What makes an effective compliance program?
The question is straightforward, but the answer isn’t. Ultimately, you can debate the merits of various strategies and policies for days, but you’ll miss the mark if you don’t consider the regulatory perspective.
Perhaps the more pressing question, then, is: What do federal regulators consider an effective compliance program? Luckily the DOJ has released tragically underutilized guidelines that aim to make effective compliance and ‘compliant ‘compliance programs one in the same. Here’s what they mean to HR and compliance professionals.
‘Tone at the top’ shows a demonstrable interest in ethics by senior leadership.
In early 2017, the U.S. Department of Justice (DOJ) released guidelines on the Evaluation of Corporate Compliance Programs (PDF). And in that document, the DOJ indicated that when deciding whether to bring formal charges against a business, or potentially offer a plea or other agreement, the DOJ often considers “the existence and effectiveness of the corporation’s pre-existing compliance program,” as well as the firm’s attempts “to implement an effective corporate compliance program or to improve an existing one,” after an incident. (Incidentally, the DOJ has since formalized a concise summary of the elements of an effective compliance program in the Corporate Enforcement Policy of the US Attorneys’ Manual).
As a part of these guidelines, the DOJ published an evaluation form containing the criteria the department itself uses to evaluate compliance efforts. While the form covers several key program areas, the role of senior and middle management in preventing potential corruption or fraud is prominent.
And this focus only makes sense, considering that the DOJ had previously indicated that the approach—commonly referred to as “tone at the top“—is a key ingredient in creating an ethical corporate culture. Furthermore, the DOJ is not alone in this perspective, as the Association of Certified Fraud Examiners (ACFE), the U.S. Securities Exchange Commission (SEC), and the Organization for Economic Co-operation and Development (OECD) have all made similar statements.
When evaluating managerial involvement, the DOJ is particularly interested in the specific actions that company leaders have taken to discourage misconduct as well as to “demonstrate leadership in the company’s compliance and remediation efforts.” Besides encouraging ethical leadership, the DOJ also warns that “involvement by executive management of the company in the misconduct” can be considered an aggravating circumstance in a federal criminal prosecution.
To clearly demonstrate their commitment to creating a culture of compliance, management and C-level executives should regularly communicate their expectations regarding ethical behavior to the company at large. Ethics and compliance discussions should be frequently included in departmental meetings, and supervisors should visibly participate in any training or education efforts focused on corruption or fraud. If leadership makes it clear that the entire management structure prioritizes compliance, employees will quickly follow suit.
The mere presence of ethics and compliance training isn’t enough.
Effective training is a key component of compliance programs that excel, and, as such, federal officials often evaluate training programs in great detail as part of a regulatory review. Here, training is seen as a powerful means of demonstrating your company’s interest in creating a truly effective compliance program.
The mere presence of training initiatives won’t give your program an automatic green light, however. The DOJ examines the content of training—to see if it covers broad compliance topics, or if it matches the risks associated with each class of employee who take training. Also note that the DOJ also particularly emphasizes training financial and managerial staff.
Or, as put by compliance expert Mike Volkov, Principal of the Volkov Law Group, in an EVERFI webinar appearance:
What the DOJ is trying to say is “we want to see a higher quality and higher level of targeting towards the specific risks.” So let’s say you have fewer contacts with government officials but you have more third parties… or if you’re doing business in countries where you know the lunar year the holiday gift-giving season is important. Each of those could require you to bolster that aspect of your training program.
Finally, beyond your training’s specificity, federal regulators are looking to establish your program’s efficacy. Initiatives that monitor progress on key compliance issues through surveys, testing, and analytics show a commitment not just to developing a program that reaches the right people with the right training, but also a desire to continually improve outcomes.
Above all, the DOJ guidelines set crystal-clear expectations for compliance and HR professionals. So long as your program’s intent is apparent through its structure, adherence to demonstrated best practices, and effort taken to improve results, your efforts will be evaluated in light of their design.