The complexity of compliance and risk exposure in doing business globally has reached an unprecedented level in recent years. In the U.S. alone, 4,000 new laws and regulations are in the works — and that’s in addition to the more than 3,500 federal regulations passed just last year. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 represented the most sweeping reform of financial regulation in the U.S. since the Great Depression. In fact, throughout the global infrastructure, many countries are expanding their compliance framework to add increasingly stringent requirements for entities doing business in their jurisdictions. For chief compliance officers, the challenge is how to implement policies, procedures and standards that, in spite of the regulatory complexities, are easily understood by, and transparent to, employees and stakeholders. These policies, procedures, and standards must be effective in enhancing compliance and detecting and mitigating enterprise risks. And at the end of the day, the compliance function should also add value to the proper sustainability and responsible growth of the company. Compliance best practices may be summarized by five essential elements that promote the effective understanding and awareness of enterprise risk management, while helping the company to steer clear of ethical, regulatory, and legal issues throughout the global landscape.
Many organizations have voluminous binders and manuals filled with compliance or compliance-related policies and procedures. No doubt these were instituted with the best of intentions, but the reality is that they are incapable of being efficiently implemented because they can barely be understood. Disorganized and outdated, these paper-based programs are often the result of reacting to various crises and new rulemaking over the years, with little attention paid to the package as a whole. In today’s fast-paced, globally networked, and continuously evolving business environment, the substance of the compliance programs must be understood, relevant, and updated such that employees and business partners can easily comprehend and execute on the principles so important to doing business ethically and legally around the globe. An effective design requires thoughtful structuring and clear communication. The components of the program must cover key business segments and focus on global regions within the company. The program must be simple and easy to follow while covering all of the bases. On publishing, it makes sense to provide a big-picture overview of the various components in the first page of your compliance Intranet site. Your compliance site should also provide the table of contents on the side bar and allow easy clicking in and out of different components and contents. Better yet, your Intranet site should allow users to easily find relevant content through keyword searches. Each of the components should identify the contact person(s) for questions or reporting, and should indicate when the last update occurred. It is essential that the policies use plain English and be concise and relevant. We should not expect to turn your employees into experts in Sarbanes-Oxley or the Federal Sentencing Guidelines. They just need to know the Dos and Don’ts, where to report issues, how to make basic decisions, and whom to consult when more complex situations arise. Without clarity, your employees might not understand; without brevity, your employees might not even try to understand.
A compliance program should not simply focus on responding to emergency calls. Your employees are less inclined to cooperate and help to improve the program if they feel that every time you request a meeting or certain documentation you are out to pinpoint problems and catch scapegoats. Without collaborative relationships across the organization, compliance staff may be feared, but they won’t be effective. It is helpful for the board and senior management to set the right tone at the top by supporting the goals of the function. However, messaging alone will not entice your employees and stakeholders to follow suit. They must know why the policies are helpful to the organization and how the compliance department can be their partner in creating sustainable success. In this regard, the following communication efforts are often helpful: