Seven elements of effective compliance and ethics programs

But few CEPs, if any, have had any formal education that would make them better suited than their executive counterparts to make even garden-variety business decisions that have significant legal and ethical dimensions.

Regardless of how much expertise, authority, or moral courage a chief CEP has, others in a corporation ultimately have the responsibility to run the business. Many of the most important and difficult business decisions corporations must make are based upon incomplete data, assumptions about future market conditions, and hundreds of other variables.

In such circumstances, there are many ethical and lawful options. It is the CEO and their team, not the chief CEP alone, that shareholders and directors expect to make these decisions.

This is as it should be. I suspect most would agree that the status quo with its continuous parade of corporate scandals and the enormous harm they cause to all stakeholders is intolerable.

Thirty years on we still have considerable work to do to realize the primary goal of the Seven Elements by developing and implementing corporate governance practices that are more successful at regulating individual behavior at all levels of the corporation. Although I believe CEP effectiveness is optimized when they are members of the executive management team, the answer is not the creation of larger and more potent compliance and ethics offices. The key to eradicating the scourge of systemic corporate corruption remains where it has always been and always will be: in the boardroom.

Instead, I believe the key to eradicating the scourge of systemic corporate corruption remains where it has always been and always will be: in the boardroom. As a practical matter, directors, not CEPs, are the only ones in a position to hold senior management accountable for implementing sound internal controls and building a strong ethical culture.

In my experience, the overwhelming majority of corporate directors are highly intelligent, conscientious business professionals dedicated to helping the companies they serve conform to legal requirements and thrive over the long term. Their jobs are exceedingly demanding and have been made more so by the torrent of regulations passed in response to past corporate transgressions. But to be more effective at governing corporate behavior directors must seek and find a practical means to measure compliance and ethics performance and hold management accountable for meeting performance goals.

One means of achieving this objective that I have advocated for years is for boards to ask and demand that corporate senior management not CEPs provide answers to two fundamental questions coupled with objective, verifiable evidence and hold them accountable for meeting defined performance goals:. In addition to being a sensible and cost-effective means of satisfying the Seven Elements and ISO mandates, this prescription for improved governance is in keeping with other key aspects of board oversight.

Instead, they scrutinize financial statements and commission routine internal and independent audits. CEOs and senior managers who fail to meet performance targets at well-run firms are dismissed. This same level of oversight is not happening with respect to compliance and ethics performance in most corporations. And even in the wake of massive corporate scandals, there have been many instances where boards made no management changes or only reluctantly did so in response to withering pressure from shareholders, regulators, or legislators.

This culture of tolerance for poor compliance and ethics performance must change. As a consequence, they are often as shocked and surprised as the rest of us when news of a massive scandal at their firms becomes public.

Until directors remedy this deep shortcoming in corporate governance practices, I suspect another 30 years will pass with little reduction in the corporate corruption rate. This is a fate we should all work to avoid. Develop practical methodologies to gather the Prime Integrity Metrics and help your directors understand and act upon them by setting performance goals and holding management accountable for achieving them.

US Congress created the US Sentencing Commission in the s to develop sentencing standards for the federal court system. Chapter 8. Compliance officers need to be aware of any existing or new risks to the company and have to prepare regular reports, which they then hand in to directors or management. That way, these entities know how the organization is performing ethically.

Compliance officers are also in charge of the onboarding process of new employees when it comes to training them on compliance procedures. It never hurts to have employees review it regularly. In addition, these officers are responsible for following up on suspicious activity in the workplace.

In cases of non-compliance, the compliance officer is in charge of recommending proper disciplinary action. Compliance officers are also responsible for adopting new technologies to the compliance program as required and training employees to use them. Examples of these include reporting software and hotlines. A corporate compliance program serves many purposes. The first is to prevent ethical misconduct such as tax fraud, extortion, or criminal activity that can lead to wider and business-ruining ramifications.

A strong, properly functioning program will help prevent your company from drawing media attention for all the wrong reasons. The scope of a compliance program often depends on how large your business is. The larger your business becomes, the more the program will need to cover. It will also become more formal and will be able to implement more resources since it can now afford more. To understand the scope of your compliance program, you need to periodically gauge whether it is meeting your compliance needs.

You can do this by holding discussions with the Board of Governors, management, and employees to get a better understanding of what they think.

You should also ensure you know what your business objectives are so that you can continuously improve your compliance program in order to meet those goals. As you perform periodic reviews of your compliance program and update it, be sure to conduct regular risk assessments and try to identify any new possible threats to your operations. However, not all compliance programs are made equal.

