Compliance Administration – Workshop 1 (Compliance Essentials)
The Appleton Greene Corporate Training Program (CTP) for Compliance Administration is provided by Mr. Nelson Certified Learning Provider (CLP). Program Specifications: Monthly cost USD$2,500.00; Monthly Workshops 6 hours; Monthly Support 4 hours; Program Duration 12 months; Program orders subject to ongoing availability.
If you would like to view the Client Information Hub (CIH) for this program, please Click Here
Learning Provider Profile
Mr. Nelson is a Certified Learning Provider (CLP) at Appleton Greene. He has executive leadership and management experience in Operation Workflow, Financial Services, Regulatory Compliance and Consulting. His academic achievements include a Bachelor of Business Administration from the University of Miami and a Master of Business Administration from Nova Southeastern University. He is a Certified Compliance Professional, dedicated to developing and implementing operational processes and workflows, integrating automated and Artificial Intelligence technology to effectively administer and manage compliance programs. Mr. Nelson maintains active membership in professional associations such as the National Society of Compliance Professionals (NSCP) and the American Society of Administrative Professionals (ASAP).
MOST Analysis
Mission Statement
Before an organization starts creating a compliance program, the first thing that it needs to know is the essential elements for the compliance program. The organization has to do some diligent research on the applicable laws and regulations. But simply communicating these regulations and standards to employees will not make them comply from day one. The company has to appoint a dedicated compliance administration team that will take care of all related activities. The team has to design and implement all the administrative processes to ensure compliance with organizational policies. They will also be responsible for updating the policies and monitoring compliance on a regular basis.
The organization will need a strong strategy for the implementation of the compliance program. The strategy has to define whether the organization will take a rigid or flexible approach to compliance, or switch between the two based on circumstances.
Training of employees to educate them about the laws, standards, and codes of conduct is essential. Without periodic training, employees cannot be expected to commit to compliance or understand its importance. Along with periodic training, monitoring and audits are equally important. Monitoring with established protocols and controls allows the organization to identify gaps in the compliance program and remediate them in time. Audits and reporting help prevent non-compliance and associated penalties.
It is also important to document and report any exceptions to compliance that may have been made. Untracked/ undocumented exceptions may be treated as non-compliance during external audits and may land the organization in trouble.
Objectives
01. Culture: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
02. Incentives & Rewards: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
03. Enforcement & Discipline: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
04. Accountability: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
05. Risk Assessment: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
06. Compliance Officers: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
07. Policies & Procedures: departmental SWOT analysis; strategy research & development. 1 Month
08. Communication & Training: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
09. Monitoring & Auditing: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
10. Issues Management: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
11. Metrics: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
12. Technology: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
Strategies
01. Culture: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
02. Incentives & Rewards: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
03. Enforcement & Discipline: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
04. Accountability: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
05. Risk Assessment: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
06. Compliance Officers: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
07. Policies & Procedures: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
08. Communication & Training: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
09. Monitoring & Auditing: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
10. Issues Management: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
11. Metrics: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
12. Technology: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
Tasks
01. Create a task on your calendar, to be completed within the next month, to analyze Culture.
02. Create a task on your calendar, to be completed within the next month, to analyze Incentives & Rewards.
03. Create a task on your calendar, to be completed within the next month, to analyze Enforcement & Discipline.
04. Create a task on your calendar, to be completed within the next month, to analyze Accountability.
05. Create a task on your calendar, to be completed within the next month, to analyze Risk Assessment.
06. Create a task on your calendar, to be completed within the next month, to analyze Compliance Officers.
07. Create a task on your calendar, to be completed within the next month, to analyze Policies & Procedures.
08. Create a task on your calendar, to be completed within the next month, to analyze Communication & Training.
09. Create a task on your calendar, to be completed within the next month, to analyze Monitoring & Auditing.
10. Create a task on your calendar, to be completed within the next month, to analyze Issues Management.
11. Create a task on your calendar, to be completed within the next month, to analyze Metrics.
12. Create a task on your calendar, to be completed within the next month, to analyze Technology.
Introduction
Legal and regulatory compliance failures have caused major reputational and financial damage to businesses across industries. Most had what they thought were appropriate compliance procedures in place, but they didn’t seem to function. Compliance is receiving an increasing amount of corporate resources, as well as more attention in the C-suite and board room, yet anxiety remains—and rightly so. While keeping a watch on regulatory actions, legal and compliance professionals have attempted to merge their compliance processes from fragmented parts into a cohesive whole. However, we are seeing a significant shift in what important regulators are looking at and using to determine whether or not to pursue enforcement proceedings. With that backdrop in mind, and taking into account what recent experience has shown to work in the “real world,” businesses may now build extremely effective and efficient compliance procedures. Richard M. (Rick) Steinberg outlines these game-changers and provides a roadmap with 10 essential elements to get programs where management and boards need and want them to be in achieving compliance objectives in this article, which is an excerpt from his recently published white paper sponsored by IBM Open Pages.
Introduction
If you’re a CEO, director, general counsel, compliance officer, risk officer, or someone else in charge of your company’s legal and regulatory compliance, you’re undoubtedly concerned, if not alarmed. When it comes to supply chain, product liability, marketing, antitrust, mergers and acquisitions, and alliance partners (such as resellers, distributors, agents, or joint venture partners), the list appears to go on and on. You have a feeling that people in your organization are aware of wrongdoing but aren’t reporting it. You’re spending more money on your compliance program and trying harder to track results, but you’re still not convinced it’s working.
Regulatory compliance enforcement efforts have brought corporations across industries to their knees in recent years. Indeed, legal and regulatory compliance has risen to the top of the C-and suite’s boardroom’s priority list, outshining strategy, operational execution, risk management, and CEO compensation. Too much time is taken away from “running the business,” and even as compliance costs continue to grow, many organizations’ compliance strategies fall short.
Officials from the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) have spoken about their “carrot and stick” strategy, with the SEC and DOJ being more lenient when a compliance program is good and harder enforcers when it is not. Directors are cognizant of Delaware Chancery and Supreme Court decisions that highlight the board’s role in maintaining effective compliance programs. In addition, the modified federal sentencing guidelines for criminal wrongdoing, as well as company initiatives for analyzing and eliminating related risks, are discussed.
With over 2,000 pages of new regulations introduced just last year, split over six laws, financial services is bearing the brunt of additional regulation. The Dodd-Frank Act alone is likely to grow to 5,000 pages over time. Though it is becoming increasingly challenging, the financial industry is working hard to design incoming laws so that they do not excessively hinder company opportunities and the industry’s future health. However, there’s no denying that legal and regulatory compliance affects every industry, and keeping up has become more difficult.
A New Direction For Regulation
For years, the SEC and DOJ have stressed how they give corporations “credit” for having an effective compliance program in investigations and enforcement actions. Many general counsels, chief compliance officers, and others have recognized this as one of several grounds for bolstering internal processes. However, there was little direct proof until recently that the regulators’ message was backed up by action. Indeed, it appears that the emphasis was on encouraging a corporation to build an effective compliance program after a failure rather than praising them for having one before the loss. Furthermore, businesses have complained about inconsistent regulatory enforcement techniques and have urged for more transparency and uniformity. Now we’ve got a game changer, and it’s definitely worth paying attention to.
Case Study
The case involves Morgan Stanley, where compliance issues arose after Garth Peterson, a managing director, allegedly persuaded the firm to sell a real estate interest to a Chinese state-owned company; however, the company turned out to be a shell company in which Peterson had a direct interest, with cash payments to Chinese officials and himself. Peterson pleaded guilty and could face a six-figure fine and five years in prison if he is found guilty. But the true story here is what happened to Morgan Stanley, or rather what didn’t. The Department of Justice and the Securities and Exchange Commission decided not to pursue any enforcement action against the corporation. Morgan Stanley already has a robust compliance framework in place, complete with essential internal controls. It provided thorough training to its personnel, compliance reminders, annual confirmations by personnel, and constant monitoring, as well as frequently updating systems to reflect risks of misconduct. And, when evidence of wrongdoing appeared, the firm launched and completed a thorough inquiry right away.
Morgan Stanley’s reputation is actually boosted by its obvious presentation of good compliance and operational practices. The message has never been more obvious. Cover up the situation and deal with irate regulators and shareholders. If you have a good compliance system in place and do the right thing, the regulators and others will look favorably on your organization.
What Does “Effective” Mean?
Compliance officers have been bombarded with information on what makes a good compliance process and how to create and manage one. In a series of memoranda from the Justice Department, regulators have outlined what are considered as five “must haves” for an effective system, including the McNulty Memo. The Federal Sentencing Guidelines also provide guidance.
Maintaining a compliance process that follows regulators’ rules is certainly a good idea, but having a truly effective process is even more crucial. That is, organizations with successful compliance processes that avoid substantial instances of non-compliance will often evade regulators’ notice in the first place. Beyond regulatory inquiries and enforcement actions, there are corporate incentives to avoiding compliance failures.
But what if the demands of regulators were truly in line with what actually works? That would be an excellent model to follow. One regulator, the SEC’s Office of Compliance Inspections and Examinations, appears to have gotten it right (OCIE).
OCIE of SEC
If you work in the financial services business, you’re aware that the OCIE’s mandate is broad, encompassing compliance, fraud prevention, and risk management. 4 When it comes to fraud, for example, its examiners look for signs of insider trading, market manipulation, and Ponzi schemes and cooperate with the SEC’s Enforcement Division to prosecute them. When it comes to organizations subject to examination, the OCIE casts a wide net, including not only broker-dealers, transfer agents, investment advisers, and investment companies (and now, thanks to the Dodd-Frank Act, private equity and hedge funds), but also stock exchanges, clearing agencies, credit rating agencies, the Financial Industry Regulatory Authority, and the Public Company Accounting Oversight Board, among others. But, more crucially, its director, Carlo di Florio, has defined effective compliance procedures in a way that cuts across industries.
Di Florio shares essential details on how he and his team carry out the OCIE’s comprehensive goal.
What Makes Effective Compliance Processes?
Di Florio identifies eleven components that, when combined, result in effective compliance programs (and which also, by the way, reflect the U.S. Federal Sentencing Guidelines). Here, we start with each of the parts and build on them to add knowledge gathered from years of experience witnessing organizations’ compliance programs progress from rudimentary to holistic, establishing a roadmap to achieving truly successful and efficient corporate compliance programs.
Governance
Despite the claims of certain so-called experts, compliance is the responsibility of management, not the board of directors. That said, the board has a critical role to play in overseeing compliance measures and ensuring that management has built an effective procedure. To that purpose, the board must receive regular briefings from the CEO, Chief Compliance Officer, and others on the process’ design and operation, as well as data demonstrating its efficacy (see “metrics” below). However, we’ve seen compliance programs built with the primary goal of producing reports for the board of directors, and they don’t perform very well. Effective compliance management should naturally lead to reporting, with the primary focus on assuring the mindsets and activities that drive effective compliance.
Accountability, Culture, and Values
Perhaps nothing is more vital to effective compliance than an organization’s culture, which includes the tone set at the top and is founded on ethical ideals and unambiguous accountability. The actions of top management, which must be consistent with their statements, and supported by managers and supervisory workers across the organization, form the foundation of a company’s culture. A compliance program without integrity will have form but no substance, and will eventually fail to achieve its goals. Organizations that behave with integrity and ethical ideals, without a doubt, attract the best employees, customers, suppliers, alliance partners, and so on. While it’s difficult to link a positive corporate culture to financial performance, there are signs that it exists. According to the 2011 Edelman Trust Barometer, 85 percent of global respondents said they bought items or services from firms they trusted, while 73 percent said they refused to buy from organizations they didn’t trust. 5 Another company, the Ethisphere Institute, discovered a link, finding that highly ethical businesses beat competitors by seven to eight percent annually. 6 Motivators and Rewards
Having genuine incentives for ethical behavior, as well as associated rewards and corrective actions, is closely tied to responsibility. Many organizations have leaders that talk a good game but fail to incorporate compliance into their HR practices. Objective-setting, performance appraisal, and related promotion and compensation-adjustment processes must all include compliance duties. As a result, compliance is essentially the duty of each and every line and staff management in their domains of responsibility, rather than a compliance officer. Building compliance into company operations requires this strategy, which makes compliance not only more effective, but also more efficient.
Management of Risk
To manage potential exposure, business processes must reflect relevant compliance-related risks, with policies and protocols developed inside the business process. Risks must be defined in terms of where and how noncompliance can occur, the possibility of it occurring, and the impact on the company if it does, as well as the speed with which such an event can occur. When risks and needs are determined, resources can be directed to where they will be most effective, lowering risks to tolerable levels.
Procedures and Policies
Written policies are the foundation of what defines appropriate activities and behavior, so policy administration has become an art unto itself. We’ve seen policies written in legalese with a jumble of elements and formats, all of which are in various stages of completion or modification and are difficult to find when needed. As a result, employees find it difficult, if not impossible, to recognize what acts are and are not appropriate in everyday situations. Policies should follow a consistent framework, be risk-based, relevant, transparent, and easy to understand and access, and be trusted so that employees know they have been approved and can be trusted. The policy lifecycle should be maintained, with libraries based on the most recent legislation and regulations, version control, and modifications tracked, reviewed, and approved, as well as links to specific business operations and amended duties.
Training and communication
Each employee in a company must understand what is required of them and why doing so is in their best interests as well as the organization’s. Employees must comprehend the rationale behind the regulations in order to benefit the company, its employees, customers, and others. Employees who don’t understand why they’re required to accomplish something will, at best, go through the motions with a checklist mentality. Clear communication from the top of the organization is required, proving that senior management is in charge of compliance programs. Classroom and computer-based educational programs, as well as on-the-job reinforcement by unit leaders, should be in place not just upon hire, but on a continuous basis. We understand the value of having open, accessible, and successful internal or outsourced whistleblower channels, and we also recognize that valuable information can be gleaned through social networking sites, exit interviews, and internal audit findings.
