Why Do Compliance Programmes Fail? How to Avoid Failure!

Why do Compliance Programmes Fail? How to Avoid Failure!

6 Apr, 2021

First, let us define what failure means for corporate compliance since compliance programmes have so many moving parts. Your programme might fail at specific tasks, such as automated monitoring of third parties or timely reporting of issues — but that only means your programme is ineffective at certain things.

For better or worse, failures happen. Why?

1. Lack of executive support

The plain truth is that if the board and senior management do not take corporate compliance seriously, your programme is bound to fail. If executive support for compliance is weak, nobody else will take the compliance function seriously either.

2. Ineffective use of technology

All organizations use technology to further the compliance programme somehow. The real question is whether you are using technology effectively.

For example, if you still rely on spreadsheets to document due diligence or memos posted to a shared drive for policy management — that is not wise. Spreadsheets can be wrong and word documents can be edited. Both can be overlooked, outdated or misplaced.

At the modern corporation, only good technology, wisely configured, can do that.

3. Responding improperly to complaints

Compliance functions need to be able to respond to people who report suspected misconduct.

4. Overlooking employee engagement

This mistake is a sibling to the one above. Not only does the compliance programme need to respond to employees wisely; it needs to engage with them wisely even before the compliance programme is truly up and running.

Things to Prioritize If You Want a Robust Compliance Programme

  1. A Commitment to Ethical Culture
  2. Effective Risk Assessments
  3. Policies and Procedures That Work
  4. Measurement and documentation

Fundamentally, regulators, business partners, consumers, shareholders — they don’t dwell on the structure of the compliance programme. They dwell on whether the programme reduces the risk of misconduct or non-compliance.

Ways To Give Your Compliance Programme An Advantage

1. Start data analytics early

Everyone understands the importance of data analytics, but the department might be strapped for analytics expertise or advanced visualization software, with robust reporting and monitoring solutions.

The sooner you start analytics, the better. Your compliance programme can be more responsive to actual conditions in the company, making data analytics an essential force multiplier.

2. Incorporate ethics into employee training

A good ethical foundation helps employees with the most dangerous risk of all: the one your compliance programme has not anticipated. Eventually, your employees will encounter a dilemma that your Code of Conduct or policy manual does not address, and that’s when they will rely on ethics to guide their decisions.

3. Protect confidentiality in internal reports.

Anonymous reports are more difficult to address; and confidentiality requires lots of policy, procedure, and testing to be sure your protection protocols work. They are still worth it because they help employees trust that the company will take their concerns seriously. That is the force multiplier.

4. Frequently test internal controls

Strong internal controls are vital to compliance, but you will not know whether they’re strong until you test them. Then, they can be a force multiplier that prevents a compliance failure, rather than just letting you know promptly that you have one.

What Can Go Wrong When Elevating Your Compliance Programme?

The good news: elevating your compliance programme is totally possible (with some hard work). The bad news: it is also very possible to get off track and fail to execute on this initiative properly. What are some of the top hurdles getting in compliance officers’ way? Let us explore the top three.

1. Not Having a Vision

Have an overall vision of what you want to achieve, mapped in a logical and realistic sequence. Start with smaller objectives to give you proof of concept and build momentum as you tackle the larger problems.

2. Changes Lack Impact (or Add Burden)

As a rule, simplify compliance with policies and procedures, while talking about core ethical values. That is what elevates ethics and compliance throughout the enterprise.

3. Failing to Align

Above all else, remember that employees are your allies in the fight against corruption and policy failures. It is in their best interest to help the company succeed. Avoiding damage, whether that is defined as actual financial sanctions or reputational harm, helps the company achieve success.

How to Have a Successful Compliance Programme

Successful compliance programmes gain the trust of the workforce—because good compliance can sometimes be a painstaking ordeal, where the CCO asks others to make sacrifices. Those sacrifices are ultimately worth it, but success depends on building alliances, winning support, and working together. Compliance programs fail when the CCO does the opposite.

Be aware, a compliance programme is never a one-size-fits-all affair. In order to craft an automated programme appropriate for your organization, it is essential to first understand the critical components of a programme and then tailor each element to the specific needs of the business. Technology is the backbone of any successful program, allowing your team to easily manage processes rather than getting bogged down in manual tasks.

By: Henry J. Schumacher

If assistance is needed, do email Henry J. Schumacher at schumacher@eitsc.com

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
This article first appeared in  The Businessmirror , 10 December 2019

Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records

Join lively discussions on pertinent data protection topics

Gain access to data protection research and video resources

Receive value-added data protection updates from the region

  Related Articles
What is the DPTM?

The Info-comm Media Development Authority of Singapore (IMDA) launched the Data…

How Social Media Makes Or Breaks A Company In Cri…

Every day we are confronted with information on companies that allegedly did th…

What are the areas that an organisation should ta…

It cannot be reiterated enough: personal information is property that belongs t…