Commentary

Kick-start your compliance process with these seven questions

How a solid and comprehensive compliance program prevents damage to your company’s reputation and any adverse impact on bottom time.

January 01, 2017

Today’s business environment is becoming increasingly multifaceted—new models of business and structures are always emerging, and laws are constantly changing to keep up with the ever-evolving views and values of the society. Consequentially, compliance requirements are getting increasingly complex.

Why should we care about compliance? A solid and comprehensive compliance program prevents damage to your company’s reputation and any adverse impact on bottom time. Partaking in noncompliant activities would spell significant trouble for your organization, both ways.

Take German automobile maker Volkswagen for example. In September 2015, the company admitted to deliberately cheating on US diesel emissions tests and had to pay US$15.3 billion to its customers and regulators. Not only has its reputation taken a dip due to the bad press, it’s also fair to say that US$15.3 billion is not a small sum—this money could have been used for more productive uses, and would have made a difference in this increasingly competitive environment where every investment dollar is critical.

Navigating compliance is a must. While we recommend companies to consult a professional compliance organization to ensure rigorous standards are met, for a start, here are seven fundamental questions you can ask to begin on the compliance journey.

1. Is the scope of compliance requirements well-understood and reviewed periodically?

An essential aspect to consider when selecting a compliance partner is to ensure that it has a clear and accurate understanding of the requirements across the four elements that make up the compliance framework. These areas are:

  • Statutory and regulatory compliance, which includes laws, regulations and statutes that govern an organization’s activities at international, regional, national and local levels.
  • Operational and financial compliance, comprising policies and procedures aimed at minimizing and mitigating an organization’s risks across diverse disciplines such as procurement, financial reporting, data governance, safety, human resources, and more.
  • Contractual compliance, which can take many distinct forms. These are mostly master service agreements, union labor contracts or pricing; such agreements are usually lengthy and drafted in complex legal language.
  • The ethical dimension, which includes responsibilities toward an organization’s employees, clients, shareholders, stakeholders and more broadly communities. Ethical guidelines are setting the right tone for proper business conduct, advancing righteous decision-making and promoting integrity across the organization.

Besides knowledge, a good partner would have the necessary resources and infrastructure to interpret and impart the information in the form of regular training or workshops for better understanding and application.

Cameron Scott, JLL’s Chief Operating Officer for Corporate Solutions, Asia Pacific, says, “While employees can read and understand an ethics code of conduct, running workshops, from our experience, makes all the difference in helping them understand how to apply this knowledge in practical situations.”

In addition, it is essential to schedule periodic reviews for changes in the compliance environment, especially for laws and regulations. While your partner organization should be across the nitty-gritty of the changes, it is important for you to be across it just as much. This is a necessary step to prevent any compliance breach.

2. Are there experts in place, at both the corporate and operations level, across the four key compliance areas?

This question addresses the need to put in place compliance professionals within your organization to ensure compliance programs break through corporate silos and reach all relevant operations personnel. These experts have the authority to ensure that the tasks are completed while collaborating with multiple departments to make sure all appropriate elements of the compliance program are looked after.

Identifying governance roles and relationships within the organization is also vital. We see that leading organizations have well-defined governance systems with clear reporting relationships. For example, a firm may choose to create a professional standards group to govern ethics across the organization and provide training to managers to institutionalize these standards at an operational level. This is particularly critical in sectors presenting unique legal and ethical challenges, such as pharmaceutical or financial services.

3. How are compliance training requirements being met and are they designed to meet clients’ needs?

It is essential for your employees to have a shared understanding of the compliance requirements they are facing. Additionally, you should also ensure that your compliance partner invests consistently in ongoing training for its compliance program, and that it maintains and records your employees’ current certifications, in particular for positions requiring professional licenses or credentials.

In many cases, the contractual agreement between you and your partner organization should stipulate the frequency and objectives of the necessary training. Examples of effective training program include regulatory development monitoring, day-to-day guidance and compliance support available to operating locations or periodic company-wide functional area conferences and/or “roundtables.”

A compliance program needs a thorough planning and reporting system in order to be effective.

4. Has the partner organization established a functional compliance planning and reporting system?

A compliance program needs a thorough planning and reporting system in order to be effective. One way to ensure such system is put into place is creating functional areas steering committees—which your partner must have an experience setting up and running—to identify and plan company-wide compliance requirements within their respective areas. Such committees should be responsible in identifying compliance needs, putting in place processes and procedures, tracking progress and reporting on milestones. Regular reporting allows any significant compliance-related issues to be quickly addressed so that prompt action can be taken.

5. Does the compliance organization offer performance measurement and reporting to drive continual improvement?

With the business environment being continuously remodeled, new risks will surface. Hence the measurement and regular assessment of a compliance program’s metrics is essential. Before jumping in too quickly into a contract with a potential compliance partner, you need to first ensure that its own compliance program is being managed. The key criteria to look at are:

  • Are the appropriate metrics that will drive improved compliance performance identified?
  • Are the goals set realistic and achievable?
  • How regularly is performance measured and reported to support improvements?
  • Is data on compliance problems collected on a regular basis? If so, are the top issues, along with a corrective action plan, being periodically communicated across the organization?

6. Does the service provider have a process for monitoring and auditing compliance?

Your partner must monitor and audit activities to evaluate compliance, provide follow-up support to ensure compliance and prescribe corrective actions to address any noncompliance. A level of complexity is added when this scrutiny and risk management is extended to subcontractors and third-party vendors. Such a process should include stringent screening for all potential vendors, robust programs to enforce compliance and continual monitoring and auditing to identify noncompliant activities and prescribe corrective actions.

Compliance is an active, on-going process that is the responsibility of everyone in the organization.

7. How does your potential partner consistently enforce its policies and other requirements across the organization?

Compliance is an active, on-going process that is the responsibility of everyone in the organization.

Check that your potential compliance organization has a strong foundation internally. Ideally, it should have a code of conduct, policies and procedures, which every employee in the organization has read and acknowledged, and which is supported by the leadership’s commitment. These further require an organization-wide awareness program that is reinforced through training.

Your partner should prove that it has put in place not only appropriate incentives for successful compliance in critical areas, but also disciplinary measures for engaging in noncompliant conduct and failure to prevent such behavior. It must be clear that compliance is an active, ongoing process that is the responsibility of everyone in the organization.