Reporting and Monitoring
These aspects are critical and should be incorporated into the business and management operations. When supervisory and management staff closest to the action are aware of actions and monitor them in the usual course of business, compliance is most successful. Upstream reporting is crucial, but it should not be the foundation of fundamental compliance process design, as previously stated. Rather, reporting should be integrated with information flows inside management processes, with a compliance office monitoring to ensure timely and effective communication of important information. Additionally, in the normal course of running a business unit, hands-on managers can test processes and information flows, with extra, focused testing performed by the internal audit function in cooperation with the compliance office and business unit leadership.
Discipline, Investigation, and Escalation
Employees must feel at ease and understand the necessity of reporting problems in a private and anonymous manner if requested. Employees are usually comfortable reporting potential misbehavior through their customary reporting procedures, which can be beneficial in firms with the correct culture and ethical norms. Simultaneously, it’s vital to have an alternate channel in place—a hot line or whistleblower channel—that can be relied on and used when necessary. Such confidence entails a firm belief that not only will there be no reprisal, but that those who report would be praised. Employees being informed of actions made as a result of their reports is a make-or-break issue, according to experience.
Management of Problems
When a compliance issue arises, action must be taken to determine what happened, the severity and consequences of the occurrence, and the repair steps required. Internal reporting should be escalated up the management ranks and, if warranted, to the board, with external reporting given due consideration. If the matter is sufficiently serious, an investigation should be conducted, with the assistance of outside legal or other consultants as needed. Understanding why the compliance process enabled the incident to happen, reassessing the associated risks, and identifying what systemic corrective action, such as improving processes, procedures, controls, or other components of the compliance process, may be required are also crucial.
An Ongoing Process of Improvement
Circumstances and practices evolve, much like other aspects of the business process, and management should stay on top of new developments. New rules and regulations, as well as pertinent legal cases, emerge, technology progresses, and experience shapes leading practices. The legal counsel should be in charge of tracking new mandates and requirements and alerting the relevant business units and compliance office of their ramifications, according to experience. Legal and compliance departments work with business units to decide what enhancements to policies that apply to everyone. Typically, business units are most qualified to assess what modifications to procedures and standards in business processes should be made, with compliance office approval.
Additional Thoughts
In addition to the ten criteria listed above, there are several other factors to consider when developing a successful compliance program.
Metrics
Compliance departments have long tried to assess the efficacy of the company’s compliance program, whether motivated by a desire to demonstrate and improve performance, or by CEOs, boards, regulators, or business partners. Many have looked at metrics like the number and type of non-compliance issues, as well as the number of calls to the company’s hotline or whistleblower channel, for years. Over time, it became clear that such measurements did not adequately address the inherent dangers or the company’s people’s mindset. Few cases of misconduct did not imply that the risks were minimal, and few calls to the hotline did not signal that there were few issues—in fact, a lack of calls could simply indicate that individuals do not trust the system. Some businesses have accumulated statistics on ethics and compliance training, as well as staff certificates for knowledge and adherence to the code of conduct, but these efforts have been deemed insufficient.
Compliance measurements have gotten more insightful in recent years. Some businesses use a simple metric to determine which areas of their online code of conduct are receiving traffic, indicating where problems may arise. Some organizations keep track of the quantity and types of reports received via standard management channels versus the hotline. Others are concerned with the nature and types of complaints presented, internal sources, and whether calls are anonymous or caller-identified. Some companies follow up with people who file reports to see how comfortable they are with the process. Real-time dashboards show where dangers or occurrences require immediate attention, with metrics connected to key performance indicators and critical risk indicators. And a growing number of businesses are monitoring social media sites for signs of wrongdoing and seeking out and following up on reports of potential wrongdoing from third parties with whom they do business. Internal compliance audits can also reveal more about wrongdoing and related concerns.
Internal surveys, often known as culture surveys or risk culture surveys, are one of the most critical indicators any firm can have. When done effectively, they can reveal a lot about an organization’s ethics and integrity, communication efficacy, observations of misconduct, and other things. People’s main worries are whether or not they trust their coworkers and managers, as well as how comfortable they are with peer and management behavior and reporting signs of wrongdoing upstream. The surveys are usually conducted twice a year or once a year, and while the raw data are valuable, especially when evaluated by business unit or other category, trend lines over time are even more relevant.
Technological Companies have access to and employ a wide range of technology solutions to assist compliance program objectives. However, research shows that many firms’ tools are simple and stand-alone, resulting in a “siloed” strategy that impedes cross-organizational collaboration and effectiveness. According to one research, the majority of compliance function operations employ basic desk-top tools, while integrated IT solutions provided by major software manufacturers are used by a minority of respondents. “A fragmented approach to GRC—the dreaded’silos’ of data and compliance activities, which can stymie compliance executives trying to acquire a holistic perspective of corporate risk,” according to the survey.
Information, communication, reporting, and monitoring are all more efficiently achieved across the company when companies use more sophisticated technology tools. Compliance risks are recognized, and procedures, controls, and accountability are established, resulting in an integrated compliance process. As a result, policy lifecycle management may generate, approve, maintain, save, monitor, and automate tasks using these technologies. They provide policy training and awareness, as well as surveys and test feedback. They provide automatic workflows and allow for the assignment of tasks for required actions by managers or monitors, as well as the tracking of activities and the ability to query senior officials. Control testing, surveys, certification, and regulatory reporting are among the procedures and information retrieval that they automate. They assist with issue remediation, incident tracking, key performance indicators, and regulatory engagements. They enable real-time messaging and reporting to disseminate information to all levels of management and the compliance function, as well as customized dashboards and drill-down capabilities to zero in on specific issues. They also present information to senior management and the board of directors on topics like the reasons of compliance failures, the financial effect, and mitigating actions.
A Comprehensive Approach
We’ve mentioned it before, but it bears repeating. When compliance programs are made up of separate parts, they rarely work successfully. That’s the truth. They must have all of the right pieces weaved together to make an integrated, well-coordinated whole to be genuinely effective. This is a basic principle that is difficult to implement in the reality of a large, complex, global business.
We know that good compliance systems are built on cultures of integrity and ethical ideals, guided by the chief executive’s words and deeds and overseen by the board of directors. All of the other essential elements flow from there.
The Benefits
Compliance costs are rising, non-compliance incidents are increasing, and the possibility of a catastrophic failure is all too real for most businesses. It is possible to have a really effective and efficient compliance process. Some businesses have already arrived, recognizing the accompanying commercial benefits and focusing on process and people to achieve corporate success. It requires focus and attention, but it is possible.
Executive Summary
Chapter 1: Culture
Why Is It Important To Create A Compliance Culture, And How Can You Accomplish It?
The variety of compliance difficulties encountered by organizations and employees today is vast, ranging from internal policies to regulatory obligations to criminal law requirements. It is critical to have rules and procedures in place to meet those difficulties, yet it is frequently insufficient. Compliance is most easily achieved when it is ingrained in a company’s culture.
Compliance is crucial to every employee of a company, from the top to the bottom. A compliance culture means that everyone of those employees is aware of the regulations and is committed to ensuring that they are followed.
A breach of export rules, for example, can occur in the post room just as easily as it can in the boardroom. Employees who understand the rules and are committed to enforcing them can also stop a breach of export restrictions that started in the boardroom in its tracks in the post room.
Why Should Businesses Be Concerned About Their Culture And Compliance?
Before looking at how to create a compliance culture, it’s worth contemplating why compliance, and a company’s culture in general, is so important.
The possibility of regulatory and legal fines is perhaps the most evident motivation for businesses to take compliance seriously. The reputational damage that compliance failures can cause to an organization or an individual is often just as costly. Investors are becoming more aware of a company’s environmental, social, and governance characteristics, making companies that can demonstrate that they take their compliance requirements seriously a more appealing possibility.
Similarly, a company with a bad reputation for improper workplace conduct, such as harassment and discrimination, may have difficulty attracting and maintaining top personnel. In contrast, a company with a healthy and compliant workplace culture may find it easier to attract and retain top employees.
Culture is increasingly becoming a compliance issue in and of itself. A safe culture, according to the FCA, is “an environment in which employees feel comfortable to express their opinions and, crucially, are listened to when they do”. The FCA made it clear in a “Dear CEO…” letter sent in January 2020 that senior executives who fail to address non-financial misconduct such as discrimination, harassment, victimization, and bullying, which it views as indicative of a firm’s culture, may not be considered fit and proper by the regulator.
Creating A Compliance Culture
As previously said, a culture of compliance means that employees from the top to the bottom of a company understand and value their role in compliance. The establishment of a compliance culture must begin at the top. One of the most effective methods for a company to demonstrate how seriously it takes compliance is to assign responsibility for compliance to a senior executive, as a separate job role if appropriate. This is not only an important step in fostering a compliance culture, but it also has real-world implications in terms of ensuring that compliance issues are discussed and addressed at the highest levels. To be effective, all senior members of a firm must set and uphold a high standard of behaviour for the rest of the firm in a transparent and consistent manner. Setting KPIs for compliance and designing performance appraisal forms and processes with a portion devoted to evidence of compliance as part of the annual review are two ways to ensure that employees’ attitudes toward compliance are monitored and evaluated.
Chapter 2: Incentives & Rewards
“In addition to examining the design and implementation of a compliance program throughout a company, enforcement of that program is crucial to its efficacy,” according to the FCPA Guide. No one should be exempt from a compliance program, which should apply from the boardroom to the supply room. When enforcing a compliance program, the DOJ and SEC will assess whether a corporation has appropriate and clear disciplinary procedures in place, whether those procedures are followed consistently and promptly, and whether they are proportionate to the breach. Many businesses have discovered that making disciplinary actions public, if permitted by local law, can have a powerful deterrent effect, indicating that unethical and illegal behavior has rapid and certain repercussions.”
This implies you’ll need incentives for doing business in accordance with your Code of Conduct and following your compliance policies and processes. Immediate incentives (such as monetary bonuses or other awards) or long-term incentives (such as promotion within an organization). Recent research suggests that a kind word or two for a job well done in an ethical manner can go a long way toward promoting not only similar ethical behavior, but also compliance.
You can implement some generic incentive concepts because compliance incentives do not have to be costly or groundbreaking. Even simple incentives can be effective provided they are delivered regularly, the rewards are apparent, and your compliance incentives can be implemented at all levels of your firm.
Chapter 3: Enforcement & Discipline
The enforcement and discipline aspects of building a compliance program are sometimes overlooked or overlooked. Violations of the facility’s code of conduct, policies, and procedures must have consequences, just like any other effective program. Consider the parent who threatens and threatens without actually following through and enforcing the house rules. As a result, There’s a house for sale!
We all know that we are only as strong as our weakest link, so it’s critical for employees to understand that there are consequences and that this program is more than just “checking a box.”
The following are important components of an efficient enforcement and disciplinary system:
• Be fair in your discipline. Failure to comply must also be held accountable by corporate executives, managers, and supervisors. Managers and supervisors must also understand that they are responsible for disciplining employees consistently and responsibly.
• Consider disciplinary action on an individual basis. A reprimand with more training, a demotion, or termination may all be appropriate disciplinary actions. The reward or disciplinary punishment should be commensurate to the behavior in order to be successful. Ascertain that your organization’s procedures for dealing with disciplinary issues are defined, as well as who will be responsible for taking necessary action.
• Observe them doing something correct. The program should go beyond punishment; positive reinforcement goes a long way toward improving behavior. Rewarding them when they express legitimate concerns, recognizing great service quality, and rewarding helpful comments for improving the compliance program and/or its implementation are all possible incentives.
• Make a quick decision. It’s critical that the compliance officer or other management investigate complaints right away to see if there’s been a violation of the compliance program and, if so, what efforts have been made to fix the problem. Staff will be hesitant to report if they feel unheard or if management is unresponsive because “no one will do anything anyway.” Make a point of emphasizing the facility’s zero-tolerance policy.
• Reroute: Pay close attention to your systems as problems develop. We all know that “stuff” happens in long-term care; nonetheless, the rules state that a “recurrence of comparable wrongdoing raises doubt about whether the organization took reasonable steps to” develop an effective program (Guidelines, 8B2.1 Commentary App. Note 2[D]). To figure out why anything happened, you need to take appropriate corrective action and evaluate the root cause. This could range from penalizing the person who committed the wrongdoing to changing the compliance program.
• Employee screening: We must take reasonable steps to ensure that our workers have not engaged in illegal activities or acted in a manner that is inconsistent with the compliance program. As a result, we must create employment screening methods to check a person’s past and criminal history as an institution. This would entail background checks, licensure checks, and following up with prior employers and references (more on that later).
• Documentation, documentation, documentation
Chapter 4: Accountability
Organizations are increasingly adopting a multi-layered approach to their action plans, with a specified emphasis area established at the organizational level and responsibility for team or department level action held at the appropriate level. This frequently prompts HR to ask, “How do we ensure that our workers will act?”
People, in our experience, often act on criticism because they are innately motivated to ‘better their lot,’ but a lack of tools, expertise, or ideas can be a roadblock to action. The approach should be one of empowerment: putting data and tools in the hands of those who are best suited to effect change and action. Many times, the people who should be in charge are not in HR or at the executive table. Many of us, regardless of seniority, experience, or job title, require additional support when making behavioral changes. This is where we may apply the principles of positive psychology and expert coaching to find the most effective forms of accountability assistance.
It’s crucial to note that no piece of software can keep someone accountable or push them to take ownership. What technology can do is:
• Help us exchange experiences about what works
• Provide access to shared ideas that others acting on comparable focuses have found success with • Make the process of taking action more clear
• Set an individual or team up for success by tracking, nudge, and reminding us about action
Some Useful Information About Accountability
Accountability is defined as accepting and taking responsibility for one’s actions. This indicates that words and actions are in sync. People have the power when they choose to keep themselves accountable while also appreciating the assistance of others who can help them reach their goals. A good coach will always assign a job or activity for their clients to complete before the following session. The client chooses an action that they want and agree to take, and that they believe will help them achieve their desired end goal or behavior. Given these three factors (desire, agreement, and belief), as well as the awareness that their coach will inquire about their progress toward their goals in a follow-up session, they will feel responsible for the desired adjustments and activities.
Chapter 5: Risk Assessment
Why Should Risk Assessments Be Conducted?
Compliance procedures must be tailored to each company’s specific needs and challenges, as well as thorough enough to address all of the risks identified.
