Who is Responsible for Compliance?

Wednesday, April 3, 2024

Authored by Senior Consultant, Paul White.

Before we can answer that question, we need to understand what compliance is.

What does compliance mean?

If we search through various dictionaries, compliance can be referred to as the act of adhering to laws, regulations, guidelines and standards relevant to a particular industry or organisation. It involves ensuring that individuals, businesses and organisations operate in accordance with legal and ethical standards, in order to maintain integrity, protect stakeholders, and minimise risk.

Compliance can encompass a wide range of areas, such as regulatory, corporate, industry specific, data privacy and security. Effectively, all of these can be described as meeting requirements or following/adhering to process.

We can confidently say compliance means 'meeting or adhering to regulations, policies, process and procedures'. Organisations need to ensure that all within the organisation operate within those requirements. For that, we need to understand the word ensure.

'Ensure' means 'to make certain' or 'guarantee that something will happen, be done, or be in a particular condition'. It involves taking necessary actions to achieve a desired outcome or result. When you ensure something, you are actively taking steps to:

1. Make something happen - You take actions to ensure that a specific event or outcome occurs as planned or desired.
2. Fulfil a requirement - You ensure that certain conditions, obligations, or criteria are met in order to comply with rules, regulations or standards.

Overall, compliance means to ensure that we are doing that for which we are responsible, within the boundaries of our regulatory, exposition and procedural commitments.

Who is responsible in our airworthiness system?
Well, that depends. Let's look closely at specifically the continuing airworthiness framework, both Part-CAMO and Part-145 regulations.

The regulations always require organisations to have clear lines of accountability and responsibility, so is a good place to start. Looking at this in more detail, these responsibilities are split between being responsible for the core function, which for the Part-CAMO means, ensuring that the organisation always complies with the applicable continuing airworthiness management requirements. Or for the Part-145, responsibility for the maintenance functions, and to ensure that the organisation works in accordance with the MOE and approved procedures.

There are further requirements in both these regulations laid down, such as, a person or team to be responsible for the monitoring of compliance or the independent audit responsibilities.

If we look specifically at compliance monitoring, then this means complying with the requirements for monitoring the compliance status of the team/people responsible for the core functions. We need to be careful that we use the word compliance in the appropriate context across the organisation. Compliance depends on those important responsibilities, and therefore should be used in an appropriate way.

Simply, we could say that we are all responsible for compliance to our areas of specific responsibility, or different elements of compliance. If we understand where we sit within the organisation relevant regulatory framework, we can then determine what element of compliance we are responsible for, and then ensure that we are focussing on the right actions.

What are the benefits of compliance?
The benefits range from being able to identify the key persons with responsibility within your organisation, and understanding what areas of the business or regulatory framework they are responsible for, leading to identifying those clear lines of accountability and responsibility through to simplifying processes and workflows. Ultimately saving time and resources whilst still ensuring that the foundations of safety, the regulatory requirements, are met.

With the introduction of the performance-based environment, not only do we need to own and manage compliance, but we need to demonstrate a level of performance against those evolving compliance requirements. EASA and the UK CAA both use the PSOE index to enable a level of performance to be established. This admittedly is focussed solely on safety performance at the moment, but we could and maybe should, look to use a similar performance metric against all our compliance criteria.

Once the foundations of compliance are met, this will enable your core business to build on those successes and continually improve your performance, enhancing business success.

Contact us at hello@bainessimmons.com to find out how our experience team, using models developed and tested in industry, can assist you on your journey towards performance.

If you'd like to learn more about the full understanding of ownership of compliance, we would recommend booking onto our TR01 - UK CAA / EASA Approved Organisations - Managers' Responsibilities course.

For more information on the maintenance requirement, our TR02 - UK CAA / EASA Part 145 - Understanding the Requirements for Maintenance course will help you with your understanding.

Our TR03 - UK CAA / EASA Part M and Part CAMO - Understanding the Management of Continuing Airworthiness course will help you gain an understanding that a regulation is not just about ensuring you and your organisation are compliant.