A draft report on the proposal for the disclosure of non-financial and diversity information by certain large companies and groups presented to the European Parliament committee on legal affairs (JURI), significantly raises the burden of disclosures about risks.
The proposal suggests that with regard to human rights, anti-corruption and bribery, non-financial statements should include information on, as a minimum, the prevention of human rights abuses and instruments in place in order to fight corruption and bribery. It adds that organizations should provide adequate information in relation to matters that stand out as being most likely to bring about the materialisation of risks of severe impacts, along with those that have already materialised. The severity of such impacts should be judged by their scale and gravity.
So how well prepared are companies to meet these compliance demands? The key to managing the compliance risk is to have robust systems and processes in place which demonstrate management’s commitment to manage these risks. Ad-hoc spreadsheets and forms stored in a lever-arch file in the Chief Risk Officer’s room are hardly likely to keep regulators satisfied.