In the event of a company misconduct inquiry, having a strong compliance program could lead to more leniency from authorities. In fact, the Criminal Division of the United States Department of Justice amended its guidance document for prosecutors on how to evaluate company compliance programs in the context of conducting corporate investigations in April 2019. Prosecutors should assess whether the compliance program is “structured to detect the particular sorts of misbehavior most likely to occur in a given corporation’s line of business” and “complex regulatory environment,” according to DOJ advice.
An successful risk assessment should start with a complete picture of your company’s compliance environment. Answer the following two questions:
1) where are you doing business, and
2) what restrictions apply to businesses like yours.
Are you attempting to work with customers in the healthcare industry, for example? If that’s the case, you’ll need to ensure sure your patient-data-handling systems can meet HIPAA security criteria. GDPR must be followed if you collect, store, transfer, or process personal data of EU residents. If you engage with third parties on a regular basis, such as suppliers and subcontractors, ensure sure they have adequate compliance policies in place to handle information security, privacy, and fraud threats.
The most important thing to remember is that your compliance efforts should be focused on the risks that are most significant to your company.
A thorough risk assessment must also include a detailed description of your company’s operations. To put it another way, you’ll need to know the “who, what, where, when, and how” of your company’s day-to-day operations.
However, this should not be confined to a business code of conduct and should apply to all of the company’s actions. Bribery, corruption, and accounting practices should all be covered by policies and processes that are clear, practical, and accessible.
Third parties, whether as a supplier or a customer, should be included. Policies and procedures are only effective if they are kept up to date and conveyed on a regular basis, especially when changes occur.
Ethics and compliance risk assessments are about recognizing the hazards that a company confronts, not just the method. The risk assessment helps the board and senior management focus on the most important risks facing the company, and it serves as the foundation for defining the measures needed to avoid, minimize, or remediate those risks.
Chapter 6: Compliance Officers
The Office of Inspector General (OIG) of the Department of Health and Human Services recommends appointing a Compliance Officer and other relevant oversight bodies, such as a compliance committee and a Board of Directors’ subcommittee, to manage and oversee the Compliance Program. The Compliance Officer is in charge of overseeing the Compliance Program’s day-to-day operations and ensuring that a program is in place to prevent, detect, and rectify violations of the Code of Conduct, the organization’s policies and procedures, and federal and state laws and regulations.
The Appointment Of An External Compliance Officer
When firms need to fill a Compliance Officer position, they typically have to search outside the organization for appropriate candidates. The search for a qualified applicant can take anywhere from a few months to a year or more in many cases. Organizations, on the other hand, cannot afford to go that long without a Compliance Officer. Many corporations seek to outside firms with expertise in health care compliance, practical experience, and an understanding of the industry to fill the function during this interim period.
In specific cases where someone needs to step into the role, the OIG indicates in their compliance program guideline documents1 that “the compliance function could be outsourced to an expert in compliance.” As a result, firms should consider outsourcing or appointing an external compliance specialist to fill the Compliance Officer function, whether temporarily or permanently.
A Compliance Officer’s Job Description
Compliance officers must have an instinctive understanding of a company’s aims and culture, as well as a broad understanding of the industry and conventional business law…
A compliance officer, sometimes known as a compliance manager, ensures that a firm is operating in complete compliance with all national and international laws and regulations that apply to its industry, as well as professional standards, acceptable business practices, and internal standards.
Compliance has an ethical as well as a practical component, and it plays a critical role in helping firms manage risk, preserve a positive reputation, and prevent lawsuits.
Compliance officers must have a natural and intuitive understanding of the company’s objectives and culture, as well as the larger industry and standard business legislation. They are responsible for not only maintaining a firm’s commercial dealings ethical and lawful, but also for training the entire company and implementing processes that will ensure the highest degree of compliance possible.
“The most effective line of defense a corporation can implement against federal prosecution, including both civil and criminal enforcement, is an efficient and effective compliance program. An efficient and effective compliance program is not attainable without the right compliance officer,” says Robert Moseman, manager of Robert Walters’ compliance section in New York.
The Quintessential Compliance Officer Personality
A compliance officer’s work includes conveying compliance-related issues to employees across the organization’s divisions. It may be necessary to comprehend complicated or abstract rules or ethics, as well as determine how to build and incorporate best practices. A compliance officer must consequently have excellent interpersonal skills and be able to communicate and collaborate with employees at all levels of the organization, as well as a thorough understanding of the business.
Chapter 7: Policies & Procedures
The foundation of any compliance program, both in terms of organization and management, is its policy and procedure documentation. These documents also make it easier for high-risk operational regions to comply with applicable laws, rules, and standards. A single policy development costs around $5,000 on average. This is true whether the development is done by an outside contractor or legal firm or by an internal committee within the company. You should also think about the time and effort it took to thoroughly study and approve the policy document. This can take a long time and be time and effort consuming.
Many people use shortcuts to save money, such as adopting pre-made policy templates. Some organizations make their policies available for download online. When employing this method, be careful when copying and pasting documents from other organizations. There may be considerable differences in how policies and procedures are organized and managed, making adaptation difficult. There’s also the matter of whether the other company followed applicable laws and regulations appropriately and consistently. There are other genuine providers that can help you write policy documents quickly, effectively, and affordably. Whether you’re writing rules from scratch or using templates, the following will help you understand what’s needed, why it’s needed, and how to do it correctly.
Policies and procedures that establish the framework under which an organization operates are required. However, this should not be confined to a business code of conduct and should apply to all of the company’s actions. Bribery, corruption, and accounting practices should all be covered by policies and processes that are clear, practical, and accessible.
Third parties, whether as a supplier or a customer, should be included. Policies and procedures are only effective if they are kept up to date and conveyed on a regular basis, especially when changes occur.
Chapter 8: Communication & Training
Even if you have the best product in the world, if no one knows about it, it will not sell. To get the word out, you’ll need to spend in the right promotional channels. The compliance program of an organization follows the same principle.
You’ve put in a lot of effort to develop a detailed compliance plan for your organization; now it’s time to spread the news. This entails informing staff about the plan on a regular basis and giving frequent training.
But where do you even begin?
Here are some suggestions for getting your compliance plan across to your staff.
Understand Your Target Market And How They Communicate
How do your staff learn about the company? Do your staff frequently access the intranet? Do they communicate via email or another method? If your company has monitors in its lobby or halls, for example, you could show slides on them. You may also develop a landing page that varies monthly or weekly if your employees predominantly use the intranet. It could include weekly or monthly messages as well as links to ethics documents, rules of conduct, and other resources.
Sync Up Your Internal Messaging
Know when and from which departments internal communications are sent. Is there a monthly internal newsletter from your HR department or marketing/public relations department? If this is the case, request that they supply some compliance information.
Examine Your Resources And Choose Stuff That Is Relevant
Your communication strategy will suffer if you don’t have enough people or the correct material. Because every company’s tone and culture are unique, make sure your material reflects yours while generating it.
Employees Are Polled
Get input from your staff on both the compliance program and the communications that go along with it. Allowing anonymous survey responses from employees might assist design your program and future communications. Employee surveys can also provide useful information on where and how they like to receive program information.
If employees aren’t aware of the program or don’t know what they need to do to participate effectively, it’s ineffective. Following the advice above will help you effectively convey your compliance program inside your company.
A strong training program is required for effective execution of compliance program policies and procedures. Regulators want a company to have a comprehensive training strategy in place that properly explains employees’ compliance duties, especially for those in high-risk positions or locations.
Traditional live training is still valuable, but it may be complemented and reinforced with e-Learning platforms, remote training via video conferencing, online assessment, and other tools that make training more accessible and affordable. Employees should get compliance training as part of their introduction, and this training should be renewed on a regular basis.
Chapter 9: Monitoring & Auditing
Putting in place monitoring and auditing controls is an important part of any compliance framework since it ensures that the organization has control over its compliance program and that workers follow it. To identify and address concerns, an organization should implement a frequent monitoring system. Effective monitoring entails using a standardized set of processes, inspections, and controls that are suited to the risks in order to detect and correct compliance issues on a continuous basis.
If a compliance breach is discovered, the organization should conduct an early investigation to determine how the breach occurred and put steps in place to prevent it from happening again. Compliance reports should show how the organization adheres to regulatory bodies’ and government agencies’ rules, norms, laws, and regulations, and these assessments should be presented to senior management, the board of directors, and the audit committee. Businesses that fail to comply face regulatory consequences, including fines and jail.
A thorough testing and monitoring program can aid in the effective operation of the control environment. The process begins with the implementation of appropriate controls, which should be tested, followed by regular monitoring and auditing.
Auditing and monitoring are the mechanics of running a compliance program once the previous steps have been completed. A successful compliance program involves a continuous evaluation process.
A successful compliance program, according to the OIG compliance program guidance, requires constant evaluation. Furthermore, according to the OIG, all Corporate Integrity Agreements (CIA) are monitored at least once a year.
All areas of facility operations are audited and monitored, and the compliance program is taken into account. Detecting illegal conduct and errors is an important part of a good compliance program, according to the federal Sentencing Guidelines.
The following areas of potential exposure should be addressed as potential risk areas in the Compliance Plan and the Auditing and Monitoring Plan:
• Self-referral and anti-kickback issues
• Credit balances
• Bad debts
• Claim preparation and submission
• Record retention
• Cost reporting
• Marketing
• Compliance program processes
• National background checks
Chapter 10: Issues Management
Leading Issue Management Techniques
Issue management is becoming a more essential priority for businesses. Issue repositories, which are frequently large and compartmentalized, can reveal a range of flaws, shortcomings, and gaps that might hinder a company’s profitability and operational effectiveness. Firms that efficiently manage risk using problem data will unlock value and gain a competitive advantage.
While there are numerous advantages to building and implementing an efficient problem management framework, there are also several common obstacles. Among them are:
• Manual activities that are error-prone and time-consuming
• Inconsistent and/or inappropriate categorization of issues impacting reporting
• Rudimentary reporting that does not provide qualitative context
• A lack of a risk-based approach to issue prioritization and closure
• Weak practices for managing regulatory findings remediation
Low and medium-severity concerns receive insufficient attention, resulting in a lack of awareness into the systemic impact of issues across the business.
To capitalize on increasingly extensive issue-management datasets, there is a lack of personnel recruitment and retention.
Benefits
Companies that design and implement effective issue management systems get a range of benefits. They can, for example, more easily support strong reporting methods like aggregating problem data across functional units and drilling into summarized issue data to understand the characteristics of each detected issue. Developing strong issue management methods creates a thorough understanding of issues across the enterprise and often exposes critical risk themes for senior management to address, such as the health of functional units, prevalent pain points, and common causes of inadequacies. Furthermore, a greater understanding of concerns aids in the development and implementation of stronger controls, as well as assisting the firm in determining the level of risk it is willing to tolerate, all of which help the firm reduce losses and achieve its business objectives.
Issue Management in the Future
Issue management is becoming increasingly important to financial institutions. Issues are no longer managed in silos, with inadequate information technology resources and a lack of awareness about their interconnectivity, by those with more developed issue-management frameworks. Integrated systems that take advantage of centralized technological solutions and standardized processes to provide an enterprisewide perspective of issues and their associated risks are replacing fragmented issue-management frameworks in today’s competitive landscape. Companies that match their issue-management frameworks with best practices can use them to develop their company and strategy. Furthermore, as the volume and complexity of issue-management data acquired by organizations grows, the adoption of advanced analytics — such as cognitive models — to comprehend the data will deliver a higher positive return on investment.
Chapter 11: Metrics
Effective compliance metrics paint a clear image of a company’s compliance program, as well as the risks and controls that come with it. Precision and meaningful metrics assist a company in identifying its core risks and root causes, allowing resources to be applied where they are most needed. Furthermore, metrics derived from data from many lines of business can provide a more accurate picture of compliance risk that might otherwise go unnoticed.
Organizations must assess and identify key metrics that can provide insight into the success of their compliance program, allowing for more effective prevention, detection, and reaction to current and future compliance problems. These indicators can assist compliance professionals identify holes in their programs and implement stronger controls, allowing the company to be more risk-aware and get more value out of its compliance program.
Compliance officers, on the other hand, find it difficult to report on compliance indicators. While some struggle to come up with the right measures and get access to the data they need, others face difficulties dealing with market dynamics and complexity.
Here are some metrics that help compliance officers improve their program:
• Violations of applicable rules and regulations
• Customer or employee complaints
• Significant compliance investigations, audit or quality assurance findings
• Key risk indicators (“KRIs”)
• Risk Tolerance Statements
• Employee and stakeholder culture surveys
Evaluation of a compliance program – tracking target achievement
This is a measure of how well the compliance program is achieving its programmatic goals, such as program acceptability and collaboration from various business lines. It’s an excellent statistic for assessing the compliance program’s success. Some firms examine business area performance reviews to see if managers follow the central compliance function’s compliance standards and guidance/recommendations. This evaluation aids in determining how different areas of business are implementing compliance suggestions.
While it is vital to define and evaluate these indicators, it is evident that this is not a one-time task. Organizations should review and improve their compliance metrics on a regular basis to better manage their evolving compliance risks, stay current with market and regulatory changes, and ensure that the metrics remain linked to the organization’s most significant risks.
Chapter 12: Technology
How To Make A More Meaningful Compliance Program With Technology
Running an effective program requires time and effort, but using new, emerging technology allows you to swiftly put together an effective program. Control testing, tracking, monitoring, and resolving issues, and scanning the environment for changes to regulations and standards that could affect your firm can all be made easier with technology.
Organizations may better track what they are required to comply to, which controls are in place, and how deeply their obligations and controls are entrenched into their business processes by leveraging technology to create a single source of truth for all of their compliance risks. Compliance managers and risk teams can use this type of enablement to better identify where their organization’s shortcomings are, which can help them develop a business case for more resources to address them.
