First, let us define what failure means for corporate compliance since compliance programmes have so many moving parts. Your programme might fail at specific tasks, such as automated monitoring of third parties or timely reporting of issues — but that only means your programme is ineffective at certain things.
1. Lack of executive support
The plain truth is that if the board and senior management do not take corporate compliance seriously, your programme is bound to fail. If executive support for compliance is weak, nobody else will take the compliance function seriously either.
2. Ineffective use of technology
All organizations use technology to further the compliance programme somehow. The real question is whether you are using technology effectively.
For example, if you still rely on spreadsheets to document due diligence or memos posted to a shared drive for policy management — that is not wise. Spreadsheets can be wrong and word documents can be edited. Both can be overlooked, outdated or misplaced.
At the modern corporation, only good technology, wisely configured, can do that.
3. Responding improperly to complaints
Compliance functions need to be able to respond to people who report suspected misconduct.
4. Overlooking employee engagement
This mistake is a sibling to the one above. Not only does the compliance programme need to respond to employees wisely; it needs to engage with them wisely even before the compliance programme is truly up and running.
Things to Prioritize If You Want a Robust Compliance Programme
Fundamentally, regulators, business partners, consumers, shareholders — they don’t dwell on the structure of the compliance programme. They dwell on whether the programme reduces the risk of misconduct or non-compliance.
1. Start data analytics early
Everyone understands the importance of data analytics, but the department might be strapped for analytics expertise or advanced visualization software, with robust reporting and monitoring solutions.
The sooner you start analytics, the better. Your compliance programme can be more responsive to actual conditions in the company, making data analytics an essential force multiplier.
2. Incorporate ethics into employee training
A good ethical foundation helps employees with the most dangerous risk of all: the one your compliance programme has not anticipated. Eventually, your employees will encounter a dilemma that your Code of Conduct or policy manual does not address, and that’s when they will rely on ethics to guide their decisions.
3. Protect confidentiality in internal reports.
Anonymous reports are more difficult to address; and confidentiality requires lots of policy, procedure, and testing to be sure your protection protocols work. They are still worth it because they help employees trust that the company will take their concerns seriously. That is the force multiplier.
4. Frequently test internal controls
Strong internal controls are vital to compliance, but you will not know whether they’re strong until you test them. Then, they can be a force multiplier that prevents a compliance failure, rather than just letting you know promptly that you have one.
The good news: elevating your compliance programme is totally possible (with some hard work). The bad news: it is also very possible to get off track and fail to execute on this initiative properly. What are some of the top hurdles getting in compliance officers’ way? Let us explore the top three.
1. Not Having a Vision
Have an overall vision of what you want to achieve, mapped in a logical and realistic sequence. Start with smaller objectives to give you proof of concept and build momentum as you tackle the larger problems.
2. Changes Lack Impact (or Add Burden)
As a rule, simplify compliance with policies and procedures, while talking about core ethical values. That is what elevates ethics and compliance throughout the enterprise.
3. Failing to Align
Above all else, remember that employees are your allies in the fight against corruption and policy failures. It is in their best interest to help the company succeed. Avoiding damage, whether that is defined as actual financial sanctions or reputational harm, helps the company achieve success.
Successful compliance programmes gain the trust of the workforce—because good compliance can sometimes be a painstaking ordeal, where the CCO asks others to make sacrifices. Those sacrifices are ultimately worth it, but success depends on building alliances, winning support, and working together. Compliance programs fail when the CCO does the opposite.
Be aware, a compliance programme is never a one-size-fits-all affair. In order to craft an automated programme appropriate for your organization, it is essential to first understand the critical components of a programme and then tailor each element to the specific needs of the business. Technology is the backbone of any successful program, allowing your team to easily manage processes rather than getting bogged down in manual tasks.
By: Henry J. Schumacher
If assistance is needed, do email Henry J. Schumacher at email@example.com
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
This article first appeared in The Businessmirror , 10 December 2019
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region
The Info-comm Media Development Authority of Singapore (IMDA) launched the Data…
Every day we are confronted with information on companies that allegedly did th…
It cannot be reiterated enough: personal information is property that belongs t…