range of legal areas, and the leading fields of compliance regulation are as follows.
Fair Trade Compliance
Compliance management under the Monopoly Regulation and Fair Trade Act is a highly important area of corporate activity. The leading types of regulation are as follows.
- Collusion
- Unfair trade practices
- Improper support
- Violations of the Fair Transactions in Subcontracting Act
- Violations of the Act on Fair Transactions in Large Retail Business
A company can build its internal control framework through a fair trade compliance program (CP).
Anti-Corruption and Anti-Graft Regulation
The Improper Solicitation and Graft Act is a leading law that strengthens corporate anti-corruption compliance.
Global companies should also consider the following foreign anti-corruption regimes.
- The U.S. FCPA
- UK Bribery Act
These laws strictly regulate bribery, improper solicitation, and corrupt conduct by a company's officers and employees.
Personal Information and Data Security Regulation
Compliance relating to personal information has become one of the leading regulatory concerns in recent years.
The governing statutes include the following.
- Personal Information Protection Act
- Network Act
- Credit Information Act
A data breach may give rise to the following sanctions.
- Penalty surcharge
- Administrative fine
- Damages
- Criminal punishment
ESG and Environmental Regulation
As ESG management expands, environmental regulation has also become a significant area of compliance management. The principal statutes include the following.
- Environmental Crimes Control Act
- Clean Air Conservation Act
- Wastes Control Act
A breach of environmental regulation can also have a considerable effect on a company's reputation and its ability to attract investment.
4. Compliance Management | Building an Internal Control System
Effective compliance management calls for a well-structured internal control system. The core components of internal control include the following.
Components of Compliance Management Internal Control
Category | Key Content |
Internal rules | Code of conduct, ethics policy |
Risk management | Analysis of legal risk |
Internal audit | Review of regulatory compliance |
Internal reporting | Whistleblower system |
Training programs | Compliance training for officers and employees |
An internal control system of this kind serves to head off a company's legal risks before they arise.
Internal Investigations and Crisis Response
When unlawful conduct occurs, or is suspected, within a company, an internal investigation is called for.
An internal investigation generally proceeds through the following steps.
- Receipt of a report
- Investigation of the facts
- Securing of evidence
- Legal review
- Remedial measures
In recent practice, digital forensics is used to analyze email, messaging, and internal data, which improves the accuracy of an investigation.
Responding to investigations by the following authorities is equally important.
- Fair Trade Commission investigations
- Financial Supervisory Service examinations
- Prosecutorial investigations
Throughout this process, a company needs to respond promptly and strategically.
Corporate Risk Management Strategy
For compliance management to be effective, a company should put the following strategies in place.
With such a framework in place, a company can manage its legal and reputational risks at the same time.
5. Compliance Management | How Daeryun Law Firm Can Help
Compliance management is a comprehensive area of risk management that runs through a company's governance, transaction structures, and internal decision-making as a whole.
To help companies build compliance management frameworks, Daeryun Law Firm operates an integrated advisory model in which specialists across corporate law, fair trade, finance, criminal law, personal information, and labor work together.
Daeryun provides compliance management advice tailored to each company in the following areas.
· Internal investigations and digital forensics response
· Response to investigations by the Fair Trade Commission, the Financial Supervisory Service, and other regulators
· Response to criminal investigations and dispute prevention
Through collaboration among corporate attorneys, fair trade attorneys, finance attorneys, criminal attorneys, and our Digital Forensics Center, the firm provides companies with a tailored, one-stop legal solution that spans the building of compliance management frameworks, internal investigations, regulatory response, and dispute resolution.
If your company needs advice on building a compliance management framework, you may wish to arrange a 🔗corporate attorney legal consultation with Daeryun, which offers legal services suited to your company's circumstances, including on-site and video consultations.
