Building a Compliance Program Your CCO Can Be Proud Of

Building a compliance program is a project – and building the first iteration is the first hurdle every organization faces.

Regulators and legislation might provide a framework for creating holistic ethics and compliance program excellence. We see this especially in highly-regulated environments like financial services and FinTech – but not all industries have such specific guidelines. Also, if best practice is solely driven by legislation, organizations aren't truly living the values of a healthy speak-up and compliance program.

Creating a solid program almost always involves ensuring you're seeing and benchmarking against what other organizations are doing well (or otherwise). And as organizations are increasingly being held to higher standards of compliance – whether it’s for data privacy, financial regulations, or other industry-specific rules – it’s important to actively seek out best practices, learn how other compliance professionals are raising the bar, and look internally for regular feedback.

Improving your compliance program can be broken down into three main areas:

1: Seeking out best practice

Attend industry events and conferences with relevant speakers

This one might sound like a no-brainer, as events are often one of the best places to share common goals and best practice in all sorts of business areas. However, it’s more likely to be useful information if the experts or speakers are known to you or are tailored to your industry.

Reach out to peers

Compliance program leaders may find it useful to reach out to peers in their industry to learn about the strategies and processes they use. Within reason and considering data protection, especially when discussing any particular types of reports, this can be a great way to find different ways of handling common challenges. Professional networks such as LinkedIn are a goldmine for following eminent compliance professionals and gaining insight into their strategies. Online forums and in-person specialist gatherings can also be mined for best practice tips – especially where there are opportunities for roundtable discussions and interactivity.

Hire a compliance consultant

Hiring a professional can provide valuable insights and advice on the legal and regulatory environment your organization must meet requirements for. They can guide policies and procedures, help identify areas of risk and develop strategies for mitigating them, and advise the organization on developing appropriate training programs for staff on proper compliance practices and procedures.

Research industry reports and studies

While not strictly providing a best practice to implement, industry reports and studies can help you understand what reporting trends your program must be able to accommodate. Such resources can include benchmark reports that break down reporting patterns per region, giving you information to present to leadership teams about the importance of having a mature compliance program.

2: Communicating the value of compliance

Sharing with the board

A practice often overlooked is disseminating trends in the reports you receive into qualitative data. These can provide a snapshot of your organization’s culture using employees’ feedback alongside the statistics distilled from your surveys.

Statistics are a useful measure, yes – but it is also useful for boards to receive a report containing written feedback on how employees felt regarding a case’s handling or resolution, and not just how the cases were resolved.

One way to do this is by tracking which words are commonly used in feedback and surveys on company culture, about training and processes, or even after a report has been made. Comments could be compiled and delivered as part of a report per quarter. At NAVEX, one customer we work with creates and delivers several case studies of reports and their handling per quarter, which the board then discusses alongside additional data on the compliance program.

This can be a great source of engagement, discussion and identifying blockers with senior management. It also addresses the confirmation bias issue of presenting percentages and numbers celebrating successes but not talking about weak spots in your program or conveying feedback word-for-word.

Getting colleagues invested

Compliance professionals should ensure their colleagues understand the importance of compliance and speak-up programs and that they are motivated to participate actively. After all, the responsibilities for the processes, execution and adherence to a compliance program are spread across the business.

The obvious steps are regularly communicating the purpose and benefits of the program, making sure employees understand why compliance processes are important and beneficial to the organization. However, this is the minimum you should be doing to educate colleagues and is unlikely to get them genuinely invested in your program.

To take this further, you could showcase success stories about the speak-up program, demonstrating the positive impact it has on the business and changes that especially benefit employees. You could also invite colleagues to get involved in the speak-up and compliance program directly. This could include inviting colleagues to join committees to help shape the program or to help develop or review policy and procedures around speak-up.

Finally, taking feedback about the compliance program should go deeper than whether people have or still need to complete training. A great program will be open to employee suggestions and feedback on how they think their experiences could be improved, especially in cases of raised concerns. A major element is how your organization supports people who raise concerns.

Think of how you could answer the following questions:

  • Do you offer support, help, or compassionate leave for reporters, depending on the issue?
  • Is there a process for managers to raise their own concerns if they notice employees seem anxious, distressed, or upset before or after a case is opened?
  • Is it clear to employees what their rights are at every stage of the process? Are they kept updated on progress and told when they can expect more information?
  • Is your anti-retaliation policy clear and ingrained in your policies and procedures?

Many employees remain silent due to fear of retaliation or being dismissed. Transparency over how the organization offers a support process and network alongside reporting channels can go a long way in making employees feel heard, involved and safe.

3: Elevating processes with technology

The final puzzle piece of compliance program success and improvement is finding the right technology. This is, quite simply, due to its ability to parse and analyze your data in far greater depth than is manually possible.

Technology can be used to streamline the process of compliance, making it easier and more efficient for employees to comply and giving greater oversight over a companywide program. It can also be used to provide extra support and guidance to employees, such as providing automated reminders or notifications when compliance deadlines are approaching.

Finally, tech can also provide enhanced visibility into your unique data patterns, which can help you identify and mitigate risks specific to your organization. While broad insights into industry trends are useful starting points for action, having your own data to compare makes it much easier to identify where your organization has blind spots or can improve.

Interested in advancing your ethics and compliance program in 2023? Learn how NAVEX Ethics & Compliance solutions could help you deliver groundbreaking results.

Learn about NAVEX E&C solutions

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

More on Clawbacks, Message Apps

How CISOs Can Start Talking About ChatGPT

The rise of ChatGPT is changing the risk and compliance landscape. This NAVEX blog explores what CISOs need to know about ChatGPT’s effect on risk and compliance.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

What You Need to Know About the EU Corporate Sustainability Due Diligence Directive (CSDD)

On February 23 2022, the European Commission published the Corporate Sustainability Due Diligence proposal Directive which requires both EU, and non-EU companies operating within the EU, to take responsibility for their environmental and social impact. Here’s what you need to know.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.