(20.10.23 SunHawk Insider Spotlight by Kimulet Winzer, JD)
What does it mean to be effective in compliance?
To start you must ensure that your organization, at a minimum, has implemented the seven elements of an effective compliance program. And what does that mean, you ask? To be effective at preventing, finding, and addressing regulatory, ethical, and policy infractions. To do this your organization will:
1. Have a dedicated Compliance Officer
2. Provide independent and adequate resources
3. Implement a compliance program authorized by the board or executive leadership as
4. Address all risk areas and all seven compliance program elements
First, your organization needs to establish policies and procedures to prevent and detect conduct that is inconsistent with law, rules and regulations. Additionally, these policies and procedures need to be reviewed and potentially updated regularly to meet requirements.
To ensure the right policies and procedures are in place, an organization could benefit from a cross functional policy committee. Oversight can be through the compliance officer. This will help create a structure that supports and facilitates both cooperation and collaboration within the workplace. It provides an opportunity to conduct a review of processes versus just updating the policies.
A continuous review of processes ensures that required education and training is delivered in diverse ways to increase effectiveness. It is important to take reasonable steps to communicate the updated policies and procedures, periodically and in a practical manner by conducting effective training programs. This can even be done more frequently than once a year.
Conducting internal monitoring through review of operational financial reporting, peer review, and review of corrective actions resulting from internal audits will keep continuous improvement at the forefront. This will also create awareness of progress and potentially reveal additional opportunities.
The organization's compliance program needs to be promoted and enforced consistently throughout the organization. Consistent enforcement and discipline are necessary so that individuals know that violations of the organization's compliance and code of conduct won’t be tolerated. This can be done through appropriate incentives in accordance with the compliance program. Additionally, establish disciplinary measures for engaging in conduct that deviates from communicated standards of conduct and for failing to take reasonable steps to prevent or detect fraudulent conduct.
If there is continuous misconduct detected, the organization will need to take reasonable steps to respond appropriately and to prevent further similar conduct from occurring.
You have implemented the Seven Elements of an Effective Compliance Program.
Compliance programs are judged by how effective they are at ensuring compliance with requirements, not just the documentation of the structure created. Therefore, programs must be able to meet the needs of the businesses they support by ensuring, at a minimum, the seven elements of an effective compliance program are in place. Additionally, they evolve to meet the needs of the business and its employees.
Going beyond the Seven Elements in your Compliance Program:
Consider this, is there appropriate, internal support for evaluating how policy changes impact reliant, or adjacent processes or functions?
Obviously, your organization’s policies and procedures need to be updated to meet requirements. However, beyond simply “checking the box,” think about how processes and departments are receiving support in evaluating policy changes. Creating a structure that supports this exercise is value-added, as it:
Facilitates cooperation and collaboration within the workplace.
Provides an opportunity to conduct a review of processes versus just updating the policies.
Ensures that required education and training is delivered in diverse ways to account for the varied ways individuals learn.
Creates opportunities for others to support this area, building a stronger understanding of what must be done and why.
Engage others, particularly leaders, to provide an opportunity to further imbed compliance and to show compliance is indeed everyone’s job.
It is true that if everyone is responsible for moving an issue forward, then likely no one is. However, from a cultural perspective, we cannot effectively move a compliance program forward if there is not a common goal or understanding.
In everything we are individually responsible for, we must do so mindful of the laws, regulations, and, where none exist, act ethically to do what is right and hold ourselves accountable for doing the right thing.
Have a plan, work your plan
The compliance officer helps to identify what the right thing is for the organization. This is based on what regulatory and contractual information is known and by understanding, broadly, the business strategies in place. This is not an easy or overnight effort, nor is it something that can be deployed to everyone in the same way. You have to pick your targeted areas and the right internal partners, then build upon that.