September 2016 edition
Establishing a compliant culture: From a culture of compliance to a culture of integrity
Establishing a culture of compliance is a huge undertaking but an extremely worthwhile commitment. It takes continuous vigilance, resources and time to influence widespread change. As regulatory demands continue to grow, companies need to have the resources and technological framework in place to build compliance practices into their everyday workflow.
How to achieve a culture of compliance: the basics
- Awareness – Simply put, a company can’t be compliant if it doesn’t fully understand regulators’ expectations. In today’s constantly evolving regulatory environment, companies need to find new ways to keep their finger on the pulse of changing regulations. It is extremely important that an organization has the resources in place to keep managers abreast of new developments, meet deadlines, and understand complex rules in a timely manner, allowing them to make well-informed decisions to better mitigate regulatory risk.
- Communication – Compliant behavior goes hand in hand with instilling an ethical culture across an organization. To achieve this, the tone needs to be set from the very top. The C-suite needs to effectively and continuously communicate the expectations, policies and procedures that employees must understand and practice daily. Furthermore, senior managers need to be transparent about their own behavior by setting a high standard of ethical conduct that can be filtered down throughout an organization.
A culture of compliance is founded on the individual behavior of each employee across an organization. An effective compliance program needs to have clearly defined rules and standards of behavior that can act as a road map for every employee to understand, trust, and practice daily. Clearly defining the standards of respect and communicating the behavioral expectations for each and every employee will encourage teamwork and productivity as everyone strives to adhere to the same cohesive compliance policy.
- Education – Perhaps one of the most important pieces of the compliance puzzle is ensuring that employees are educated on an organization’s internal policies and external regulations in a regular and influential way.
Companies have historically approached compliance training as a once-a-year process, but with regulations, procedures, and internal corporate procedures constantly evolving, employees need more repetitive education in order to stay abreast of ongoing requirements. New approaches, such as MicroLearning, focus on delivering training in small, specific modules in order to maximize retention of information.
- Effective technology – There is no one-size-fits-all approach to compliance education, so companies need to create a customizable framework that appeals to the needs and learning styles of different employees. E-learning programs that leverage interactive use cases, videos, games, and quiz questions that cater to a specific user’s job function have proven to be an extremely effective way to reach the digital-savvy employee.
Incorporating mobile-friendly elements allows individuals to more easily remain on top of requirements through their mobile phone or tablet, and videos can be integrated for visual learners to learn more effectively. All of these components are key elements that make up an effective compliance program.
A robust course completion tracking and reporting system is essential to simplify the administration process, monitor employee participation, and drive high completion rates. This provides additional benefit for a company should an issue arise and can be offered as evidence if regulators question company behavior or intentions.
- Incentives – There is no denying that corporate culture reflects what managers reward. By developing suitable compliance incentives, management can demonstrate their commitment to compliant and moral conduct. Just like any aspect of business, an employee will be more motivated if there is potential for personal and professional gain.
This is a longstanding position that the Securities and Exchange Commission (SEC) has supported for years. In 2004, then SEC Director of Enforcement Stephen M. Cutler said, “Make integrity, ethics, and compliance part of the promotion, compensation, and evaluation processes as well. For at the end of the day, the most effective way to communicate that ‘doing the right thing’ is a priority, is to reward it.”
- Incident reporting and case management – Incident reporting and case management are important aspects of a compliance program to ensure a company is able to track and address any misconduct. Being aware of noncompliance is half the battle when it comes to mitigating risk. Some employees wish to remain anonymous when reporting misconduct, while others want a personal response or some type of acknowledgement. An effective system offers a variety of options for employees to report an incident. Reporting options can be offered via an online Web portal, automated phone system, live operator, or a combination of the three for a thorough incident reporting system.
Many businesses have inconsistent methods for incident reporting and case management that begins with multiple concern reporting lines and continues with the high volume of affiliated spreadsheets and notes stored in various, disconnected locations. This exposes a company to additional risk that could be otherwise avoided. A more streamlined incident reporting and case management platform equips an organization with one cohesive enterprise control system used to collect, manage, and resolve incidents across the entire company. Collecting all incident information in a consistent manner helps organizations quickly determine appropriate actions based on the level of risk presented to them.