Great Compliance Programs

World over, there have been calls on organizations to develop effective compliance risk mitigation programs and internal safeguards to protect against internal and external threats of corruption and fraud. At a time when risks have been increasing, the results from the set compliance programs are worrying. There has been a growth in social media, mobile technologies, and even big data, which are ushering in opportunities for transparency and exposure of illegal transactions. New ethical questions on how businesses are conducted have also been on the increase. Individuals whose motive is to defraud, violate rule of law or gain unfair advantages from organizations have also been upping their game.
Organizations should thus endeavor to build, not good, but, great compliance programs. A well build compliance program will not only protect the organization from internal and external threats, but also enhance its brand and strengthens its relationships with all stakeholders.
A number of factors that separate a good compliance program from a great one:
Tone at the top
The board and the senior management, and the sense of responsibility that they share to protect the shareholders’ reputational and financial assets is the starting point for a great ethics and compliance program. They should empower and properly resource those individuals who have day-to-day responsibilities to mitigate risks and build organizational trust. In this way, the entire organization will be accountable.
Corporate culture
Building a culture of integrity is a key element of a great compliance program. The behavior on many organizations is determined by the organizational culture. Culture is comprised of the underlying values, beliefs, attitudes, and expectations shared by an organization, and against which decisions are made and behaviors are formed. If program is build that does not factor to build or ride on the existing culture, it will eventually become nothing more than roadblocks to be circumvented.
Risk assessments
Old risks remain important to an organization, but with the ever changing world, there are new risks that keep on emerging. There is need therefore for an organization to have a continuous and effective, risk and compliance risk assessment. This assessment should not just be about processes but also focus on the results and deep understanding of the risks that the organization is facing. A risk based approach to risk assessment, with the involvement of the board and senior management will ensure there are tools and processes necessary to avoid, mitigate or re-mediate risks. It will also ensure allocation of the scarce resources to manage the risks.
Testing and monitoring
A testing and monitoring program is necessary to ensure the set control environment is working properly. All the policies, practices, and procedures developed to manage risk are irrelevant if they are poorly understood and executed and, as a result, do not change the behavior of the organization. It begins with implementing appropriate controls, which should be tested and ultimately monitored and audited on a regular basis. In the spirit of ongoing testing and monitoring, it is also crucial to perform periodic cultural assessments and reinforce the desired behaviors while re-mediating the negative ones.
The chief ethics and compliance officer
The chief ethics and compliance officer has day-to-day responsibility for overseeing the management of compliance program. This is an office that should have direct access to the senior management to ensure key decisions are made in a timely manner without going through corporate bureaucracies. It requires an individual who can design the necessary risk architecture, assess business and cultural risks across a variety of businesses and geographies, develop training and communication strategies, build comprehensive databases, and assess data analytics, while conducting sometimes critical investigations. It requires someone who can take a balanced approach to ethics and compliance, and who by his or her nature can build partnerships with business leaders that enhance levels of trust both internally and externally with all stakeholders. A skilled chief ethics and compliance officer can create a competitive edge for their organization. Such individuals are not always easy to find, and appropriate training and coaching can benefit both the individual and the organization.


An Effective Compliance Program

Compliance is a continuous loop of change, reaction, proactive planning, measurement and change again. A static ethics and compliance program is an ineffective and dead program.

An effective compliance program is not a perfect one. An effective program does not prevent all significant code or legal violations. An effective compliance program is about continuously measuring risks, the effectiveness of company controls, and the company’s culture. The world is constantly changing. Social and economic forces will inevitably impact the company and its workforce, and ethics and compliance programs need to adapt to external and internal changes. Continuous monitoring and measurement translates into continuous change.

An effective ethics and compliance program is one that is not about the prevention of every code and legal violation but an ethics and compliance program that is aligned in accordance with risks, and which maximizes mitigation strategies against ever-changing constellations of risks.