Regardless of industry, operating any type of organization without an effective compliance program in place can be fraught with risk. Even a single mistake could result in civil or criminal charges, as well as federal fines amounting to thousands of dollars.
In a world in which total quality management has become the rule, industries are commonly judged based on their ability to adhere to international standards. No profession or business is exempt. Nor can any business afford to ignore the need for compliance measures. Even in cases in which there were no deliberate attempts to commit abuse or fraud, the risks are still grave. In the desire to deliver the most efficient services possible, there may be a temptation to take shortcuts. Even simple clerical errors can have significant repercussions. Having a compliance program in place can provide a measure of protection. A compliance program is essentially a system comprised of policies, procedures, and training all designed to reduce the risk of an organization breaching regulations.
Why Is a Compliance Program Needed?
The best way to ensure that your organization is in compliance with the law, while also taking advantage of numerous other benefits, is to make certain you have an effective compliance program in place.
In some cases, you organization may be bound to having a compliance program. For instance, if your organization is in an industry that is heavily regulated, that industry may state explicitly that you are required to have a formal compliance program. In other cases, your industry may be subject to federal regulations that require a formal compliance program. One example of this is the SEC’s Investment Advisers Act Rule 206(4)-7, which explicitly requires companies to appoint a chief compliance office, implement a compliance program, and review that program on an annual basis.
Yet another reason for your organization to have a compliance program is to mitigate the effects of federal prosecution if your organization is found to have engaged in any illegal activity. A convicted organization may be eligible for reduced sentencing under the Federal Sentencing Guidelines if the organization had a compliance program in place at the time the offense was committed.
How Can One Attain His or Her Obligations as a Compliance Officer?
This is perhaps one area where many organizations and their compliance officers struggle the most. One option is to follow a program, such as “The Path to Compliance Obligation Management,” which was developed by Compli® and the Open Compliance and Ethics Group. This program provides organizations with a visual representation of the numerous steps necessary to mitigate risk while fine-tuning compliance efforts in order to satisfy auditors, directors, regulators, and stakeholders.
The reality is that today, organizations in all industries are practically inundated with numerous responsibilities and obligations related to compliance. By taking advantage of this type of visual illustration, organizations can ensure that those compliance obligations are properly managed.
Compliance Models—Deciding on the Best Structure
Determining the best structure for a compliance model is another area where many organizations tend to struggle in developing a compliance program. While there are numerous models available, there is no prevailing model. Ultimately, it depends on the needs of the organization in question. Among the most common approaches are:
- Compliance Committee
- Formal Compliance Program
- Compliance Program Integrated with the Office of General Counsel
- Freestanding Program, where the director reports to a senior administrator
- Freestanding Program, where the director reports to a president or committee
Choosing an Approach
Organizations may encounter a number of challenges in choosing the right structure for a compliance program. The chosen approach must be appropriate for the organization, and it is also important to create a balance between meeting the needs of the organization as well as managing the expectations and requirements of various stakeholders.
Also known as a traditional approach, the decentralized method offers the benefit of not adding a lot of budgetary expense. In addition, this approach assigns compliance duties to the officials who are actually responsible for those specific functions. As such, it does not create additional administrative burdens, while simultaneously reducing conflict among departments. If there is a disadvantage to this method, it is that it does tend to create a silo that could restrict communication among offices that need to dialogue regarding compliance matters. Compliance commitment also tends to be less visible with this approach.
Freestanding Compliance Committee
Under this approach, it is possible to set the tone at the top while engendering coordination and awareness of compliance issues. This approach is ideal for facilitating a collaborative environment. The downside to this method is that senior staff tends to be burdened with additional obligations and meetings. It also often creates inefficiencies in regard to some compliance activities.
Formal Compliance Program
Under a formal compliance program, it becomes possible to create more efficiency by utilizing a means of access already in place. Even so, it may also result in apprehension among managers, officials, and employees, as an investigative orientation is often either implied or assumed.
Compliance Program Integrated with GC
The benefit to this approach is that the GC usually already has or can acquire subject matter expertise. As a result, it is possible to avoid the need to create a new office. Ambiguities can be created regarding whether advice is administrative or legal.
Formal Compliance Program—Director Reporting to Senior Administrator
Along with demonstrating a commitment to compliance, this approach also works to distinguish compliance from other associated functions. Organizations must commit to significant new budgetary requirements with this approach, however.
Formal Compliance Program—Reporting to President or Committee
This approach makes it possible to avoid the issues often related to other freestanding approaches. The downside to this approach is that very few senior officials usually have the necessary subject matter expertise to properly supervise this function.
Building a Secure Compliance Program
The benefits of a strong compliance program extend well beyond legal and regulatory compliance, and include numerous operational advantages. Those benefits include ensuring that everyone in the organization is working in harmony to grow the business, keep customers happy, and manage risks.
As part of the process of developing a secure compliance program, organizations should take the following steps.
- Understand all regulatory and internal compliance needs to determine proper scope.
- Gather external and internal research and intelligence to understand competitor reactions and industry developments, including legal actions.
- Define objectives.
- Align policies, actions, and procedures to address identified risks.
- Verify understanding and buy-in.
- Assess ongoing compliance by building internal audits, monitoring, and special reviews.
- Train, communicate with, and educate departments, external partners, vendors, customers, and other stakeholders.
- Measure results while staying aware of compliance trends and developments.
The Compliance Matrix Program makes it possible to formally coordinate the compliance efforts of an organization with those individuals who are responsible for daily activities along with feedback from legal counsel. Generally, the most effective method for obtaining cooperation and buy-in for compliance efforts is to request input and feedback from the beginning from compliance partners.
Organizations should take advantage of every available opportunity to work toward building relationships with compliance partners. In addition, it is important to utilize technology, wherever possible, as a tool for compliance. This can be accomplished by providing departments with educational tools, checklists, and other materials for particular topics. Technology may also be utilized for developing internal online risk assessments.
Developing an effective compliance program does require time, however, the benefits of doing so are well worth the effort.