info@riddlecompliance.com

Get In Touch

908.447.0521

Call Us
Riddle Compliance
Riddle Compliance

Strategies for Building an Effective Compliance Program 

The DOJ released new compliance guidelines in 2019 focusing on the issues regulators and prosecutors will look for when evaluating the effectiveness of an organization’s compliance programs. The updated guidance adds 61 new factors that firms should consider when assessing the effectiveness of their compliance programs. The DOJ expects organizations to not only implement compliance programs but also ensure that the programs are effective. Firms must ensure that their compliance programs are well designed, adequately resourced, and empowered to perform their function and that the program works in practice.

Design an Effective Ethics and Compliance Program

The design of the compliance program should enable it to have maximum effectiveness in detecting and preventing unethical conduct. The program should be comprehensive covering all aspects of the business and supported by policies and procedures that assign responsibility to enforce compliance. The program should also be integrated into organizations’ operations and culture. 

Risk Assessment, Monitoring and Internal Auditing

Firms should identify, assess, and define their risk profiles then develop compliance programs that devote appropriate analysis and resources to the pertinent risks. They can achieve this by building an effective compliance program designed to detect the types of violations most likely to happen in the organization’s line of business. Firms should periodically review their risk profile and modify their compliance programs to reduce the risk of misconduct. They should implement an effective risk assessment process and devote resources that are proportionate to the risk profile of each area. 

Developing Written Policies and Procedures

Firms should develop a code of conduct that outlines the policies and procedures aimed at creating ethical norms and reduce risks of violation. They should demonstrate a commitment to full compliance by creating compliance mechanisms that are accessible and applicable to all employees. The policies should be comprehensive and accessible to all employees and third parties. 

Compliance Training and Corporate Communications  

Firms should ensure that compliance policies and procedures are integrated into employee development programs. They should conduct periodic compliance training and certification of all employees, directors, agents, and business partners. Firms should tailor the content to suit the education level and subject matter expertise of different groups. They should present the training in a form and language that is appropriate for the audience. The training should cover case studies of past incidences and provide an adequate assessment of competency levels. Firms should also provide abundant and accessible compliance program guidance. 

Confidential Reporting Structure and Investigation Process

Organizations should create an efficient and trustworthy mechanism through which employees can report allegations of a breach of the code of conduct or actual misconduct confidentially and anonymously. They should establish a complaint-handling process that encourages reporting and an atmosphere that is not hostile to whistleblowers. There should be an appropriate process for submitting complaints, timely investigation, and appropriate penalties. Firms should also create mechanisms for ensuring that the investigations are objective, independent, appropriate, and properly documented. They should also create a process for monitoring the outcome and ensuring accountability for the response and recommendations.

Managing Third Parties and Due Diligence

The compliance program should apply risk-based due diligence to third-party partners. Firms should understand the qualifications and operations of third parties and ensure that all transactions are ethical. They should also understand the implications of entering transactions with different third parties, the risks involved, and their reputation. Firms should also continuously monitor third party relationships through audits, due diligence, training, and annual compliance certifications. 

Allocate Sufficient Resources and Empowerment to The Compliance Program

Establishing an effective ethics and compliance program requires significant resource allocation. Organizations must ensure that compliance programs are implemented, reviewed, and revised appropriately and effectively. They should create a compliance and ethics department with sufficient staff to implement, audit, and analyze the compliance program. Firms should also provide adequate information to staff about compliance, demonstrate commitment, and create a culture of compliance. 

Support from Top Management

The effectiveness of a compliance program relies on commitment from the company’s senior and middle leaders to implement a compliance culture at all levels. The attitude of the top leadership towards compliance sets standards for the rest of the organization. The company’s governance structure should have wide knowledge of the content and operation of the ethics and compliance program and exercise reasonable oversight over the executives. Senior managers should unequivocally articulate the organization’s ethical standards and demonstrate rigorous adherence to the principles. They should act as champions reinforcing the standards and encouraging employees to abide by them. Executives should model ethical behavior in all their actions.

Autonomy and Resources

Firms should confer the compliance department with the authority and stature required to implement and oversee compliance programs. The staff should have sufficient seniority and resources to undertake auditing, documentation, and analysis of compliance requirements. The staff assigned to the compliance department should have adequate qualifications and experience to identify transactions and activities that may cause compliance risks. They should also have sufficient autonomy from senior management and be directly answerable to the board of directors. Further, firms should ensure that internal audit functions have sufficient independence and accuracy. 

Incentives and Disciplinary Measures

Firms should set clear disciplinary procedures, enforce them consistently throughout the organization, and ensure that the penalties are commensurate with the violations. They should make it clear that unethical conduct will not be tolerated irrespective of the title or position of the violator. Firms should also provide clear incentives for employees to comply with the ethics program. 

Organizations should also have appropriate disciplinary measures for engaging in unethical conduct or failing to take reasonable steps to prevent or detect criminal activity. For instance, firms can publicize disciplinary actions for violations internally and provide incentives, such as promotions, bonuses, and rewards for ethical leadership. Corporate governance can also make compliance a key metric for management bonuses and career advancement. 

Ensure the Compliance Program Works

When evaluating misconduct, prosecutors are interested in finding out if there was a systemic failure to deter and prevent misconduct. If a firm identifies misconduct, takes appropriate action, and self-reports, the prosecutor will view this intervention as evidence of an effective compliance program. 

Firms can ensure compliance by vigilantly working to detect and investigate suspected misconduct. They should take root cause analysis to understand the cause and the level of remediation required to prevent similar occurrences in the future. The compliance programs should be evolving constantly to address changing and emerging compliance risks. Proactive efforts make it easier to get a favorable resolution from the regulators or prosecutors. 

Riddle Compliance’s regulatory advisory services are customized compliance solutions to help clients in healthcare, financial services, and construction comply with industry regulations. Request a consultation