Central to the retail sector cutting down operational costs and remaining competitive, is to not incur fines and penalties for missed compliances. The national presence of retail brands, through outlets and franchisees, presents an interesting four-pronged challenge for said compliance.

Retailers reel under the pressures of balancing supply and demand, shorter product lifecycles, demand volatility, multichannel merchandising, longer supply chains and demand for ever-shortening delivery timelines to the end customer.

They typically have tight margins. In the bottomline, it is always revenue over regulations. Documentation costs are perceived as a considerable pain upfront. Customer-experience takes precedence over regulations too. Since that is directly linked to sales, which means revenues, again. 

This necessitates robust internal compliance programs in retail sector companies. But what does a robust program mean in practice?

Centralised software

Retail outlets spread over several states necessitates the presence of a mechanism to deal with variance in state legislation on the one hand, and outsourced management on the other. Retail companies may have an operational checklist, it is not possible to execute without a centralised software that has a bird’s eye view of the compliance. This centralised software, supplemented with routine to check adequacy of said software, will make for the complete machine that can keep retailers out of the red. 

Framework of a program

A compliance program’s goal to achieve zero non-compliance cannot operate in a vacuum from ground realities, for one. The first steps toward setting up to failure in compliance programs is to see it as destination, not journey. Compliance checks progressively finetune themselves through ongoing consistent implemention, evaluation and pivoting. 

Second, the compliance portal must have enough built in nuances to complete the loop. There should be conclusions of fact derived from the checks and balances configured into the compliance tech. Configuration of such a comprehensive portal is a creative exercise. 

Besides multi-sector experience of resolving day-to-day operational issues of corporates, experience of dealing with government auditors helps with the creativity.

A compliance audit is an assessment as to whether the provisions of the applicable laws, rules and regulations made there under and various orders and instructions issued by the competent authority are being complied with. This audit by its very nature promotes accountability, good governance and transparency as it is concerned with reporting deviations, identifying weaknesses and assessing propriety. Indian Audit & Accounts Department has been traditionally conducting transaction based audits, regularity audits, propriety audits, theme based and Chief Controlling Officer based audits which are essentially in the nature of assessing compliance.

Regular exposure to both diverse sectors, as well as the other side of the table, lends professional advisors the credibility to effectively perform:

– Adequacy checks uniformly across the physical and online sites of the retailer

– Assist in Task cross mapping recommendation through audit to ensure uniformity across units

– Reviewing all historical documents and remarks for the company being uploaded in the compliance system. 

Retail Compliance and Data Security 

Some of the compliance requirements are particularly difficult for retail companies because of the large number of employees of retailers. One area of complexity is data security. The large number of retail company employees have access to the data of individuals who are outsiders to the retail company. 

For companies in the retail sector, data breaches on account of online payments are a pithy area of omipresent regulation. The General Data Protection Regulation (GDPR) is a complex compliance to achieve, encompassing -numerous requirements that must be met in order for a company to be considered compliant. 

The large workforce is not only a challenge in terms of ensuring all of them have reviewed data compliance policies, but also each member uses personal devices the data transfer of which it is hard to manage. 

But besides a large workforce, the retail sector in general is of the characteristic of large branch outs in terms of data. Thousands of workstations and servers existing in multiple locations, switching on and off at different times, need a system of aligned updates. Restricting and monitoring access controls also becomes a challenge due to this locational spread. 

The sector may see compliance as a never-ending, exhorbitant mountainous hike, but the cost of not meeting compliance can spike up to 2x the cost of internal audits and documentation. 

This spike is not just from regulatory fines and penalties but also from business disruption. Regulatory impose sanctions and shutdowns on non-compliant entities. During this time valued customers are lost, reputation endangered, brands forgotten. And it is a no-brainer that system downtime causes productivity to spiral down. 

And eventually the non-compliant entity has to spend money resolving the compliance issue. 

Therefore, through a timely adequacy check and gap analysis on the regulatory side, database review derived from internal audits, and rectification of data is the easier thing to do. 

Standardised compliance models

Lastly, whatever is achieved in terms of centralisation, checks, balances and audits and data security needs a standard model across the company.

The effectiveness and uniformity of these compliance models depends on evaluations done by neutral third parties. 

However we have observed that not to be the case. While they are leaders of their field of operation, compliance models are plentiful without requisite central authorisations. 

There need to be mandates in place to have a small upper limit on compliance models, most new requirements harmonised with those limited models, and the need for phased permissions to introduce newer models.