Google caught the world’s attention with its simple corporate motto: “Don’t do evil.” Since then, it’s become the target of several government investigations.
A company strengthens itself when it clarifies the corporate mission, then builds a compliance program that reflects a commitment to the mission. To that end, a company should establish and maintain a culture that promotes:
- Quality and efficiency,
- High standards of ethical and business conduct,
- The effective operation of the business,
- High-standard maintenance of customer, client and vendor relationships, and
- The prevention, detection and resolution of conduct that does not conform to the company’s standards and policies and applicable law.
A commitment to compliance should reflect those qualities above. It should apply to all company personnel equally, including but not limited to senior management, administration, personnel, ongoing contractors and all full-time and part-time employees of an organization.
All company programs should include elements that reflect best practices, including:
- Written standards, policies and procedures to promote the company’s commitment to compliance with its own proscribed code of corporate conduct, applicable laws and regulations,
- Designation of an employee as the Compliance Officer (at least, as a part of the employee’s overall job description) or the hiring of a full-time Compliance Officer charged, with the responsibility of implementing and monitoring the Compliance Program,
- Designation of a Compliance Committee, if the corporate size warrants,
- Regular, effective education and training programs for all personnel as appropriate to their functions,
- A process to receive complaints concerning possible Compliance Program violations, procedures to protect the anonymity of complainants to the extent possible, and policies that protect complainants from retaliation,
- Granting the Compliance Officer and/or the Compliance Committee, as the case may be, sufficient authority to investigate, report and make recommendations directly to senior management and the Board of Directors regarding any irregularities and all findings,
- A process to respond to allegations of improper activities and the enforcement of appropriate disciplinary action against personnel who have violated policies, laws, regulations, or program requirements,
- Periodic audits or other methods to monitor compliance and assist in the reduction of problems in any identified areas,
- A process for investigating and resolving any identified problems, after investigation, report and recommendation by the Compliance Officer and/or Compliance Committee, as the case may be, and
- A document stating the foregoing points that all stakeholders sign, including a member of senior management, the Compliance Officer and the employee, either upon initial implementation of the program or upon the hiring of any new employee.
The company’s compliance program should grow stronger and more effective over time, becoming an integral part of the corporate culture. When company leaders fail to implement a compliance or training program, they expose themselves and their team members to higher levels of risk.
As stated at the start of this module, the company should create an accurate organizational chart, defining excellence within each role of the organization. Such an organizational chart should become a part of the enterprise process map, illustrating the functions and responsibilities of every role. For example, the organizational chart should articulate the role of senior executives, showing responsibility for:
- Evaluating risks that result from non-compliance with rules and regulations,
- Approving and supporting the compliance program, and
- Overseeing the performance of the compliance program to reduce risk.
The chart should show who bears responsibility to train on:
- Compliance with laws and regulations,
- Regulatory requirements of each functionary within the organization,
- The company’s internal rules and codes of conduct, and
- How the company works to remediate weaknesses and prevent violations.
The Compliance Officer/Committee should accept responsibility for:
- Coordinating audits and examinations in connections with laws, regulations and corporate rules and codes of conduct,
- Acting in an advisory capacity on the company’s policies and procedures,
- Monitoring corporate transactions, functions, events and internal systems seeking violations and to uphold the integrity of the organization, and
- Communicating issues to Senior Management and the Board of Directors.
Employees should acknowledge responsibility for:
- Acknowledging that they’ve been trained in the compliance program,
- Acting in accordance with the company’s compliance program,
- Partaking and engaging in all of the company’s compliance program activities,
- Reporting any violations of the company’s compliance program to either a direct manager or the Compliance Officer/Committee, confidentially or otherwise, as the case may be.
As a living, breathing entity, the enterprise should maintain the compliance program to protect against disruptions from litigation and government investigations, as well as to show a commitment to professionalizing the business. An effective program would demonstrate how the company pursues excellence, which leads to more success for all team members.