Compliance programmes ensure that companies act lawfully and follow the regulations that apply to them. Effective compliance programs can minimize the risk of misconduct, and safeguard against inadvertent breaches. They can also help reduce potential penalties and reputational damage in the event of a breach by demonstrating an organization’s underlying commitment to the rules.
Companies need to dedicate time and resources to developing a program that fits their organization, that is understood and followed by staff, and that is adaptable to evolving regulation.
Tailoring Compliance Programs
While no two compliance programs should be the same, there are a few fundamental building blocks that enable programs to be fit for purpose.
Understand Your Business and Sources of Risk
Effective compliance is tailored to a company’s risk profile. Assess broad categories of risk across all industries and geographies, as well as risks specific to your sector and your products or services. Evaluate the frequency with which the risk might arise, the nature of the exposure, the impact, the areas of the business that are affected, the relevant regulatory frameworks and the steps already in place to mitigate the risk.
Build a Dynamic, Operations-Focused Program
Fitting compliance into daily operations requires measures that are practical and relatable to staff implementing them. Make provision to assess and accommodate new risks. Assign ownership of risks to specific individuals to create accountability, and build education and monitoring into work habits.
Create a Global Structure with Local Considerations
Global programs can drive a consistent approach to compliance for multinationals. Where possible, global policies can be advantageous, but compliance must also address local rules, as well as varying risk profiles in each jurisdiction – for example on corruption – and the relative sizes of subsidiaries.
Understand Your Business and Sources of Risk
Effective compliance is tailored to a company’s risk profile. Assess broad categories of risk across all industries and geographies, as well as risks specific to your sector and your products or services. Evaluate the frequency with which the risk might arise, the nature of the exposure, the impact, the areas of the business that are affected, the relevant regulatory frameworks and the steps already in place to mitigate the risk.
Build a Dynamic, Operations-Focused Program
Fitting compliance into daily operations requires measures that are practical and relatable to staff implementing them. Make provision to assess and accommodate new risks. Assign ownership of risks to specific individuals to create accountability, and build education and monitoring into work habits.
Create a Global Structure with Local Considerations
Global programs can drive a consistent approach to compliance for multinationals. Where possible, global policies can be advantageous, but compliance must also address local rules, as well as varying risk profiles in each jurisdiction – for example on corruption – and the relative sizes of subsidiaries.
Ensuring Successful Compliance
Comprehensive compliance programs must be rigorously implemented to be effective. Courts and regulators increasingly want to see proof of practical compliance at a human level.
Create a Culture of Compliance
Leadership teams set the tone. Consider the messages and priorities managers communicate internally and with third parties, such as vendors and consultants. Staff should be able to notify management of concerns, while compliance and ethics can be incorporated into compensation and promotion structures.
Operationalize Compliance
Staff should have regular compliance training, which should be varied and relatable. This can range from e-learning modules to in-person assessments based on real life scenarios. It is important to monitor the effectiveness of compliance efforts, to ensure that procedures are being followed and to identify any issues that may arise.
Support the Compliance Function
Effective compliance typically needs significant financial and human resources. The compliance function should have visibility and status within a company, and have a direct and independent reporting line to senior management and/or the Board of Directors.
Learn from Mistakes
Quickly rectifying the result of errors or misconduct is essential, and steps should also be taken to ensure that lessons are learned from issues that do arise. New control mechanisms may be needed, and training updated to cover any new risks and responses.
Create a Culture of Compliance
Leadership teams set the tone. Consider the messages and priorities managers communicate internally and with third parties, such as vendors and consultants. Staff should be able to notify management of concerns, while compliance and ethics can be incorporated into compensation and promotion structures.
Operationalize Compliance
Staff should have regular compliance training, which should be varied and relatable. This can range from e-learning modules to in-person assessments based on real life scenarios. It is important to monitor the effectiveness of compliance efforts, to ensure that procedures are being followed and to identify any issues that may arise.
Support the Compliance Function
Effective compliance typically needs significant financial and human resources. The compliance function should have visibility and status within a company, and have a direct and independent reporting line to senior management and/or the Board of Directors.
Learn from Mistakes
Quickly rectifying the result of errors or misconduct is essential, and steps should also be taken to ensure that lessons are learned from issues that do arise. New control mechanisms may be needed, and training updated to cover any new risks and responses.
Jennifer Kennedy Park
Partner
New York
T: +1 212 225 2357
jkpark@cgsh.com
V-Card
James Norris-Jones
Partner
London
T: +44 20 7614 2336
jnorrisjones@cgsh.com
V-Card
Nowell D. Bamberger
Partner
Washington, D.C.
T: +1 202 974 1752
Hong Kong
T: +852 2532 3785
nbamberger@cgsh.com
V-Card
Built with Shorthand