The world of compliance took a turn in September when the U.S. Department of Justice released a new game plan to address corporate crimes.
For nearly a year, the DOJ’s Corporate Crime Advisory Group received feedback from academics, legal experts, business leaders and others to determine the best ways to dissuade corporations from misconduct. The conclusions emphasize the importance of promoting tougher measures against companies that commit corporate crimes and seek to encourage corporate cultures of integrity where good practices are rewarded.
Specifically, the measures focus on strengthening compliance programs to dissuade misconduct, establishing incentive systems to avoid bad practices, offering credits to those who voluntarily report irregularities and cooperate with investigations and taking into account the history of irregularities of a company when imposing sanctions. One of the main points of the DOJ announcement refers to prosecuting “individual accountability,” that is, the responsibility of those who commit business crimes and benefit from them, regardless of position or seniority.
This is undoubtedly an incentive for companies, but it is also a challenge since they will have to document and demonstrate that they are doing everything possible to prevent corruption and/or remedy bad practices. Therefore, organizations’ compliance programs cannot be a simple checklist; they must be robust, real and in constant evolution. Above all, companies must believe in such programs.
Given this, I am sharing five takeaways for creating a solid compliance program.
1. Continuous Self-Monitoring
Continuous monitoring of your compliance program is essential to analyze the program’s performance and make adjustments along the way. This makes it possible to detect gaps and ensure good corporate practices are being carried out, the established controls and policies are respected, changes in procedures are transparent and all relevant information is documented.
This monitoring can be carried out by an impartial third party. (Full disclosure: This is a service my company provides, as do others.) A third party can allow for the generation of continuous evidence that the company is doing everything possible to prevent and detect corruption in a timely manner.
When working with a provider, ensure the vendor has a strong understanding of how companies operate and the role of compliance in each department. It doesn’t help if a vendor disregards divisions such as procurement, accounting, human resources and others where risky behavior tends to be prevalent. Additionally, if your corporation has operations across a region, ask the vendor if it has experience working in those countries and understands the respective cultural idiosyncrasies. That knowledge can help third-party entities identify where risks hide.
2. Tone At The Top
The role of the board of directors in securing the effectiveness of compliance programs today is more important than ever. Business leaders must internalize a program in such a way that all their actions are focused on compliance. Likewise, it is essential that ethics and integrity be instilled at the top of the organization because this creates a sense of belonging, which can help employees identify with corporate values and be more inclined to defend and rally around them. Commitments written in employee handbooks shared via email, posted on the website or included in annual reports are useless unless they come from leaders who put them into practice.
3. Reporting Channels
Every company must ensure transparency and strengthen its reporting channels as the main tool to identify and correct unethical conduct or crimes, in addition to protecting the anonymity of whistleblowers. Unfortunately, I’ve observed many companies fail to implement them for fear of knowing the truth and do not give these channels the proper promotion and commitment. Therefore, many employees prefer not to report for fear of reprisals, such as losing their jobs or suffering sanctions. Or, they might believe that the reports will not be subsequently investigated, especially if the suspect holds a higher position.
This cycle of the company not wanting to listen and the employee is afraid to speak only fuels impunity. As such, voluntary reporting of bad behavior will be an indicator that a company has a compliance program that works and a healthy corporate culture.
4. Communication Of The Compliance Program
Gift policies, codes of ethics or manuals of conduct are just useless paperwork and bureaucracy if they are kept in a drawer and not shared with the entire company. During training, it is important to proactively expose employees to ethical dilemmas regarding possible risks so they know how to face them when similar situations arise in real life. Faced with the same event, each person might react based on their experiences. Training that considers their biases will increase the value of compliance by preventing possible crimes.
5. Due Diligence
Risks are everywhere, and companies must evaluate and investigate before investing in a lucrative business or hiring a new supplier or employee. This will help them clear up possible conflicts of interest and know who they are doing business with.
The DOJ’s announcement is an opportunity for companies to take stock of how they are doing with their compliance programs and whether they are really giving compliance the priority it deserves. In addition, it puts into perspective the role of each member of the company in the prevention of corporate crime.
On one hand, the board of directors must act based on ethical values, be able to instill them in the company’s workers, consider their cognitive biases in their training and facilitate whistleblowing while providing the necessary security so that reports can be made without fear. On the other hand, employees must wholeheartedly take on the commitment to defend these values and denounce where they see that they are not acted upon.
Finally, I would like to reiterate that these programs are not a simple manual; they are the sum of all the policies and procedures that belong to every department, and they focus on the most sensitive areas with the greatest risks. Therefore, there must be clarity on controls such as payment policies, supplier selection, human resources and commercial policies, among others, which are the heart of a compliance program.
By Susana Sierra
Published in Forbes