Like a three-legged stool, in order to stand, an effective compliance program should have three components:
Without all three components, the compliance program will not serve much purpose in protecting the leaders or members of the enterprise. A clear authority figure should oversee the compliance program, and the person in that role should have appropriate training for oversight. That person must accept responsibility for staff training and demonstrate a good-faith effort to ensure every person in the enterprise understands the purpose behind every policy. Some compliance training will be basic, essential for all new hires. Other training modules may require monthly or even daily accountability logs.
A good system will encourage two-way communication throughout the organization. All team members should express confidence that the organization will consider their ideas for improvement. If the organization is willing to listen to concerns, the company can strengthen its defense of its commitment to act as a good corporate citizen.
All compliance training should include steps to document how the responsible person within the company monitors and audits compliance. A robust monitoring and auditing system may induce all company representatives to comply and shows corporate commitment to doing the right thing. Such tactics should:
Corporate leadership must have the courage to be swift and certain when it comes to discipline. Sometimes, such a commitment can lead to an ethical dilemma. If a person serves in a leadership role and has a history of being a rainmaker for the company, owners may be reluctant to discipline the individual for noncompliance. Yet if the rainmaker undermines the enterprise’s commitment to compliance, the level of risk increases, often well in excess of the perceived benefit of the business generated by such rainmaker.
Again, leaders protect a company with well-documented commitments to transparency. If a team member fails to comply with program requirements, a clear record should show the appropriate corporate response.
When a company identifies vulnerabilities or violations through monitoring and auditing, management must take timely, consistent action to correct the issue. No company can implement a compliance program expecting to have considered all possibilities. We never know what we don’t know. For this reason, leaders within the enterprise should build a record of analyzing corporate compliance and making improvements when necessary.