The complexity of compliance and risk exposure in doing business globally has reached an unprecedented level in recent years. In the U.S. alone, 4,000 new laws and regulations are in the works — and that’s in addition to the more than 3,500 federal regulations passed just last year. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 represented the most sweeping reform of financial regulation in the U.S. since the Great Depression. In fact, throughout the global infrastructure, many countries are expanding their compliance framework to add increasingly stringent requirements for entities doing business in their jurisdictions.
For chief compliance officers, the challenge is how to implement policies, procedures and standards that, in spite of the regulatory complexities, are easily understood by, and transparent to, employees and stakeholders. These policies, procedures, and standards must be effective in enhancing compliance and detecting and mitigating enterprise risks. And at the end of the day, the compliance function should also add value to the proper sustainability and responsible growth of the company.
Compliance best practices may be summarized by five essential elements that promote the effective understanding and awareness of enterprise risk management, while helping the company to steer clear of ethical, regulatory, and legal issues throughout the global landscape.
1. Effective Design: Straightforward and Transparent
Many organizations have voluminous binders and manuals filled with compliance or compliance-related policies and procedures. No doubt these were instituted with the best of intentions, but the reality is that they are incapable of being efficiently implemented because they can barely be understood. Disorganized and outdated, these paper-based programs are often the result of reacting to various crises and new rulemaking over the years, with little attention paid to the package as a whole.
In today’s fast-paced, globally networked, and continuously evolving business environment, the substance of the compliance programs must be understood, relevant, and updated such that employees and business partners can easily comprehend and execute on the principles so important to doing business ethically and legally around the globe.
An effective design requires thoughtful structuring and clear communication. The components of the program must cover key business segments and focus on global regions within the company. The program must be simple and easy to follow while covering all of the bases.
On publishing, it makes sense to provide a big-picture overview of the various components in the first page of your compliance Intranet site. Your compliance site should also provide the table of contents on the side bar and allow easy clicking in and out of different components and contents. Better yet, your Intranet site should allow users to easily find relevant content through keyword searches. Each of the components should identify the contact person(s) for questions or reporting, and should indicate when the last update occurred.
It is essential that the policies use plain English and be concise and relevant. We should not expect to turn your employees into experts in Sarbanes-Oxley or the Federal Sentencing Guidelines. They just need to know the Dos and Don’ts, where to report issues, how to make basic decisions, and whom to consult when more complex situations arise. Without clarity, your employees might not understand; without brevity, your employees might not even try to understand.