Curriculum
Compliance Administration – Workshop 1 – Compliance Essentials
- Culture
- Incentives & Rewards
- Enforcement & Discipline
- Accountability
- Risk Assessment
- Compliance Officers
- Policies & Procedures
- Communication & Training
- Monitoring & Auditing
- Issues Management
- Metrics
- Technology
Distance Learning
Introduction
Welcome to Appleton Greene and thank you for enrolling on the Compliance Administration corporate training program. You will be learning through our unique facilitation via distance-learning method, which will enable you to practically implement everything that you learn academically. The methods and materials used in your program have been designed and developed to ensure that you derive the maximum benefits and enjoyment possible. We hope that you find the program challenging and fun to do. However, if you have never been a distance-learner before, you may be experiencing some trepidation at the task before you. So we will get you started by giving you some basic information and guidance on how you can make the best use of the modules, how you should manage the materials and what you should be doing as you work through them. This guide is designed to point you in the right direction and help you to become an effective distance-learner. Take a few hours or so to study this guide and your guide to tutorial support for students, while making notes, before you start to study in earnest.
Study environment
You will need to locate a quiet and private place to study, preferably a room where you can easily be isolated from external disturbances or distractions. Make sure the room is well-lit and incorporates a relaxed, pleasant feel. If you can spoil yourself within your study environment, you will have much more of a chance to ensure that you are always in the right frame of mind when you do devote time to study. For example, a nice fire, the ability to play soft soothing background music, soft but effective lighting, perhaps a nice view if possible and a good size desk with a comfortable chair. Make sure that your family know when you are studying and understand your study rules. Your study environment is very important. The ideal situation, if at all possible, is to have a separate study, which can be devoted to you. If this is not possible then you will need to pay a lot more attention to developing and managing your study schedule, because it will affect other people as well as yourself. The better your study environment, the more productive you will be.
Study tools & rules
Try and make sure that your study tools are sufficient and in good working order. You will need to have access to a computer, scanner and printer, with access to the internet. You will need a very comfortable chair, which supports your lower back, and you will need a good filing system. It can be very frustrating if you are spending valuable study time trying to fix study tools that are unreliable, or unsuitable for the task. Make sure that your study tools are up to date. You will also need to consider some study rules. Some of these rules will apply to you and will be intended to help you to be more disciplined about when and how you study. This distance-learning guide will help you and after you have read it you can put some thought into what your study rules should be. You will also need to negotiate some study rules for your family, friends or anyone who lives with you. They too will need to be disciplined in order to ensure that they can support you while you study. It is important to ensure that your family and friends are an integral part of your study team. Having their support and encouragement can prove to be a crucial contribution to your successful completion of the program. Involve them in as much as you can.
Successful distance-learning
Distance-learners are freed from the necessity of attending regular classes or workshops, since they can study in their own way, at their own pace and for their own purposes. But unlike traditional internal training courses, it is the student’s responsibility, with a distance-learning program, to ensure that they manage their own study contribution. This requires strong self-discipline and self-motivation skills and there must be a clear will to succeed. Those students who are used to managing themselves, are good at managing others and who enjoy working in isolation, are more likely to be good distance-learners. It is also important to be aware of the main reasons why you are studying and of the main objectives that you are hoping to achieve as a result. You will need to remind yourself of these objectives at times when you need to motivate yourself. Never lose sight of your long-term goals and your short-term objectives. There is nobody available here to pamper you, or to look after you, or to spoon-feed you with information, so you will need to find ways to encourage and appreciate yourself while you are studying. Make sure that you chart your study progress, so that you can be sure of your achievements and re-evaluate your goals and objectives regularly.
Self-assessment
Appleton Greene training programs are in all cases post-graduate programs. Consequently, you should already have obtained a business-related degree and be an experienced learner. You should therefore already be aware of your study strengths and weaknesses. For example, which time of the day are you at your most productive? Are you a lark or an owl? What study methods do you respond to the most? Are you a consistent learner? How do you discipline yourself? How do you ensure that you enjoy yourself while studying? It is important to understand yourself as a learner and so some self-assessment early on will be necessary if you are to apply yourself correctly. Perform a SWOT analysis on yourself as a student. List your internal strengths and weaknesses as a student and your external opportunities and threats. This will help you later on when you are creating a study plan. You can then incorporate features within your study plan that can ensure that you are playing to your strengths, while compensating for your weaknesses. You can also ensure that you make the most of your opportunities, while avoiding the potential threats to your success.
Accepting responsibility as a student
Training programs invariably require a significant investment, both in terms of what they cost and in the time that you need to contribute to study and the responsibility for successful completion of training programs rests entirely with the student. This is never more apparent than when a student is learning via distance-learning. Accepting responsibility as a student is an important step towards ensuring that you can successfully complete your training program. It is easy to instantly blame other people or factors when things go wrong. But the fact of the matter is that if a failure is your failure, then you have the power to do something about it, it is entirely in your own hands. If it is always someone else’s failure, then you are powerless to do anything about it. All students study in entirely different ways, this is because we are all individuals and what is right for one student, is not necessarily right for another. In order to succeed, you will have to accept personal responsibility for finding a way to plan, implement and manage a personal study plan that works for you. If you do not succeed, you only have yourself to blame.
Planning
By far the most critical contribution to stress, is the feeling of not being in control. In the absence of planning we tend to be reactive and can stumble from pillar to post in the hope that things will turn out fine in the end. Invariably they don’t! In order to be in control, we need to have firm ideas about how and when we want to do things. We also need to consider as many possible eventualities as we can, so that we are prepared for them when they happen. Prescriptive Change, is far easier to manage and control, than Emergent Change. The same is true with distance-learning. It is much easier and much more enjoyable, if you feel that you are in control and that things are going to plan. Even when things do go wrong, you are prepared for them and can act accordingly without any unnecessary stress. It is important therefore that you do take time to plan your studies properly.
Management
Once you have developed a clear study plan, it is of equal importance to ensure that you manage the implementation of it. Most of us usually enjoy planning, but it is usually during implementation when things go wrong. Targets are not met and we do not understand why. Sometimes we do not even know if targets are being met. It is not enough for us to conclude that the study plan just failed. If it is failing, you will need to understand what you can do about it. Similarly if your study plan is succeeding, it is still important to understand why, so that you can improve upon your success. You therefore need to have guidelines for self-assessment so that you can be consistent with performance improvement throughout the program. If you manage things correctly, then your performance should constantly improve throughout the program.
Study objectives & tasks
The first place to start is developing your program objectives. These should feature your reasons for undertaking the training program in order of priority. Keep them succinct and to the point in order to avoid confusion. Do not just write the first things that come into your head because they are likely to be too similar to each other. Make a list of possible departmental headings, such as: Customer Service; E-business; Finance; Globalization; Human Resources; Technology; Legal; Management; Marketing and Production. Then brainstorm for ideas by listing as many things that you want to achieve under each heading and later re-arrange these things in order of priority. Finally, select the top item from each department heading and choose these as your program objectives. Try and restrict yourself to five because it will enable you to focus clearly. It is likely that the other things that you listed will be achieved if each of the top objectives are achieved. If this does not prove to be the case, then simply work through the process again.
Study forecast
As a guide, the Appleton Greene Compliance Administration corporate training program should take 12-18 months to complete, depending upon your availability and current commitments. The reason why there is such a variance in time estimates is because every student is an individual, with differing productivity levels and different commitments. These differentiations are then exaggerated by the fact that this is a distance-learning program, which incorporates the practical integration of academic theory as an as a part of the training program. Consequently all of the project studies are real, which means that important decisions and compromises need to be made. You will want to get things right and will need to be patient with your expectations in order to ensure that they are. We would always recommend that you are prudent with your own task and time forecasts, but you still need to develop them and have a clear indication of what are realistic expectations in your case. With reference to your time planning: consider the time that you can realistically dedicate towards study with the program every week; calculate how long it should take you to complete the program, using the guidelines featured here; then break the program down into logical modules and allocate a suitable proportion of time to each of them, these will be your milestones; you can create a time plan by using a spreadsheet on your computer, or a personal organizer such as MS Outlook, you could also use a financial forecasting software; break your time forecasts down into manageable chunks of time, the more specific you can be, the more productive and accurate your time management will be; finally, use formulas where possible to do your time calculations for you, because this will help later on when your forecasts need to change in line with actual performance. With reference to your task planning: refer to your list of tasks that need to be undertaken in order to achieve your program objectives; with reference to your time plan, calculate when each task should be implemented; remember that you are not estimating when your objectives will be achieved, but when you will need to focus upon implementing the corresponding tasks; you also need to ensure that each task is implemented in conjunction with the associated training modules which are relevant; then break each single task down into a list of specific to do’s, say approximately ten to do’s for each task and enter these into your study plan; once again you could use MS Outlook to incorporate both your time and task planning and this could constitute your study plan; you could also use a project management software like MS Project. You should now have a clear and realistic forecast detailing when you can expect to be able to do something about undertaking the tasks to achieve your program objectives.
Performance management
It is one thing to develop your study forecast, it is quite another to monitor your progress. Ultimately it is less important whether you achieve your original study forecast and more important that you update it so that it constantly remains realistic in line with your performance. As you begin to work through the program, you will begin to have more of an idea about your own personal performance and productivity levels as a distance-learner. Once you have completed your first study module, you should re-evaluate your study forecast for both time and tasks, so that they reflect your actual performance level achieved. In order to achieve this you must first time yourself while training by using an alarm clock. Set the alarm for hourly intervals and make a note of how far you have come within that time. You can then make a note of your actual performance on your study plan and then compare your performance against your forecast. Then consider the reasons that have contributed towards your performance level, whether they are positive or negative and make a considered adjustment to your future forecasts as a result. Given time, you should start achieving your forecasts regularly.
With reference to time management: time yourself while you are studying and make a note of the actual time taken in your study plan; consider your successes with time-efficiency and the reasons for the success in each case and take this into consideration when reviewing future time planning; consider your failures with time-efficiency and the reasons for the failures in each case and take this into consideration when reviewing future time planning; re-evaluate your study forecast in relation to time planning for the remainder of your training program to ensure that you continue to be realistic about your time expectations. You need to be consistent with your time management, otherwise you will never complete your studies. This will either be because you are not contributing enough time to your studies, or you will become less efficient with the time that you do allocate to your studies. Remember, if you are not in control of your studies, they can just become yet another cause of stress for you.
With reference to your task management: time yourself while you are studying and make a note of the actual tasks that you have undertaken in your study plan; consider your successes with task-efficiency and the reasons for the success in each case; take this into consideration when reviewing future task planning; consider your failures with task-efficiency and the reasons for the failures in each case and take this into consideration when reviewing future task planning; re-evaluate your study forecast in relation to task planning for the remainder of your training program to ensure that you continue to be realistic about your task expectations. You need to be consistent with your task management, otherwise you will never know whether you are achieving your program objectives or not.
Keeping in touch
You will have access to qualified and experienced professors and tutors who are responsible for providing tutorial support for your particular training program. So don’t be shy about letting them know how you are getting on. We keep electronic records of all tutorial support emails so that professors and tutors can review previous correspondence before considering an individual response. It also means that there is a record of all communications between you and your professors and tutors and this helps to avoid any unnecessary duplication, misunderstanding, or misinterpretation. If you have a problem relating to the program, share it with them via email. It is likely that they have come across the same problem before and are usually able to make helpful suggestions and steer you in the right direction. To learn more about when and how to use tutorial support, please refer to the Tutorial Support section of this student information guide. This will help you to ensure that you are making the most of tutorial support that is available to you and will ultimately contribute towards your success and enjoyment with your training program.
Work colleagues and family
You should certainly discuss your program study progress with your colleagues, friends and your family. Appleton Greene training programs are very practical. They require you to seek information from other people, to plan, develop and implement processes with other people and to achieve feedback from other people in relation to viability and productivity. You will therefore have plenty of opportunities to test your ideas and enlist the views of others. People tend to be sympathetic towards distance-learners, so don’t bottle it all up in yourself. Get out there and share it! It is also likely that your family and colleagues are going to benefit from your labors with the program, so they are likely to be much more interested in being involved than you might think. Be bold about delegating work to those who might benefit themselves. This is a great way to achieve understanding and commitment from people who you may later rely upon for process implementation. Share your experiences with your friends and family.
Making it relevant
The key to successful learning is to make it relevant to your own individual circumstances. At all times you should be trying to make bridges between the content of the program and your own situation. Whether you achieve this through quiet reflection or through interactive discussion with your colleagues, client partners or your family, remember that it is the most important and rewarding aspect of translating your studies into real self-improvement. You should be clear about how you want the program to benefit you. This involves setting clear study objectives in relation to the content of the course in terms of understanding, concepts, completing research or reviewing activities and relating the content of the modules to your own situation. Your objectives may understandably change as you work through the program, in which case you should enter the revised objectives on your study plan so that you have a permanent reminder of what you are trying to achieve, when and why.
Distance-learning check-list
Prepare your study environment, your study tools and rules.
Undertake detailed self-assessment in terms of your ability as a learner.
Create a format for your study plan.
Consider your study objectives and tasks.
Create a study forecast.
Assess your study performance.
Re-evaluate your study forecast.
Be consistent when managing your study plan.
Use your Appleton Greene Certified Learning Provider (CLP) for tutorial support.
Make sure you keep in touch with those around you.
Tutorial Support
Programs
Appleton Greene uses standard and bespoke corporate training programs as vessels to transfer business process improvement knowledge into the heart of our clients’ organizations. Each individual program focuses upon the implementation of a specific business process, which enables clients to easily quantify their return on investment. There are hundreds of established Appleton Greene corporate training products now available to clients within customer services, e-business, finance, globalization, human resources, information technology, legal, management, marketing and production. It does not matter whether a client’s employees are located within one office, or an unlimited number of international offices, we can still bring them together to learn and implement specific business processes collectively. Our approach to global localization enables us to provide clients with a truly international service with that all important personal touch. Appleton Greene corporate training programs can be provided virtually or locally and they are all unique in that they individually focus upon a specific business function. They are implemented over a sustainable period of time and professional support is consistently provided by qualified learning providers and specialist consultants.
Support available
You will have a designated Certified Learning Provider (CLP) and an Accredited Consultant and we encourage you to communicate with them as much as possible. In all cases tutorial support is provided online because we can then keep a record of all communications to ensure that tutorial support remains consistent. You would also be forwarding your work to the tutorial support unit for evaluation and assessment. You will receive individual feedback on all of the work that you undertake on a one-to-one basis, together with specific recommendations for anything that may need to be changed in order to achieve a pass with merit or a pass with distinction and you then have as many opportunities as you may need to re-submit project studies until they meet with the required standard. Consequently the only reason that you should really fail (CLP) is if you do not do the work. It makes no difference to us whether a student takes 12 months or 18 months to complete the program, what matters is that in all cases the same quality standard will have been achieved.