So, what are the elements of an effective compliance program? Employees, and all stakeholders for that matter, need to be living and breathing the organization's Code of Conduct.

Expected behaviour, as outlined in the Code, needs to be understood by everyone. So go ahead, have lunch and learn sessions, team meetings, performance reviews, and otherwise. Educate, communicate, then communicate again. Meet your compliance officer. This position must be held by a strong and honest leader, perhaps even a group of leaders depending on the size of your organization. Regardless, exercising appropriate due diligence during the vetting process must be completed before handing over those reigns because they are higher in authority and, according to the ACFEs Report to the Nations, the higher the position in seniority, the more median fraud is committed.

As the person in charge of investigating suspicious behaviour, appointing such a person the compliance officer would be a serious conflict of interest.

Education and training organization-wide is vital to the success of your program. Many organizations have policies in place but have not communicated them fully to achieve optimum success. Again, standards of conduct, policies, and procedures are the tools of compliance and ethics, but they must be used and sharpened to be effective. An organization should have the appropriate high-level personnel overseeing the compliance and ethics function, with a specific executive given overall responsibility.

These compliance personnel should have accountability as to the success or failure of the compliance and ethics program. Adequate resources must be dedicated to implementing the program. An organization should designate a compliance officer to serve as the focal point for compliance activities.

Whether the position is full-time or part-time will depend on the size, scope, and resources of the organization. Also, according to the FSG, assigning the compliance officer appropriate authority is critical to the success of the program.

On a specific level, for example, the compliance officer must have full authority to access any and all documents that are relevant to compliance and ethics activities. This includes documents such as financial statements and supporting documents, contracts with suppliers and agents, and other billing and accounting records.

To carry out such operational responsibility, such individual s shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. Board members should be actively involved in the interviewing and hiring of the compliance officer. There are considerable conflicts involved in having the compliance officer report to the general counsel or to the chief financial officer.

Separation of compliance from legal and finance when possible helps ensure that legal reviews and financial analyses are independent and objective.

It is most important that the compliance officer be independent. The size and setting of your organization will influence its reporting structure. The main focus of the position should be the day-to-day operations of the compliance and ethics program. Primary responsibilities should include the following:. Designing, implementing, overseeing, and monitoring day-to-day operations of the compliance and ethics program.

Assessing effectiveness of the compliance program and revising the program periodically as appropriate. Ensuring that appropriate background checks are done to eliminate sanctioned individuals and contractors. Compliance is still a relatively new field.

Most compliance officers therefore may not have extensive previous experience in compliance. This unique position requires an individual who understands the nature of the business or industry, is capable of understanding and questioning financial and billing statements, is knowledgeable of applicable legal requirements and sanctions that may be imposed in the industry for wrongdoing, has strong written and verbal communication skills, and is firm yet approachable.

Whatever the tenure or the educational level, the compliance officer, as the focal point of the program, must be a figure respected and trusted throughout the organization. Strong interpersonal skills, good listening abilities, and discretion are mandatory. As the compliance and ethics profession has grown and matured, it has, like other professions, sought to identify and distinguish those in the field who have, with experience and education, achieved the necessary skill set to be an effective compliance officer.

There are now several compliance-related certification and degree programs. Moreover, compliance officers are also stewards of a public trust, and therefore the services provided must be of the highest standards of professionalism, integrity, and competence.

They include:. Principle II: Obligations to the Employing Organization —Compliance and ethics professionals should serve their employing organizations with the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf, and promote effective compliance and ethics programs.

Principle III: Obligations to the Profession —Compliance and ethics professionals should strive, through their actions, to uphold the integrity and dignity of the profession, to advance the effectiveness of compliance and ethics programs, and to promote professionalism in compliance and ethics. These principles and the accompanying more detailed rules of conduct should be reviewed, studied, and adhered to by all compliance officers.

To view the entire code and an analysis of its meaning, see Chapter 1. The compliance officer may be the focal point of a compliance and ethics program, but they cannot be the only point. The formation of a compliance committee can be an effective addition to the program.

The compliance committee should be established to advise the compliance officer and assist in the implementation of the compliance program. The organization will benefit from having varying perspectives, such as operations, finance, audit, human resources, social work, and legal, as well as employees and managers of key operating units, on the committee.

In some organizations, the compliance officer sits on the committee. In others, the compliance officer may even chair the committee. Regardless of who chairs the committee, the compliance department will in all likelihood be responsible for scheduling meetings, preparing the agenda, taking and distributing minutes, and coordinating follow-up. Compliance committee functions, in addition to aiding and supporting the compliance officer, may include but not be limited to the following:.