What is an effective compliance program?

June 11, 2019

 

Compliance Mentality

Compliance is a mindset that needs to be refreshed periodically…

Contributed by: Justin Muscolino, Head of Compliance Training, North America – GRC Solutions

An effective compliance program is obviously important to have. But to put a proper program into effect, you need to understand what one should look like. Most people only want to do what the regulators want and not what’s best for their organization. If you implement a program that addresses all your risks with the proper policies and procedures, I guarantee that the regulators will be happy with it. The goal is not only to make the regulators happy, but also what makes sense for you. It’s about:

  • Doing a proper risk assessment and identifying the risks in your organization
  • Having the proper controls in place so that potential issues are addressed immediately
  • Having a culture of compliance that communicates urgency, the escalation points and the need to identify red flags
  • Refreshing your message throughout the year and training your people effectively using real-life situations
  • Ensuring supervisors are equipped with the right knowledge to create a positive atmosphere for staff
  • Having an effective “tone from the top” that engages everyone

Recently the US Department of Justice (DOJ) issued an update to its guidance on evaluating corporate compliance programs. You are more than welcome to read it thoroughly and make your own determination, but it basically tells corporations to use common sense when creating an effective compliance program. This means educating your staff to have a sense of urgency about the need for compliance and creating a culture of compliance that rewards rather than punishes staff for reporting or escalating potential issues.

As Assistant Attorney General Brian A. Benczkowski mentioned in his keynote address to the 2019 Annual Impact Conference, “But a company’s compliance program is the first line of defense that prevents the misconduct from happening in the first place. It has the ability to keep the company off our radar screen entirely.” This starts with creating an effective program that creates a good culture of compliance from new hires to long tenured staff. This is not a one-off event or “tick-a-box” formality; it’s a mindset that needs to be refreshed periodically throughout your organization. Think of a political campaign. Candidates don’t give one speech to win an election. They continuously spread the message and reinforce it over time.

You need to be agile with your thinking and make gradual improvements, evaluating successes and failures to determine if there are gaps and opportunities. A good program evolves by soliciting feedback then training your staff accordingly. Staying with the status quo is not the right choice. When people, technology and the industry change, you need to adapt.

In conclusion, what I’m saying is that if you use your common sense and do what’s best for your organization, everything will be alright!

Article written by Justin Muscolino (Head of Compliance Training, North America – GRC Solutions).