Support Process
Please forward all of your future emails to the designated (CLP) Tutorial Support Unit email address that has been provided and please do not duplicate or copy your emails to other AGC email accounts as this will just cause unnecessary administration. Please note that emails are always answered as quickly as possible but you will need to allow a period of up to 20 business days for responses to general tutorial support emails during busy periods, because emails are answered strictly within the order in which they are received. You will also need to allow a period of up to 30 business days for the evaluation and assessment of project studies. This does not include weekends or public holidays. Please therefore kindly allow for this within your time planning. All communications are managed online via email because it enables tutorial service support managers to review other communications which have been received before responding and it ensures that there is a copy of all communications retained on file for future reference. All communications will be stored within your personal (CLP) study file here at Appleton Greene throughout your designated study period. If you need any assistance or clarification at any time, please do not hesitate to contact us by forwarding an email and remember that we are here to help. If you have any questions, please list and number your questions succinctly and you can then be sure of receiving specific answers to each and every query.
Time Management
It takes approximately 1 Year to complete the Compliance Administration corporate training program, incorporating 12 x 6-hour monthly workshops. Each student will also need to contribute approximately 4 hours per week over 1 Year of their personal time. Students can study from home or work at their own pace and are responsible for managing their own study plan. There are no formal examinations and students are evaluated and assessed based upon their project study submissions, together with the quality of their internal analysis and supporting documents. They can contribute more time towards study when they have the time to do so and can contribute less time when they are busy. All students tend to be in full time employment while studying and the Compliance Administration program is purposely designed to accommodate this, so there is plenty of flexibility in terms of time management. It makes no difference to us at Appleton Greene, whether individuals take 12-18 months to complete this program. What matters is that in all cases the same standard of quality will have been achieved with the standard and bespoke programs that have been developed.
Distance Learning Guide
The distance learning guide should be your first port of call when starting your training program. It will help you when you are planning how and when to study, how to create the right environment and how to establish the right frame of mind. If you can lay the foundations properly during the planning stage, then it will contribute to your enjoyment and productivity while training later. The guide helps to change your lifestyle in order to accommodate time for study and to cultivate good study habits. It helps you to chart your progress so that you can measure your performance and achieve your goals. It explains the tools that you will need for study and how to make them work. It also explains how to translate academic theory into practical reality. Spend some time now working through your distance learning guide and make sure that you have firm foundations in place so that you can make the most of your distance learning program. There is no requirement for you to attend training workshops or classes at Appleton Greene offices. The entire program is undertaken online, program course manuals and project studies are administered via the Appleton Greene web site and via email, so you are able to study at your own pace and in the comfort of your own home or office as long as you have a computer and access to the internet.
How To Study
The how to study guide provides students with a clear understanding of the Appleton Greene facilitation via distance learning training methods and enables students to obtain a clear overview of the training program content. It enables students to understand the step-by-step training methods used by Appleton Greene and how course manuals are integrated with project studies. It explains the research and development that is required and the need to provide evidence and references to support your statements. It also enables students to understand precisely what will be required of them in order to achieve a pass with merit and a pass with distinction for individual project studies and provides useful guidance on how to be innovative and creative when developing your Unique Program Proposition (UPP).
Tutorial Support
Tutorial support for the Appleton Greene Compliance Administration corporate training program is provided online either through the Appleton Greene Client Support Portal (CSP), or via email. All tutorial support requests are facilitated by a designated Program Administration Manager (PAM). They are responsible for deciding which professor or tutor is the most appropriate option relating to the support required and then the tutorial support request is forwarded onto them. Once the professor or tutor has completed the tutorial support request and answered any questions that have been asked, this communication is then returned to the student via email by the designated Program Administration Manager (PAM). This enables all tutorial support, between students, professors and tutors, to be facilitated by the designated Program Administration Manager (PAM) efficiently and securely through the email account. You will therefore need to allow a period of up to 20 business days for responses to general support queries and up to 30 business days for the evaluation and assessment of project studies, because all tutorial support requests are answered strictly within the order in which they are received. This does not include weekends or public holidays. Consequently you need to put some thought into the management of your tutorial support procedure in order to ensure that your study plan is feasible and to obtain the maximum possible benefit from tutorial support during your period of study. Please retain copies of your tutorial support emails for future reference. Please ensure that ALL of your tutorial support emails are set out using the format as suggested within your guide to tutorial support. Your tutorial support emails need to be referenced clearly to the specific part of the course manual or project study which you are working on at any given time. You also need to list and number any questions that you would like to ask, up to a maximum of five questions within each tutorial support email. Remember the more specific you can be with your questions the more specific your answers will be too and this will help you to avoid any unnecessary misunderstanding, misinterpretation, or duplication. The guide to tutorial support is intended to help you to understand how and when to use support in order to ensure that you get the most out of your training program. Appleton Greene training programs are designed to enable you to do things for yourself. They provide you with a structure or a framework and we use tutorial support to facilitate students while they practically implement what they learn. In other words, we are enabling students to do things for themselves. The benefits of distance learning via facilitation are considerable and are much more sustainable in the long-term than traditional short-term knowledge sharing programs. Consequently you should learn how and when to use tutorial support so that you can maximize the benefits from your learning experience with Appleton Greene. This guide describes the purpose of each training function and how to use them and how to use tutorial support in relation to each aspect of the training program. It also provides useful tips and guidance with regard to best practice.
Tutorial Support Tips
Students are often unsure about how and when to use tutorial support with Appleton Greene. This Tip List will help you to understand more about how to achieve the most from using tutorial support. Refer to it regularly to ensure that you are continuing to use the service properly. Tutorial support is critical to the success of your training experience, but it is important to understand when and how to use it in order to maximize the benefit that you receive. It is no coincidence that those students who succeed are those that learn how to be positive, proactive and productive when using tutorial support.
Be positive and friendly with your tutorial support emails
Remember that if you forward an email to the tutorial support unit, you are dealing with real people. “Do unto others as you would expect others to do unto you”. If you are positive, complimentary and generally friendly in your emails, you will generate a similar response in return. This will be more enjoyable, productive and rewarding for you in the long-term.
Think about the impression that you want to create
Every time that you communicate, you create an impression, which can be either positive or negative, so put some thought into the impression that you want to create. Remember that copies of all tutorial support emails are stored electronically and tutors will always refer to prior correspondence before responding to any current emails. Over a period of time, a general opinion will be arrived at in relation to your character, attitude and ability. Try to manage your own frustrations, mood swings and temperament professionally, without involving the tutorial support team. Demonstrating frustration or a lack of patience is a weakness and will be interpreted as such. The good thing about communicating in writing, is that you will have the time to consider your content carefully, you can review it and proof-read it before sending your email to Appleton Greene and this should help you to communicate more professionally, consistently and to avoid any unnecessary knee-jerk reactions to individual situations as and when they may arise. Please also remember that the CLP Tutorial Support Unit will not just be responsible for evaluating and assessing the quality of your work, they will also be responsible for providing recommendations to other learning providers and to client contacts within the Appleton Greene global client network, so do be in control of your own emotions and try to create a good impression.
Remember that quality is preferred to quantity
Please remember that when you send an email to the tutorial support team, you are not using Twitter or Text Messaging. Try not to forward an email every time that you have a thought. This will not prove to be productive either for you or for the tutorial support team. Take time to prepare your communications properly, as if you were writing a professional letter to a business colleague and make a list of queries that you are likely to have and then incorporate them within one email, say once every month, so that the tutorial support team can understand more about context, application and your methodology for study. Get yourself into a consistent routine with your tutorial support requests and use the tutorial support template provided with ALL of your emails. The (CLP) Tutorial Support Unit will not spoon-feed you with information. They need to be able to evaluate and assess your tutorial support requests carefully and professionally.
Be specific about your questions in order to receive specific answers
Try not to write essays by thinking as you are writing tutorial support emails. The tutorial support unit can be unclear about what in fact you are asking, or what you are looking to achieve. Be specific about asking questions that you want answers to. Number your questions. You will then receive specific answers to each and every question. This is the main purpose of tutorial support via email.
Keep a record of your tutorial support emails
It is important that you keep a record of all tutorial support emails that are forwarded to you. You can then refer to them when necessary and it avoids any unnecessary duplication, misunderstanding, or misinterpretation.
Individual training workshops or telephone support
Please be advised that Appleton Greene does not provide separate or individual tutorial support meetings, workshops, or provide telephone support for individual students. Appleton Greene is an equal opportunities learning and service provider and we are therefore understandably bound to treat all students equally. We cannot therefore broker special financial or study arrangements with individual students regardless of the circumstances. All tutorial support is provided online and this enables Appleton Greene to keep a record of all communications between students, professors and tutors on file for future reference, in accordance with our quality management procedure and your terms and conditions of enrolment. All tutorial support is provided online via email because it enables us to have time to consider support content carefully, it ensures that you receive a considered and detailed response to your queries. You can number questions that you would like to ask, which relate to things that you do not understand or where clarification may be required. You can then be sure of receiving specific answers to each individual query. You will also then have a record of these communications and of all tutorial support, which has been provided to you. This makes tutorial support administration more productive by avoiding any unnecessary duplication, misunderstanding, or misinterpretation.
Tutorial Support Email Format
You should use this tutorial support format if you need to request clarification or assistance while studying with your training program. Please note that ALL of your tutorial support request emails should use the same format. You should therefore set up a standard email template, which you can then use as and when you need to. Emails that are forwarded to Appleton Greene, which do not use the following format, may be rejected and returned to you by the (CLP) Program Administration Manager. A detailed response will then be forwarded to you via email usually within 20 business days of receipt for general support queries and 30 business days for the evaluation and assessment of project studies. This does not include weekends or public holidays. Your tutorial support request, together with the corresponding TSU reply, will then be saved and stored within your electronic TSU file at Appleton Greene for future reference.
Subject line of your email
Please insert: Appleton Greene (CLP) Tutorial Support Request: (Your Full Name) (Date), within the subject line of your email.
Main body of your email
Please insert:
1. Appleton Greene Certified Learning Provider (CLP) Tutorial Support Request
2. Your Full Name
3. Date of TS request
4. Preferred email address
5. Backup email address
6. Course manual page name or number (reference)
7. Project study page name or number (reference)
Subject of enquiry
Please insert a maximum of 50 words (please be succinct)
Briefly outline the subject matter of your inquiry, or what your questions relate to.
Question 1
Maximum of 50 words (please be succinct)
Maximum of 50 words (please be succinct)
Question 3
Maximum of 50 words (please be succinct)
Question 4
Maximum of 50 words (please be succinct)
Question 5
Maximum of 50 words (please be succinct)
Please note that a maximum of 5 questions is permitted with each individual tutorial support request email.
Procedure
* List the questions that you want to ask first, then re-arrange them in order of priority. Make sure that you reference them, where necessary, to the course manuals or project studies.
* Make sure that you are specific about your questions and number them. Try to plan the content within your emails to make sure that it is relevant.
* Make sure that your tutorial support emails are set out correctly, using the Tutorial Support Email Format provided here.
* Save a copy of your email and incorporate the date sent after the subject title. Keep your tutorial support emails within the same file and in date order for easy reference.
* Allow up to 20 business days for a response to general tutorial support emails and up to 30 business days for the evaluation and assessment of project studies, because detailed individual responses will be made in all cases and tutorial support emails are answered strictly within the order in which they are received.
* Emails can and do get lost. So if you have not received a reply within the appropriate time, forward another copy or a reminder to the tutorial support unit to be sure that it has been received but do not forward reminders unless the appropriate time has elapsed.
* When you receive a reply, save it immediately featuring the date of receipt after the subject heading for easy reference. In most cases the tutorial support unit replies to your questions individually, so you will have a record of the questions that you asked as well as the answers offered. With project studies however, separate emails are usually forwarded by the tutorial support unit, so do keep a record of your own original emails as well.
* Remember to be positive and friendly in your emails. You are dealing with real people who will respond to the same things that you respond to.
* Try not to repeat questions that have already been asked in previous emails. If this happens the tutorial support unit will probably just refer you to the appropriate answers that have already been provided within previous emails.
* If you lose your tutorial support email records you can write to Appleton Greene to receive a copy of your tutorial support file, but a separate administration charge may be levied for this service.
How To Study
Your Certified Learning Provider (CLP) and Accredited Consultant can help you to plan a task list for getting started so that you can be clear about your direction and your priorities in relation to your training program. It is also a good way to introduce yourself to the tutorial support team.
Planning your study environment
Your study conditions are of great importance and will have a direct effect on how much you enjoy your training program. Consider how much space you will have, whether it is comfortable and private and whether you are likely to be disturbed. The study tools and facilities at your disposal are also important to the success of your distance-learning experience. Your tutorial support unit can help with useful tips and guidance, regardless of your starting position. It is important to get this right before you start working on your training program.
Planning your program objectives
It is important that you have a clear list of study objectives, in order of priority, before you start working on your training program. Your tutorial support unit can offer assistance here to ensure that your study objectives have been afforded due consideration and priority.
Planning how and when to study
Distance-learners are freed from the necessity of attending regular classes, since they can study in their own way, at their own pace and for their own purposes. This approach is designed to let you study efficiently away from the traditional classroom environment. It is important however, that you plan how and when to study, so that you are making the most of your natural attributes, strengths and opportunities. Your tutorial support unit can offer assistance and useful tips to ensure that you are playing to your strengths.
Planning your study tasks
You should have a clear understanding of the study tasks that you should be undertaking and the priority associated with each task. These tasks should also be integrated with your program objectives. The distance learning guide and the guide to tutorial support for students should help you here, but if you need any clarification or assistance, please contact your tutorial support unit.
Planning your time
You will need to allocate specific times during your calendar when you intend to study if you are to have a realistic chance of completing your program on time. You are responsible for planning and managing your own study time, so it is important that you are successful with this. Your tutorial support unit can help you with this if your time plan is not working.
