Mostly because state, federal, and overseas prosecutors have stepped up their enforcement against corporate misconduct, including large monetary penalties. The best way for a company to avoid those penalties is to demonstrate that it genuinely was trying to obey the corporate compliance law, but a few scofflaws (either employees or other third parties working on your company’s behalf) violated the law anyway. Compliance programs generate that proof, which the company can then show prosecutors.
An effective corporate compliance program demonstrates that your organization is aware of the rules and laws that apply to it, and takes reasonable, sincere steps to stay on the right side of those rules and laws.
In practice, corporate compliance programs have assumed many more duties over the last decade or so, because the risks to organizations have expanded. Many of those risks are still rooted in some regulatory compliance issue: trade sanctions, data privacy, labor standards, environmental, and so forth. But those risks also now spill over into threatening a company’s reputation with consumers, business partners, and other stakeholders — and preserving reputation with those groups is a high priority for boards and CEOs.
Hence companies have policies and procedures to address harassment, data privacy, onboarding for customers or third parties, and so many other issues. The compliance program exists to ensure that those policies and procedures address the company’s risks in a practical, effective manner. That could mean anything from developing new training to investigating complaints to studying data about how thousands of employees are (or are not) following policy.
What Should a Compliance Monitoring Plan Look Like?
Here are a few practical guidelines on how to monitor compliance with policies and procedures:
1. Plan
Put a plan in place and follow up on it. Set one, two or three-year goals and make sure to measure results. Whether it is to rewrite your code of conduct or provide more and better workforce training, make sure you track the progress of your initiative to figure out whether or not your compliance program is evolving and keeping up with best practices.
2. Capture Data
Collect as much data on your compliance activity as possible and consolidate that information in accurate and useful ways.
3. Be Proactive
Groom and aggregate your data. Analyze and track trends in compliance activity and report it to the right executives. One example could be tracking trends in exception request submissions: If you have a greater number of exception requests, it could attest to your success at making people understand the policy and the process, or maybe it’s a sign that you have a bigger problem.
4. Escalate
Create a clear and appropriate escalation system, so that the right managers or risk owners can quickly and adequately respond to any identified red flags or breaches.
5. Remediate
When flaws and failures are identified in the system they should be addressed through the development of internal controls to match and mitigate those risks.
6. Train
Train your employees. Remember, building a human firewall is one of the most effective defense against compliance breaches. When employees recognize a reportable event when they see it and know how to report it, then you have managed to install a sound corporate compliance culture. You can even measure that engagement through survey results.
7. Document
Getting documentation in place must not be secondary. Document all your efforts and keep auditable records that prove all your compliance activities. A strong reporting system will always allow you to be prepared for any inquiry in case authorities come knocking at your door.
8. Automate
Moving from manual to automated reporting and monitoring processes will allow the flow of data to be constant and human intervention minimal, leaving less room for human error.
Running an Effective Compliance Program
Our goal is to build a program around Ethics, Compliance, and Risk.
To improve your compliance program we have to answer three simple questions:
- Is the program well designed?
- Is the program effectively implemented?
- Does the compliance program actually work in practice?
Let’s focus on the third question: Does the compliance program actually work in practice?
An Effective Compliance Program
It is vital to keep in mind the need to go beyond simply putting the right policies in place and urging senior leadership to lead from the top.
Step 1: Deploy a Compliance Customer Satisfaction Survey
The first step in building an effective program is with a Compliance Customer Satisfaction Survey that is administered after every engagement with the compliance function. A few questions, embedded in an email, that can vet the experience of the end-user—something the compliance team can use to continuously improve the program; after each e-learning session; every policy affirmation; each request to approve a 3rd party supplier; each request to clear a conflict of interest.
In this case, the customers are our stakeholders; employees, suppliers, partners, and distributors. They should all provide feedback on improving the program.
Step 2: Ensure Stakeholder Understanding
The next element of program effectiveness centers on understanding; ensuring that stakeholders across your enterprise understand the key concepts and principles of your policies.
Step 3: Ask a Simple Question
As the final step, I propose that each month a small but statistically significant randomly selected set of stakeholders should be asked a simple question; “Are you aware of any violation of any company policy, regulation, or law?” A simple email with an in-email question allows you to proactively check the compliance pulse of the organization.
This, of course, supplements the whistleblower program that every enterprise already runs. Instead of waiting for a brave soul to report, you should be proactively reaching out to a cross-section and probing with a single simple question. While it is unlikely that this process will uncover broad issues, it serves as another part of the program, a proactive step, and a step that will help keep Compliance and Ethics at the forefront of your enterprise’s thoughts.
No Compliance and Ethics program is perfect, and every program can be improved. I believe the three steps outlined above can supplement a traditional program to improve effectiveness and put the program on a path of continuous improvement, getting you one step closer to the elusive promise of an effective compliance program.
Management is our heart and soul. Think of it as command central for your compliance program. No more spreadsheets, disconnected systems, or manual processes. Everything you need to manage your program in one place.
- Watch over policies, training, due diligence, investigations, risks and requests in one place.
- Combine time-consuming compliance tasks into simple, automated workflows.
- Get a comprehensive view of your entire compliance program in one dashboard.
- Empower employees to find what they need, when they need it with their own accounts
*Source: GAN Integrity