In the legal field the term Compliance refers to act of adherence to the law of the land.

In business terms, in case of any organization, compliance is done in adherence to the laws,
regulations, guidelines and specification that are relevant for the life cycle of a business entity.
Since all legal obligations are made public by the statutes. So, any violation or non-adherence will
lead to the imposition of penalties on the business entities or their representatives. Further, the
defence of ignorance of any existing regulation will not save the organization from any penalties.

In general, compliance means conforming to a rule, such as a specification, policy, standard

or law. Regulatory compliance describes the goal that organizations aspire to achieve in
their efforts to ensure that they are aware of and take steps to comply with relevant laws,
policies, and regulations.[1] Due to the increasing number of regulations and need for
operational transparency, organizations are increasingly adopting the use of consolidated and
harmonized sets of compliance controls.[2] This approach is used to ensure that all necessary
governance requirements can be met without the unnecessary duplication of effort and
activity from resources.

Regulations and accrediting organizations vary among fields, with examples such as PCI-
DSS and GLBA in the financial industry, FISMA for U.S. federal agencies, HACCP for the
food and beverage industry, and the Joint Commission and HIPAA in healthcare. In some
cases other compliance frameworks (such as COBIT) or even standards (NIST) inform on
how to comply with regulations.

Some organizations keep compliance data—all data belonging or pertaining to the enterprise
or included in the law, which can be used for the purpose of implementing or validating
compliance—in a separate store for meeting reporting requirements. Compliance software is
increasingly being implemented to help companies manage their compliance data more
efficiently. This store may include calculations, data transfers, and audit trails

In India, compliance regulation takes place across three strata: Central, State, and Local regulation.
India veers towards central regulation, especially of financial organizations and foreign funds.[18]
Compliance regulations vary based on the industry segment in addition to the geographical mix.
Most regulation comes in the following broad categories: economic regulation, regulation in the
public interest, and environmental regulation.[19] India has also been characterized by poor
compliance - reports suggest that only around 65% of companies are fully compliant to norms

In the current legal environment compliance means both following legal rules and regulations
exactly as prescribed and meeting the spirit of regulations even if the rules are not 100% clear.
Failure to comply with the regulation may result in criticism from a regulator, fines or penalties, and
possibly legal action. An interesting point is that generally US regulations are more prescriptive than
EU regulations, so where you are located in the world can mean different things.

An example of following an exact regulation comes from Regulation Z, governing credit products. If
you are an issuer of credit cards, you must send a customer their credit card statement at least 21
days before their payment due date. If you payment due date is on the 25 of every month, and your
credit card company is sending your statement (or making it available online) on the 20th of every
month before your payment is due, they are non-compliant with this regulation.

A compliance example over the spirit of a regulation could be seen looking at the Consumer
Financial Protection Bureau's Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) rule. Under
UDAAP, if a financial institution is offering a product, the product cannot be unfair, deceptive, or
abusive to a customer. These are all legal standards with a great deal of judgment built into the final
determination. Still you must comply with the regulation or face a penalty. Taking the 'spirit' or the
intent of the regulation into consideration will drive compliance in the absence of a bright line rule.

As a disclaimer, these examples are from the financial services industry. Compliance exists in many
different industries. The gist of what compliance means is the same. You are complying with a
straight forward rule, complying with the spirit of the rule, or doing both.

Compliance is either a state of being in accordance with established guidelines or specifications, or

the process of becoming so. Software, for example, may be developed in compliance with
specifications created by a standards body, and then deployed by user organizations in compliance
with a vendor's licensing agreement. The definition of compliance can also encompass efforts to
ensure that organizations are abiding by both industry regulations and government legislation.