Keeping in touch
Consistency is the key here. If you communicate too frequently in short bursts, or too infrequently with no pattern, then your management ability with your studies will be questioned, both by you and by your tutorial support unit. It is obvious when a student is in control and when one is not and this will depend how able you are at sticking with your study plan. Inconsistency invariably leads to in-completion.
Charting your progress
Your tutorial support team can help you to chart your own study progress. Refer to your distance learning guide for further details.
Making it work
To succeed, all that you will need to do is apply yourself to undertaking your training program and interpreting it correctly. Success or failure lies in your hands and your hands alone, so be sure that you have a strategy for making it work. Your Certified Learning Provider (CLP) and Accredited Consultant can guide you through the process of program planning, development and implementation.
Reading methods
Interpretation is often unique to the individual but it can be improved and even quantified by implementing consistent interpretation methods. Interpretation can be affected by outside interference such as family members, TV, or the Internet, or simply by other thoughts which are demanding priority in our minds. One thing that can improve our productivity is using recognized reading methods. This helps us to focus and to be more structured when reading information for reasons of importance, rather than relaxation.
Speed reading
When reading through course manuals for the first time, subconsciously set your reading speed to be just fast enough that you cannot dwell on individual words or tables. With practice, you should be able to read an A4 sheet of paper in one minute. You will not achieve much in the way of a detailed understanding, but your brain will retain a useful overview. This overview will be important later on and will enable you to keep individual issues in perspective with a more generic picture because speed reading appeals to the memory part of the brain. Do not worry about what you do or do not remember at this stage.
Content reading
Once you have speed read everything, you can then start work in earnest. You now need to read a particular section of your course manual thoroughly, by making detailed notes while you read. This process is called Content Reading and it will help to consolidate your understanding and interpretation of the information that has been provided.
Making structured notes on the course manuals
When you are content reading, you should be making detailed notes, which are both structured and informative. Make these notes in a MS Word document on your computer, because you can then amend and update these as and when you deem it to be necessary. List your notes under three headings: 1. Interpretation – 2. Questions – 3. Tasks. The purpose of the 1st section is to clarify your interpretation by writing it down. The purpose of the 2nd section is to list any questions that the issue raises for you. The purpose of the 3rd section is to list any tasks that you should undertake as a result. Anyone who has graduated with a business-related degree should already be familiar with this process.
Organizing structured notes separately
You should then transfer your notes to a separate study notebook, preferably one that enables easy referencing, such as a MS Word Document, a MS Excel Spreadsheet, a MS Access Database, or a personal organizer on your cell phone. Transferring your notes allows you to have the opportunity of cross-checking and verifying them, which assists considerably with understanding and interpretation. You will also find that the better you are at doing this, the more chance you will have of ensuring that you achieve your study objectives.
Question your understanding
Do challenge your understanding. Explain things to yourself in your own words by writing things down.
Clarifying your understanding
If you are at all unsure, forward an email to your tutorial support unit and they will help to clarify your understanding.
Question your interpretation
Do challenge your interpretation. Qualify your interpretation by writing it down.
Clarifying your interpretation
If you are at all unsure, forward an email to your tutorial support unit and they will help to clarify your interpretation.
Qualification Requirements
The student will need to successfully complete the project study and all of the exercises relating to the Compliance Administration corporate training program, achieving a pass with merit or distinction in each case, in order to qualify as an Accredited Compliance Administration Specialist (APTS). All monthly workshops need to be tried and tested within your company. These project studies can be completed in your own time and at your own pace and in the comfort of your own home or office. There are no formal examinations, assessment is based upon the successful completion of the project studies. They are called project studies because, unlike case studies, these projects are not theoretical, they incorporate real program processes that need to be properly researched and developed. The project studies assist us in measuring your understanding and interpretation of the training program and enable us to assess qualification merits. All of the project studies are based entirely upon the content within the training program and they enable you to integrate what you have learnt into your corporate training practice.
Compliance Administration – Grading Contribution
Project Study – Grading Contribution
Customer Service – 10%
E-business – 05%
Finance – 10%
Globalization – 10%
Human Resources – 10%
Information Technology – 10%
Legal – 05%
Management – 10%
Marketing – 10%
Production – 10%
Education – 05%
Logistics – 05%
TOTAL GRADING – 100%
Qualification grades
A mark of 90% = Pass with Distinction.
A mark of 75% = Pass with Merit.
A mark of less than 75% = Fail.
If you fail to achieve a mark of 75% with a project study, you will receive detailed feedback from the Certified Learning Provider (CLP) and/or Accredited Consultant, together with a list of tasks which you will need to complete, in order to ensure that your project study meets with the minimum quality standard that is required by Appleton Greene. You can then re-submit your project study for further evaluation and assessment. Indeed you can re-submit as many drafts of your project studies as you need to, until such a time as they eventually meet with the required standard by Appleton Greene, so you need not worry about this, it is all part of the learning process.
When marking project studies, Appleton Greene is looking for sufficient evidence of the following:
Pass with merit
A satisfactory level of program understanding
A satisfactory level of program interpretation
A satisfactory level of project study content presentation
A satisfactory level of Unique Program Proposition (UPP) quality
A satisfactory level of the practical integration of academic theory
Pass with distinction
An exceptional level of program understanding
An exceptional level of program interpretation
An exceptional level of project study content presentation
An exceptional level of Unique Program Proposition (UPP) quality
An exceptional level of the practical integration of academic theory
Preliminary Analysis
Online Article
By Edward H. Freeman JD, MCP and MCT
Taylor & Francis Online,
Dec 19, 2007.
“Regulatory Compliance and the Chief Compliance Officer
Introduction
Character is doing the right thing when nobody is looking. There are too many people who think that … the only thing that’s wrong is to get caught.
J.C. Watts
The public disgrace and downfall of once-respected corporations such as Enron, Arthur Andersen, and WorldCom cost the economy and innocent parties billions of dollars. Legislation requiring tight restrictions on corporate behavior soon followed. To conform to these tight new regulations, the role of chief compliance officer (CCO) has taken on new importance in the corporate environment. The CCO has long existed at organizations “that operate in heavily regulated industries such as financial services, government agencies and health care”. 1 Legislation such as the Sarbanes-Oxley Act (SOX) and the recommendations of the U. S. Federal Sentencing Guidelines have made accounting responsibility more crucial and made the CCO a necessity in any firm.
“Every major corporation in America has, as a stated goal, the need for an effective corporate compliance program.” 2 The lack of an effective compliance program may result in criminal and civil exposure for a corporation, as well its directors and executives. Establishment and enforcement are essential for the ongoing success of any major organization today. Selecting a CCO to manage and maintain this program effectively is an integral part of this process.
“It is critical that firms establish a strong culture of compliance that guides and reinforces employees as they make decisions and choices each day.” 3 Federal guidelines demand that firm corporate compliance regulations be in place and enforced. The Federal Sentencing Guidelines state:
Convicted individual agents of organizations are sentenced in accordance with the guidelines and policy statements in the preceding chapters. This chapter is designed so that the sanctions imposed upon organizations and their agents, taken together, will provide just punishment, adequate deterrence and incentives for organizations to maintain internal mechanisms for preventing, detecting and reporting criminal conduct. 4
This article deals with the role of the CCO in the corporate environment and how this position is crucial in creating and maintaining the security of sensitive corporate information. It also discusses the requirements for hiring a CCO and the support necessary from senior management in making this role successful.
Responsibility For Corporate Compliance
A corporate compliance program is a system designed to detect and prevent violations of law by the agents, employees, officers, and directors of a business. An effective compliance program is not limited to corporations. All business entities, including partnerships and nonprofits, should establish such a plan. 5
In 1991, the federal government enacted the Organizational Sentencing Guidelines (Chapter 8 of the Federal Sentencing Guidelines). Chapter 8 is an effort to make the penalties for corporate crime both uniform and predictable, to encourage “good corporate citizenship.” Penalties under the guidelines include fines, imprisonment, and corporate probation. These penalties are mandatory when a business does not have an effective compliance program. Corporate probation involves intense federal monitoring of the organization and mandatory adoption of a compliance program designed by the government. Such a plan is often far more expensive and probing than a voluntary compliance program would have been.
The guidelines take a “carrot and stick” approach in order to encourage businesses to police themselves. They assign a base fine for each violation, which can be increased or decreased based upon certain aggravating or mitigating factors. The existence of an effective corporate compliance program is one such mitigating factor. An organization with such a program may receive a substantially reduced fine and may be able to avoid corporate probation and criminal prosecution altogether. The guidelines contain detailed criteria that must be satisfied if a compliance program is to be effective.
Courts have established personal liability for corporate directors when their corporations have failed to comply with applicable legal standards. In a 1996 decision by the Delaware Court of Chancery, 6 the court clearly defined and established a director’s duty of care to prevent employee oversights. “A director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses.” Because it created the possibility of personal liability for misconduct by directors (and heavy fines and imprisonment for the directors themselves), Caremark forced directors to be sure that their organizations comply with applicable laws.
Under the Federal Sentencing Guidelines, organizations that create an effective compliance program to prevent and detect violations of the law can minimize prescribed fines. Organizations that condone or tolerate previously criminal activity will receive more severe punishments. 7 As originally adopted, the guidelines define an “effective program to prevent and detect violations of law” as a “program that has been reasonably designed, implemented, and enforced so as to prevent and detect the instant offense.” The 1991 guidelines provide that the “hallmark” of an effective program is “that the organization exercise due diligence in seeking to prevent and detect criminal conduct by its employees and other agents” 8 (emphasis added). Due diligence requires “at a minimum” that the organization adopt a compliance program. The courts will consider a company’s compliance program effective only if it meets the following minimum standards:”
If you would like to know more, Click Here
Online Article
By Hui Chen and Eugene Soltes
Harvard Business Review,
Mar-April, 2018.
“ Why Compliance Programs Fail —and How to Fix Them
Millions of fraudulent accounts at Wells Fargo. Systemic deception by Volkswagen about its vehicles’ emission levels. Widespread bribery at Petrobras that damaged both the government and the economy of Brazil. While those corporate scandals made headlines in recent years, countless others failed to penetrate the global consciousness. According to the Association of Certified Fraud Examiners, almost half of all fraud cases are never reported publicly, and a typical organization loses close to $3 million in annual revenue to fraud. Furthermore, of the nearly 3,000 executives interviewed for EY’s 2016 Global Fraud Survey, 42% said they could justify unethical behavior to meet financial targets. Clearly, malfeasance remains deeply entrenched in private enterprises today.
The ubiquity of corporate misconduct is especially surprising given the staggering amount firms spend on compliance efforts—the training programs, hotlines, and other systems designed to prevent and detect violations of laws, regulations, and company policies. The average multinational spends several million dollars a year on compliance, while in highly regulated industries—like financial services and defense—the costs can be in the tens or even hundreds of millions. Still, all these assessments deeply underestimate the true costs of compliance, because training and other compliance activities consume thousands of valuable employee hours every year.
Many executives are rightly frustrated about paying immense and growing compliance costs without seeing clear benefits. And yet they continue to invest—not because they think it’s necessarily productive but because they fear exposing their organizations to greater liability should they fail to spend enough. Employees, too, often resent compliance programs, seeing them as a series of box-checking routines and mindless training exercises. In our view, all this expense and frustration is tragic—and avoidable.
We’re both acutely aware of the perceptions and challenges surrounding compliance. From November 2015 until her resignation in June 2017, Chen served as the sole (and first-ever) compliance consultant at the U.S. Department of Justice (DOJ), advising prosecutors in evaluating the compliance efforts of companies under investigation. Soltes, in his research at Harvard Business School, has studied the obstacles general counsels and compliance officers face in ascertaining how well their programs work and explaining the benefits to others in their organizations. It’s obvious to us that the value of compliance must be made clearer to company leaders and employees alike.
The answer, we believe, lies in better measurement. At its core, the idea is as simple as it is crucial: Firms cannot design effective compliance programs without effective measurement tools. For many firms, appropriate measurement can spur the creation of leaner and ultimately more-effective compliance programs. Put simply, better compliance measurement leads to better compliance management.
How We Got to This Point To appreciate how compliance evolved into its current state, let’s consider how such programs began. Following a stream of corporate scandals in the United States in the 1970s and 1980s, industry groups banded together and adopted internal policies and procedures for reporting and trying to prevent misconduct. Those efforts helped assuage legislators who had sought to more heavily regulate and penalize firms for dishonest practices. Self-policing appealed to business leaders as a way to avoid the cost and disruption of additional regulation. It also eased the investigative burden on regulators, and many people believed it would successfully deter wrongdoing.
Attracted by the perceived benefits, in 1991 the U.S. Sentencing Commission (USSC) amended its guidelines and offered firms substantially reduced fines if they could show that they had an “effective compliance program.” A series of memoranda from senior officials at the DOJ soon followed, urging prosecutors to consider the effectiveness of a firm’s compliance program when deciding on criminal charges. Those efforts were intended not only to encourage better monitoring by companies but also to recognize that firms can become victims of rogue employees. Other civil regulators, including the Securities and Exchange Commission, the U.S. Department of Health and Human Services, and the Environmental Protection Agency, also adopted this carrot-and-stick approach to compliance.”
If you would like to know more, Click Here
Online Article
By Jimmy Rowe and Barbara Stover Gingerich
Sage Journals,
Aug 2, 2011.
“ The Eight Elements of an “Effective” Compliance Program: A Primer for Home Health Care Providers
Abstract
This article outlines practical suggestions that home health care providers can utilize to develop an effective compliance program that meets the standards and requirements. The program model was designed to meet the New York State Medicaid regulations but is easily transferable to other state and federal compliance program requirements. By using these elements, a compliance program can be put in place for other state Medicaid programs providing services in the home care setting. The article is intended to expand the home health care provider’s organizational inquiry into identifying the most salient areas to be considered in the development of the compliance program’s eight required elements. Providers are encouraged to compare existing compliance programs to the required eight elements to assure ongoing comprehensiveness of their existing programs.
