- Corporate Security
- Governance, Risk & Compliance
- Information Security
This guide details the processes and policies necessary for a company to be able to systematically uncover compliance lapses within the organization and resolve them in an effective and proactive manner.
Quick Question: Are you aware of any compliance violations within your company? If the answer is no, then it probably means you’re not looking hard enough.
Compliance is much better served by being proactive rather than reactive.
In many cases, compliance violations are discovered too late. They only become apparent once a customer threatens to sue the organization or a third party conducts an investigation. By then, the only thing you can do is take the hit and fix the issue—but that’s like closing the barn door after the horse escaped.
Compliance is much better served by being proactive rather than reactive. As responsible leaders of organizations, it has become part of your duty to employees and shareholders alike to ensure that all compliance issues are proactively sought out and resolved quickly and efficiently.
Fortunately, there are already several proven methods by which companies and their compliance teams can reliably uncover risks and violations. These are all part of a unified compliance program which, if done right, will be self- sustaining and quickly prove its value.
One of the most valuable things you can do as a leader is to set the tone for how the company approaches compliance. A company whose C-suite ignores or marginalizes compliance discussions will adopt the same destructive attitude themselves.
Company executives must be involved in defining the standards, procedures, policies and controls that the compliance team will codify and enforce. You must also publicly support and adhere to the same set of rules in your own activities and expect the same of your subordinates.
Leadership by example will make it much easier for the compliance team to do its job, as they and the people whom they investigate know that their actions have the full weight of upper management behind them.
Compliance officers are on a constant lookout for compliance issues and risks, but many times it’s the employees who discover them first. So it’s in your best interest to create a culture where whistleblowers are thanked for exposing compliance lapses, instead of being alienated and run out the door.
While your company may not have sufficient resources to reward employees for reporting lapses and risks, you should at least create policies that protect and encourage them to do their part in ensuring the organization is compliant. Middle-management must carry the same attitudes as well, as they are the ones directly overseeing the activities of their employees and will likely be the first persons informed of compliance issues.
A key part of any compliance program is creating convenient and accessible ways of communicating issues.
A key part of any compliance program is creating convenient and accessible ways of communicating issues. These can be external/customer facing, or internal/ employee facing. Consider creating one—or more—of the following intake methods:
Some companies employ random spot checks as a compliance strategy, but these are unreliable and, by nature, are bound to miss something significant.
In order to consistently and reliably uncover potential compliance risks across the company, CEOs must create a scalable system formed on ironclad policies, executed by experienced compliance officers, and supported by effective, specialized software tools.
By codifying the process, missteps and risks become more obvious and detectable, and there is less likelihood that a violation will sneak in under the radar.
Of course, discovering risks and violations is just the first step. Companies need to actually address these issues effectively and modify their procedures to prevent future instances. This is easier said than done, however. Despite the best of intentions, companies often enact lukewarm measures that either don’t solve the problem at all, or even encourage bad behavior—like a sales manager who allows bribes if they result in closed deals. Companies truly committed to compliance need to enact strong and consistent measures to maintain standards, such as:
How long does it normally take you to response to a request for an investigation? A week? A month?
The slightest delay could mean the difference between pre-empting a violation and letting a scandal slip through the cracks. Executives should demand (and get) a Service Level Agreement from compliance teams, so that you can be sure any reported violations are addressed in a timely manner— before they blow up.
Compliance is not an area that should be staffed with inexperienced people—especially if the team is small. You want to hire professionals who are intimately familiar with the laws and rules you’ll be following. They should also be accustomed to dealing with all the internal politics they’ll face as they police your operations.
Most importantly, you want to hire people who are conscientious, because they will serve as your company’s moral compass. The stronger their compass is, the more driven they will be to keep your organization safe and on the right path.
Do you know what’s better than a 3-man compliance team? A 300-man compliance team.
That’s what you’ll get if your company culture actively promotes and values compliance.
As mentioned before, your company culture is heavily influenced by the attitudes of the C-level staff. The more visibly supportive and committed you are to compliance, and the more value you place on compliance issues, the more it will rub off on employees.
Proper training is crucial for employees to respond to risks and violations in an appropriate and measured manner.
Your employees need to be just as familiar with the laws you’re policing as the compliance officers themselves—at least within their own areas of responsibility. By arming your employees with this knowledge and training them on the proper procedures and responses to various situations, you basically extend the reach of your compliance team and deputize the rest of your workforce. A culture that values compliance helps, but proper training is crucial for employees to respond to risks and violations in an appropriate and measured manner. It won’t do to have an employee blow a risk out of proportion, when a simple change would solve the entire affair.
Compliance teams rarely have all the manpower or resources to get the job done. This is especially true for one-man teams, who have to police an organization of hundreds all by themselves.
The right tools and technology are vital in keeping them— and the rest of the company—organized and on track. A proper compliance management tool offers many benefits to resource-strapped compliance teams, giving access to things like a central document repository, task or assignment ownership and even visualized reports denoting activity status.
Leaders and executives who want to make compliance review and enforcement a core part of their corporate strategy shouldn’t be intimidated by the size of the task. The road to full compliance is a long one and can begin with even just a few of the measures mentioned in this document.
In order to reliably protect a company against compliance violations, CEO’s must invest wholeheartedly on the manpower, processes and tools necessary to build the proper checks and balances. Only then can you get a return on investment on your compliance program.