Susana Sierra is CEO of bra compliancethat collects real-time evidence on the performance of a compliance program using Blockchain technology.
The world of compliance changed in September when the US Department of Justice released a new game plan to tackle corporate crime.
For nearly a year, the DOJ’s Corporate Crime Advisory Group received feedback from academics, legal experts, business leaders, and others to determine the best ways to deter companies from misconduct. The conclusions emphasize the importance of promoting stricter measures against companies that commit corporate crimes and fostering a corporate culture of integrity that rewards good practice.
In particular, the measures focus on strengthening compliance programs to deter misconduct, establishing incentive systems to prevent bad practice, granting credits to those who voluntarily report irregularities and cooperate in investigations, and take into account the history of irregularities of a company when imposing sanctions. One of the key points of the DOJ announcement refers to prosecuting “individual liability,” meaning the responsibility of those who commit and benefit from corporate crimes, regardless of position or seniority.
This is undoubtedly an incentive for companies, but it is also a challenge as they will have to document and demonstrate that they are doing everything they can to prevent corruption and/or remedy bad practices. Therefore, organizations’ compliance programs cannot be a simple checklist; they must be robust, real and constantly evolving. Above all, companies should believe in such programs.
That’s why I’m sharing five tips for building a solid compliance program.
1. Continuous self-monitoring
Ongoing monitoring of your compliance program is essential to analyze program performance and make adjustments along the way. This enables gaps to be identified and to ensure that good business practices are implemented, established controls and policies are adhered to, changes in procedures are transparent and all relevant information is documented.
This monitoring may be performed by an impartial third party. (Full disclosure: This is a service my company provides, as do others.) A third party can ensure that continuous evidence is generated that the company is doing everything possible to prevent and detect corruption in a timely manner.
When working with a provider, make sure that the supplier has a good understanding of how businesses operate and the role of compliance in each department. It doesn’t help if a supplier ignores departments such as purchasing, accounting, human resources and others where risky behavior is prevalent. If your company has operations in a particular region, ask the seller if they have experience working in those countries and understand the respective cultural idiosyncrasies. That knowledge can help external entities identify where risks are hiding.
2. Show at the top
The board’s role in ensuring the effectiveness of compliance programs is more important today than ever. Business leaders must internalize a program so that all their actions are directed toward compliance. Likewise, it is essential that ethics and integrity are instilled at the top of the organization as this creates a sense of belonging, enabling employees to identify with company values and be more inclined to defend and rally for them. Commitments written in employee handbooks shared via email, posted on the website, or included in annual reports are useless unless they come from leaders who put them into action.
3. Reporting Channels
Every company must ensure transparency and strengthen its reporting channels as the primary tool for identifying and correcting unethical behavior or crimes, in addition to protecting the anonymity of whistleblowers. Unfortunately, I have seen many companies fail to implement these for fear of knowing the truth and not giving these channels proper promotion and commitment. Therefore, many employees prefer not to report for fear of retaliation, such as losing their job or sanctions. Or they think that the reports will not be investigated afterwards, especially if the suspect holds a higher position.
This cycle of the company not wanting to listen and the employee afraid to speak only fuels impunity. As such, voluntarily reporting bad behavior will be an indicator that a company has a compliance program that works and a healthy corporate culture.
4. Communication of the compliance program
Gift policies, codes of ethics or handbooks of conduct are just useless paperwork and bureaucracy if they are kept in a drawer and not shared with the entire company. During training, it is important to proactively expose employees to ethical dilemmas related to potential risks, so that they know how to handle them when similar situations arise in real life. Faced with the same event, each person can react based on their experiences. Training that takes their biases into account will increase the value of compliance by preventing potential crimes.
5. Due diligence
Risks are everywhere and companies should evaluate and research before investing in a lucrative venture or hiring a new supplier or employee. This will help them resolve potential conflicts of interest and know who they are doing business with.
The DOJ’s announcement is an opportunity for companies to take stock of how they’re doing with their compliance programs and whether they’re really giving compliance the priority it deserves. In addition, it puts into perspective the role of each member of the company in preventing corporate crime.
On the one hand, the board of directors must act on the basis of ethical values, be able to instill them in the company’s employees, take into account their cognitive biases in their training and facilitate whistleblowing, while providing the necessary security so that reports can be made without fear. On the other hand, employees must make a wholehearted commitment to defending and exposing these values where they see them not being acted upon.
Finally, I would like to point out again that these programs are not a simple manual; they are the sum of all the policies and procedures associated with each department, and they focus on the most sensitive areas of greatest risk. Therefore, there should be clarity about, among other things, payment policies, supplier selection, human resource policies and commercial policies, which are at the heart of a compliance program.