Introduction
The home health care providers changing compliance landscape has been shifting as if it were built on sand. This leaves many health care providers without sure footing relative to compliance effectiveness. Many providers believe that this shift will be burdensome. Previously, Medicaid home health care providers were under the mandates and stipulations of the United States Federal Sentencing Guidelines. Recently, New York State enacted new Medicaid regulations that require health care providers to adopt compliance program elements that include, but are not limited to, creating written policies and procedures containing a code of ethical conduct accessible by all staff, training all affected personnel, and establishing a culture in the agency that encourages questions and reporting. This new regulatory mandate also includes a stipulation that affects “70,000 providers, which is to be ‘certified’ annually so that they have an ‘effective’ Compliance Program in place.” This plan must be not only developed but also implemented. (Hussar, 2009)
From a broader perspective, what is most notable about the new regulations is their potential to prompt similar actions in other states; that is, acting as a dam breaker event that will encourage Medicaid and even charity regulators in other states to pursue similar regulations. This is particularly the case given both the federal- and state-level emphasis on reducing Medicare and Medicaid fraud and preserving charitable assets and the broader national focus on addressing health care quality issues both as a matter of governance oversight and compliance management.
History
The New York State [NYS] Governor issued Executive Order 140.1, which established the Office of the Medicaid Inspector General (OMIG) as an independent of the entity with the Department of Health in 2006. Their joint mission was “to improve the efficiency and accountability of the NYS Medicaid program by preventing and detecting fraudulent, wasteful, and abusive practices.” (Executive Order, 2006)
The NYS legislature recognized that there was a need to provide a comprehensive approach to compliance and that it needed to be cognizant of a wide variety of provider types in the medical assistance program. The legislation also recognized the need for compliance programs that reflect a provider’s size, complexity, resources, and culture. As a result, the NYS legislative promulgated a new Part 521, entitled “Provider Compliance Programs,” that was added to Title 18 of the Codes, Rules, and Regulations of the State of New York (NYS Comprehensive Code). One major inclusion was that the mandated compliance program be “effective” and include eight mandatory elements that would be needed to have an effective program. Prior to this legislation, affected home health care providers developed and implemented compliance plans pursuant to the seven steps that were part of the Federal requirements pursuant to the United States Sentencing Guidelines. The paradigm shift from seven steps to eight elements has stunned a significant number of providers and left them without sure footing as to the conformity of their existing compliance program.”
If you would like to know more, Click Here
Online Article
By Tom Tyler, John Dienhart & Terry Thomas
Sage Journals,
Jan 01, 2008.
“ The Ethical Commitment To Compliance: Building Value-Based Cultures
The 1991 Federal Sentencing Guidelines for Organizations are credited with the rapid spread of ethics and compliance offices in organizations.1 The Guidelines laid out the now well-known “seven steps” for an effective ethics and compliance program. To induce companies to implement the seven steps, the Guidelines offered a carrot and a stick. Companies with effective ethics and compliance programs can reduce fines by up to 95%. Those without effective programs can have fines increased by up to 400%. As a result, organizations created ethics and compliance offices to reduce the legal liability of the organization. As the number of ethics officers grew, the development of professional organizations such as the Ethics Officers Association2 and the Fellows Program at the Ethics Resource Center3 followed.4 An interesting dichotomy developed between what ethics and compliance officers did at work and the programmatic emphasis of these new professional organizations. At work, the emphasis was on a command-and-control approach to promote compliance: rules, punishment, training, and reporting. At the EOA and the ERC Fellows Program, the emphasis was on values and integrity to promote compliance. The values-and-integrity approach can be thought of as a market-based approach because employees are asked to “buy into” the values of the organization. Which of these approaches is more effective in promoting compliance? CALIFORNIA MANAGEMENT REVIEW VOL. 50, NO. 2 WINTER 2008 CMR.BERKELEY.EDU 31 This article is based upon a presentation first made at the Ethics Resource Center in Washington DC, July 2005. We presented revised versions at the meetings of the Ethics and Compliance Officers Association in Santa Fe, New Mexico, in April 2006 and in Salt Lake City, Utah, in October 2006. We thank the participants at these sessions for valuable feedback and suggestions regarding our approach. We also thank Ryan T. Hicks for his assistance in preparing this manuscript. We thank Scott Killingsworth, Linda Treviño, and an anonymous reviewer for helpful comments on drafts of this article.
In 1994, Lynne Sharp Paine of Harvard argued that the values-andintegrity approach is more effective in promoting compliance in her now famous HBR article, “Managing for Organizational Integrity.”5 The values-and-integrity approach, Paine argues, rests on employees governing their own behavior by voluntarily choosing compliance behavior because they believe it to be the best way to act. Paine argues that the goal is to have the employees engage with and adopt the values of the organization as their own. Prominent in her examples are managers and employees talking about the values and how people of integrity use them to guide decision-making. When this engagement occurs, employees are more likely to comply with rules even when they are not monitored. Such employees come to be good stewards of the company’s values, helping to instill them in new employees and actively discouraging those who seek to violate them. In this approach, enforcement of standards does not belong solely to ethics officers and their designees, but to all employees.
A study by Treviño et al. in 1999 was the first large-scale attempt to measure and compare the effectiveness of a rules-and-punishment approach with a values-and-integrity approach to compliance.6 This study supports Paine’s contention that a values approach is more effective than a compliance approach. The researchers surveyed 10,000 employees in six industries. Compared to compliance-based programs, values-based programs had fewer reports of unethical conduct, higher levels of ethical awareness, more employees seeking advice about ethical issues, and a higher likelihood of employees reporting violations.
Treviño et al. also looked at ethical culture as a factor separate from formal programs, and here the results were especially eye-opening. Culture had more influence than did either ethics or compliance programs. Cultures in which employees reported most frequently following rules had a good leadership models and, in order of importance, were fair, rewarded ethical behavior, and punished unethical behavior. Research by Tyler and Blader further supports the importance of culture.7 They found that estimates of the likelihood of being caught and punished for wrongdoing has a less powerful influence on rule-related behavior than did values.
In 2002, Sarbanes-Oxley was passed in response to the large corporate frauds of Enron, WorldCom, and others. Ethics officers at the Ethics Resource Center and the Officers Association talked about how the Sarbanes-Oxley act was influencing their organizations to take a more command-and-control approach to compliance. Ethics officers were getting little traction by presenting research that a market approach based on values-and-integrity programs was more effective than a command-and-control approach to programs and culture
The 2004 revisions to the Federal Sentencing Guidelines for Organizations changed the ethics and compliance landscape once again. One of the most significant revisions in the 2004 Guidelines was the emphasis on organizational culture. The Guidelines stated that organizations should “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”8 Especially powerful here is the notion of a “commitment to compliance,” which goes beyond behavior. It signals the importance of engaging employee values to generate a commitment to comply with the law. If a company does not establish a “culture that encourages ethical conduct and a commitment to compliance,” all the positive work done to establish formal ethics and conduct programs would be at risk.”
If you would like to know more, Click Here
Course Manuals 1-12
Course Manual 1: Culture
A strong culture of ethics and compliance is the foundation of an effective risk management program in a company climate where reputational hazards lie around every turn. The lessons learnt from scandals and organizational crises dating back to the early 2000s are clear: businesses will always be at danger unless they have an ethical and compliant culture. In truth, culture is increasingly being defined, assessed, and developed, rather than remaining a lofty, “squishy” concept.
Culture has long played a significant role in how businesses operate. So, why has it recently gotten so much attention? One reason is that regulators have realized that without a culture of integrity, firms are more likely to see compliance initiatives as a series of check-the-box tasks, or worse, as an impediment to accomplishing their business goals. In fact, some of the most heinous acts of corruption were committed by corporations with impressive, codified compliance policies. The problem was that either the leadership or a number of powerful insiders broke the rules.
What Exactly is an Integrity Culture?
One of the most important factors influencing employee behavior is company culture. Strong cultures share two characteristics: a high level of consensus on what is valued, as well as a high level of intensity around those values. Naturally, not all societies promote moral or ethical behavior. A strong culture of integrity is the beginning point for establishing world-class compliance processes.
“Fundamentally, culture is about how things get done in an organization. The power of culture can be extraordinary.” – Deloitte Advisory principal Maureen Mohlenkamp, Deloitte & Touche LLP
• Organizational values: A set of explicit values that stresses the organization’s dedication to legal and regulatory compliance, honesty, and corporate ethics, among other things.
• Tone at the top: Executive leadership and senior managers throughout the organization encourage employees and business partners to act legally and ethically, in accordance with compliance and policy requirements.
• Messaging consistency: Operational mandates and business imperatives are consistent with compliance statements from leadership.
• The banner is carried by middle management: Supervisors on the front lines and in mid-management put principles into action. They frequently employ the use of stories and symbols to encourage ethical behavior.
• Employees across the organization are comfortable speaking up about legal, compliance, and ethics questions and concerns without fear of reprisal. People are more likely to trust an organization if they sense they will be heard. As a result, teams will perform better and employees will be more engaged.
• Accountability: Senior executives hold themselves and those reporting to them responsible for following the law and company policy.
• The hire-to-retire life cycle: The company hires and screens personnel based on both their character and their competence. The onboarding process instills organizational principles in new employees, and mentoring reinforces those beliefs. Employees are treated well when they leave or retire, resulting in lifelong friendships.
• Incentives and rewards: Employees are rewarded and promoted in part because they adhere to ethical standards. It is obvious that not only is good behavior rewarded, but that bad behavior (such as attaining results regardless of method) can have negative effects.
• Procedural justice: Internal disputes are resolved fairly at all levels of the company. Employees may not always agree with conclusions, but if they believe a process has been fairly conducted and they have been treated fairly, they will accept them.
Positive cultures in organizations foster trusting connections with stakeholders. Those ties, in our experience, become reciprocal; stakeholders trust the company and the brand. This fosters loyalty among employees, customers, and suppliers. A strong culture aids in the development of beneficial connections with regulators as well as the attraction of long-term investors. A culture of integrity, in the end, reflects superior, long-term performance.
Accepting the Challenges
More and more businesses are deciding to build additional structure around their compliance program. Appointing a Chief Ethics Officer (or expanding the Chief Compliance Officer’s role to include specific responsibility for the ethics program), improving the code of conduct and related controls and procedures, and increasing accountability for behavior through training and performance assessments are all examples of this. These activities, in our view, are a fantastic start toward building a strong culture and will aid larger risk management and compliance initiatives.
Establishing a strong culture of integrity is not a one-time effort with a start and finish date, and it is not always easy. Despite their best efforts, many organizations may face a variety of challenges.
Creating a Culture
Most CEOs believe they can define and understand their company’s culture. However, there is frequently a disconnect between how management understands the culture and how the rest of the company does. Leaders make the mistake of assuming they always have their finger on the pulse of the company’s culture. Organizations can set up listening posts, such as cultural assessments utilizing employee surveys and independent observers, to acquire a more accurate image. It’s also beneficial to give outlets for employees to provide open-ended replies that properly reflect their impressions of the company, such as focus groups hosted by third parties.
Throughout the Organization, Instilling Culture and Principles
While executive leadership may work hard to build a culture of ethics at headquarters, when one goes out from the central office, something often gets lost in translation. This is why, especially in large enterprises with remote outposts, culture must be actively and continuously monitored. Values must be expressed clearly and consistently, with ethics and integrity at their core. So that it becomes incorporated in how work is done, messaging must be explicit and repeated.
When crossing borders, communicating culture might be very difficult. It is critical that everyone understands the enterprise’s expected behaviors as well as the principles that will be used to make choices. Values must be expressed in a way that transcends national boundaries; for example, the principles of honesty and integrity are internationally recognized. Nonetheless, it’s critical to acknowledge that cultural differences will affect how communications are received and understood, and that adjustments to training, employee onboarding, and performance assessments may be necessary.
Mergers and Acquisitions: Extending Cultural Values
One of the most significant stumbling blocks in integrating a merged or acquired corporation is cultural fit; in fact, cultural fit is one of the primary reasons such deals fail, despite the potential commercial benefits. This is why, as part of the due diligence process, executives may wish to undertake a cultural “audit.” This could be a red flag if the intended acquisition differs dramatically from the buyer’s expectations. A well-thought-out integration strategy will guarantee that both parties are aware of and reinforce desired ideals. Management must greet new staff with open arms from the beginning. Leaders must also convey how the organization wants them to act and how they should expect to be treated in return.
Dealing with the Skeptics
The malcontents will do more damage to culture than anything else. People who get in the way of supporting the culture might create hurdles and undercut the enterprise’s efforts. They must be identified, counseled, and given the option to conform to accepted behavior or be removed from the organization. Compliance-focused training programs are one way to communicate values to people who may need more reinforcement. Performance reviews should thus be organized to incorporate not only an evaluation of an individual’s outcomes, but also how those results were attained. Some organizations even make adherence to values a part of the goal-setting process by tying certain cultural characteristics to objectives.
Defending Values is Exhausting
While continuous communication is necessary, organizations should avoid repeating the same message. Because messages can get stale, employees may disregard fundamental ideals and principles. To stay fresh, communicating values is similar to running a marketing campaign: it must attract people’s attention and use a variety of material, forms, and communication channels. The power of storytelling is one approach to reach this degree of interest. Not only can stories make values tangible, but they can also connect people to those values in ways that other types of communication cannot.
Values are the Foundations of Civilization
Companies with a strong sense of shared values are more likely to succeed. Building an integrity culture not only protects them against danger, but it also leads to employee engagement and strong stakeholder loyalty. In the long run, a strong culture of integrity serves as the foundation for an effective compliance program, which can provide a competitive edge and serve as a significant organizational asset when properly established.
Culture and Values Reinforcement
• Establish listening posts: Conduct cultural assessments to understand how individuals behave and think.
• Maintain a positive attitude in the middle: The ability of middle management to transform top-down tone into policies and practices that influence everyday behavior is critical.
• Maintain interest: Find fresh and creative ways to convey and reward cultural values-based behavior. Encourage people to relate stories about their ideals.
• Be honest: Reward positive behaviour and punish negative ones. Play no favorites.
• Scream it from the mountaintops: Leaders frequently fail to express their values and expectations. More is preferable in this scenario.
Course Manual 2: Incentives & Rewards
Whatever “flavor” of compliance incentives you provide, they must be evaluated on a regular basis.
