Corporate Compliance

Corporate compliance is the way that a company ensures that it is following all the laws and regulations that apply to their business. This generally involves the design, implementation, and monitoring of policies, trainings, procedures and practices.
A corporate compliance program is generally defined as a formal program specifying an organization’s policies, procedures, and actions within a process to help prevent and detect violations of laws and regulations. It goes beyond a corporate code-of-conduct since it is an operational program, not simply a code of expected ethical behavior. Clearly, a code-of-conduct is an important component of a compliance program and ethics remains the heart and soul of all corporate compliance programs. However, a comprehensive program goes further by applying the code to the specific risks of an organization and integrating measures to address those risks.
Here are some aspects that go into the making of an effective corporate compliance program. This list of ten considerations can be used as a checklist to see where your organization stands:
- Understand the Scope: Identify all regulatory and internal compliance needs and efforts to challenge if organizational responsibilities are properly aligned. This should not be a “one and done” step, but rather performed periodically as regulatory landscapes and operational environments are typically changing. You need to address this one in tandem with the next three.
- Gather Internal and External Intelligence: Tap into the collective intelligence of your company by soliciting thoughts from the Board, management and employees. Also look beyond the walls of the organization to understand industry developments and competitor reactions to corporate compliance. This includes researching legal actions to help identify risks.
- Define Objectives: Define objectives (things to accomplish in order to achieve a goal) from an enterprise and business unit standpoints. This should be a significant part of the periodic strategic planning process.
- Conduct a Risk Assessment: Identify risks, probabilities, and the significance in terms of both qualitative and quantitative measures. Consider scenarios from a cause-and-effect standpoint.
- Align Controls: Policies, procedures, and actions within a process, should be in place to address the risks to best achieve objectives.
- Verify Buy-In and Understandability: Everyone needs to know their roles. For control owners to be expected to act appropriately, they need to understand the “why” and “how” of the compliance program. Controls need to be clearly communicated, ideally with a feedback loop so control owners can voice their insights and concerns.
- Test Cultural Support: Many organizations have put in place paper programs that have no real effect on the operations of the organization. Determine if the cultures at headquarters and all relevant business units are supportive of a strong corporate compliance program. This can be accomplished through surveys, independent reviews and entity-level control assessments.
- Assess On-Going Compliance: Build monitoring, internal audit and special reviews into the compliance program to help ensure that controls are operating effectively. This effort should also seek to identify the most-efficient alignment of responsibilities and controls.
- Train, Educate and Communicate: Deliver periodic targeted training and share compliance information with the business units, global functions, external partners, customers, vendors, and other stakeholder groups.
- Measure Results and Report to Board: Develop a reporting dashboard to keep management groups and the Board aware of compliance measures, trends and developments. This should address both internal and external activities.