“The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through … appropriate incentives to perform in accordance with the compliance and ethics program….” the Sentencing Guidelines state. Discipline for infractions is, of course, a type of (dis)motivation, but the clause in question is a positive incentive. This is one of the aspects of compliance programs that many firms struggle with in terms of developing successful methods, which can make program evaluation difficult.
There are two types of compliance incentives: tangible and intangible. Both should be examined during a C&E program evaluation.
Inclusion of C&E criteria in performance evaluations and related measurements is the most prevalent tangible C&E incentive. What should program assessors look for after answering the threshold issue of whether performance evaluations include the use of C&E criteria?
Assessors should first and foremost consider whether the value of the C&E component of personnel assessments is being reinforced by proper treatment of this topic in the code of conduct, training, and other communications, especially from senior managers.
Second, assessors should look to see if the evaluation materials account for different levels of C&E-related behavior (e.g., outstanding, strong, needs improvement), rather than relying solely on a binary determination, and if the company provides supervisors with enough guidance to conduct effective C&E-related assessments. Finally, an evaluation should analyze whether supervisory instructions and examples are suited to different levels of the corporate hierarchy (e.g., what is outstanding for a leader, a manager, other).
In the context of performance review, adding incentives in employee and/or business unit performance goals can provide a tailored approach to rewards. For example, in a business unit that has struggled to complete third-party provider due diligence, the completion of such due diligence can be included in the business unit leader’s annual plan. Training completions could be treated similarly.
It’s unusual to see substantial bonuses for ethical behavior. (We know of only one company that has given out many $10,000 rewards of this nature.) Such an approach “wouldn’t fit with our culture,” one frequently hears. Still, in a money-driven society, such as that found in the financial services industry, ethical bonuses would be not only appropriate, but also beneficial.
Intangible incentives, such as recognition programs, might be beneficial as well. In this case, program evaluators should look for the following:
In the case of prizes, use the nomination process to educate employees about the C&E program. Companies should launch a campaign to support the endeavor, with as much senior management participation as possible.
Training supervisors to recognize and (when appropriate) reward people in the work group for ethically outstanding behavior is a more common type of acknowledgment. Based on our assessment experience, we feel that intangible incentives are generally more effective than tangible rewards in inspiring desired behavior.
A completely different focus for evaluating incentives is the extent to which a company’s remuneration structure promotes noncompliance (probably unintentionally). The question is not whether an incentive structure raises a risk of wrongdoing (as we believe). That could be said of almost any performance-based remuneration scheme. Rather, a program evaluator should consider whether an incentive structure provides an excessive risk of misconduct.
It’s worth noting that this is essentially a subjective decision, and there’s no universally agreed definition of “undue” that can be applied here. Indeed, determining whether compensation poses unreasonable risks in any given situation is dependent on a number of factors other than the remuneration itself, particularly cultural considerations. However, in our experience, the undue risk formulation works well enough in assessment interviews, with the conversation typically centered on whether a) the performance targets on which compensation decisions are partly based are realistic or can only be met by some employees through illegitimate means, and b) the consequences of failing to meet the targets are overly harsh.
When defining targets, it’s also crucial to examine how much senior leaders, HR, and others address the risks posed by remuneration. Is there any attempt being made to determine the level of pressure posed by various employee objectives and goals, as well as the extent to which performance goals provide a risk of noncompliance? Finally, assessors should investigate if the C&E function can provide guidance on the C&E consequences of performance targets and pay plans, as well as weigh in on the subject.
5 Things To Think About When Using Compliance Incentives
If a company is having trouble maintaining compliance requirements, the question of whether or not to offer incentives to drive behavior change will undoubtedly arise. If email reminders, bulletins, refresher trainings, and town hall meetings aren’t working, it might be time to try a carrot at the end of the stick:
1. Philosophical Opposition
This conversation will be non-starter for certain members of your leadership team because, in their opinion, you should never compensate people for completing the job they were hired to do (unless their position includes an incentive package). They will argue that if following industry regulations is an operational need, employees should be penalised for failing to satisfy it, not the other way around.
2. Comparative Evaluation
The issue of what gets measured and rewarded, like with any incentive scheme, must be examined. Should the minimum criteria that your organization fails to fulfill be the baseline or the target? What do you award individuals who go above and beyond the aim if they become the target? Should there be any other incentives besides a warm handshake?
3. How Far Does It Go?
Once compliance incentives are in place, the next natural question is, “Where do you proceed from here?” Do you keep the incentives in place if the compliance situation improves, or do you cancel the program? Should you, for example, make the incentive model available to your janitorial staff or equipment maintenance crews? Employee expectations in other areas must also be anticipated and controlled once the model has received formal approval.
4. Inappropriate Application
If you have a difficulty with fast and correct reporting of work injuries as part of your compliance procedure, adding incentives could encourage inappropriate use. This has already been raised by the Occupational Safety and Health Administration (OSHA). If your organization, for example, fails to accurately report injuries and you give an incentive to correct the problem, one method to earn the reward is to not disclose injuries at all.
5. Being Realistic
While philosophical disputes may rage in the boardroom, the extent to which your company fails to meet compliance rules may be the determining factor. Perhaps if the incentive scheme succeeds in improving the situation, that should suffice as proof? One of the most difficult aspects of leadership is achieving long-term behavior change, especially when dealing with potential sanctions for noncompliance, pragmatism may take precedence over philosophy.
All Incentive/Reward Systems Should Incorporate Compliance And Ethics.
It’s easy to get caught up in the nuances and precise terminology of the Sentencing Guidelines when thinking about compliance and ethical programs, and lose sight of the overall goal. The purpose of these applications is to prevent and detect violations. Understanding the power of reward and incentive systems is critical for preventing wrongdoing. People do what is rewarded, and they usually take the shortest route to the reward. It’s also reasonable to believe that the more powerful the incentive, the more likely it is to influence behavior. If huge prizes and recognition are promised to those who achieve X, many people are inclined to want to achieve this goal. They will also look for the quickest, most direct way to the goal, based on previous experience.
This insight leads to the realization that incentive structures that are mismatched can encourage unethical or criminal behavior. For example, a corporation should reward sales because sales are critical to the company’s growth. Will employees be drawn in a potentially harmful direction if the goals are set too high, the rewards are tremendous, and fulfilling the goals becomes the organization’s exclusive focus to the exclusion of all other considerations?
Case Study
This Behavior Is Illustrated By The Sears Brake Repair Anecdote.
According to reports, Sears chose to boost sales in its auto service centers by offering incentives to employees. The ability to produce outcomes, such as new brake system sales, was related to a large amount of the employees’ income. Those who designed this approach apparently did not consider how it would operate in practice in a situation where the store employee has all of the information and the consumer must trust that employee’s honesty. According to enforcement officials, this incentive structure led to a pattern of fraud by Sears vehicle repair operations, as well as a major damage to the company’s reputation.
Consider the implications of senior executive salary shifting to stock options. Senior executives with “in the money” options stood to make millions in personal gains. However, the pricing mechanisms for these options were frequently controlled by the same individuals. As a result, there have been several charges involving top executives at big corporations, as well as inappropriate pricing and reporting of options for these executives.
The necessity of setting realistic goals and suitable rewards is one lesson learned from these examples. Employees may be pushed in questionable ways if there is too much at stake. On the other hand, concluding that powerful incentives are corrupt or even undesirable is not essential. The point is that corporations must design these incentives with caution. This leads to a simple proposition: the more powerful the incentives, the more powerful the checks and controls must be. Offering substantial prizes for results is fine, but it must be accompanied by adequate controls.
Course Manual 3: Enforcement & Discipline
Incentives, Enforcement, And Discipline
Transparency, communication, and enforcement of disciplinary procedures are important aspects of Compliance Programs that are frequently disregarded. Discipline rules that describe the repercussions of violating the organization’s standards of conduct, regulations, and procedures are part of an effective compliance program. Noncompliance leads to penalties for the transgressors. Verbal warnings, suspension, termination, and even financial penalties are all possible consequences.
Incentives, such as bonuses or promotions, should also line with the organization’s ethical and correct behavior messaging. Incentives should be used to encourage and improve the quality of care provided, not to undermine the code of ethics.
Enforcement
The organization must create and communicate the norms of conduct, regulations, and processes in order to administer punishment for “acts of noncompliance.” Written standards of conduct should detail the procedures for dealing with disciplinary issues as well as who will be responsible for taking action. The legislation, facility policies, facility procedures, code of conduct, and compliance program standards must all be followed by employees. All employees have a responsibility to report any suspected infractions.
A number of people are involved in disciplinary actions (managers, administrators, governmental agencies). Employees should be informed that disciplinary action is administered in a fair and equitable manner. Managers and supervisors must reprimand employees in a consistent and suitable manner. The spectrum of disciplinary criteria for improper conduct must be published and disseminated, as well as employees must be educated on these norms. In order for the disciplinary policy to have the desired deterrent impact, the consequences of noncompliance should be regularly administered and enforced.
“Managers and supervisors should be disciplined if they fail to adequately train their subordinates or fail to detect noncompliance with applicable policies and legal requirements, when reasonable diligence would have revealed any problems or violations sooner and allowed the nursing facility to correct them. Supervisors who have showed leadership in advancing the company’s code of conduct and compliance objectives, on the other hand, should be recognized.”
Discipline
When disobedience is proven through an investigation, disciplinary action is taken. The seriousness of the disobedience must be reflected in the disciplinary action (which may include immediate termination). Discipline must be consistent:
• at all levels of the company
• within the disciplinary rules and procedures
• within the documentation of specific events
• within the job description and performance objective, as specified under enforcement.
All disciplinary proceedings must be taken in a timely manner, documented, and coordinated with Human Resources before being submitted to the regulating body.
Incentives
“The business’s compliance and ethics program shall be promoted and implemented consistently throughout the organization through appropriate incentives to perform in accordance with the compliance and ethics program,” according to the Federal Sentencing Guidelines.
Simply put, the management performance system should not send conflicting messages to employees about “what is expected” and “how the employee is compensated,” as this indicates a lack of internal controls. Promotions, bonuses, and assignments must adhere to the company’s code of conduct, policies, and processes, as well as job descriptions. When an examination is conducted, misalignment in this region is easily discovered and results in unfavorable repercussions. Organizations frequently seek advice from outside experts to determine whether the existing performance system is in line with compliance requirements.
Compliance As A Discipline And A Function
Compliance formalizes and professionalizes the laws, regulations, and ethical and integrity issues that exist in everyday life. It can be highly strict, as in constructing a framework to assure compliance with external legal and supervisory requirements, as well as internal policies and processes, to form a rules-based risk management approach. It can also be esoteric, examining the tension between universal norms and current regulations, as well as what is morally acceptable and within individual expectations.
Grasp the difference between compliance’s function and its discipline can help you acquire a more developed understanding of its uses in both modes. Compliance as a function develops frameworks, interprets rules and directives into internal policies and procedures, establishes program priorities, and develops management strategies. All of these efforts to assure awareness of, and procedures to comply with, all relevant rules and regulations are applied directly to the business in compliance as a discipline, with the goal of easing ethical decision-making, supporting integrity, and positively effecting business strategy.
The general task of staying up to date on rules and regulations, as well as designing governance, risk, and compliance (GRC) management strategies and structures to present to senior management, executive boards, and external stakeholders such as regulators and other supervisory bodies, is referred to as compliance. This includes regulatory compliance, which ensures that businesses adhere to both industry and government rules. This includes creating disincentives and sanctions for wrongdoing, as well as designing governance and control structures to encourage employee and organizational integrity.
The discipline of compliance, on the other hand, describes the compliance professional’s dynamic and business-related support actions within the larger context of the organization. Disciplinary compliance applies the principles and frameworks discussed above to the corporate world. Between the compliance officer and the business line he or she serves, this is where the rubber meets the road. In this context, compliance is a relationship-based activity that involves giving advice, cooperating and aligning with other stakeholders and functional partners, suggesting defense strategies in light of real-time business risks and strategies, and maintaining an ongoing bird’s eye view of the business landscape, all of which can only be accomplished through proactive, personal engagement.
The compliance function and normative ethics on the one hand, and the compliance discipline and applied ethics on the other, could be compared using the aforementioned definitions and borrowing from the philosophy of ethics.
Because of the emphasis on external or supervisory expectations and standards, the compliance function is linked to normative ethics, in which moral behavior is compared to the norms of the social context in which the actions are taken. Normative ethics can help you identify and categorize compliance issues, as well as recommend mitigations and methods for those that can’t be eradicated or are only acceptable to a certain extent. The question of what individuals should or should not do is answered by relevant laws, regulations, principles, norms, standards, and codes of conduct, as well as other guidelines applicable to these individuals and the organizations in which they operate, under the compliance function.
Meanwhile, the compliance discipline can be conveniently linked to practical ethics, which focuses on using ethical theory to understand and address genuine moral concerns that arise in business and life. The didactic constructs of applied ethics are used in dilemma analysis and debate, as well as compliance awareness dialogs. The compliance discipline and applied ethics are both used to take these frameworks from strict requirements to living, practical considerations within the robust culture of compliance at the organization, building on the structures and foundations that come from the compliance function and the philosophy of normative ethics.
Inconsistent Discipline and Compliance
Consistently instilling discipline is a constant issue. Taking disciplinary action against low-level or low-performing employees? Easy. Is it possible to do the same for star performers? Torture.
Why? Because erratic discipline reeks of unfair status. The corporation has two sets of rules: one that applies to everyone and another that only applies to a chosen few. When the majority of the organization believes they shouldn’t, those privileged few get preferential treatment, which drives employees insane. That’s what wreaks havoc on corporate culture and makes your compliance program a laughingstock.
Technical issues can be fixed. In high-risk markets, you can buy new due diligence software or adjust accounting standards for payments to resellers. You may construct interactive Codes of Conduct or more memorable training courses. These are problem-specific issues with readily available remedies, even if they are difficult to apply.
Inconsistent discipline is a more subtle threat since it’s a decision that executives must make — that is, someone must pass judgment on the offender. Although disciplinary procedures may outline what the company should do, an executive must nonetheless sign off on the implementation.
Poor Culture and Discipline
When you start implementing discipline inconsistently, you’re sending a message to everyone in the organization that privilege exists: that two people can commit the same offense, but one will be treated better than the other. It’s a statement that a single person’s contribution to the organization is more significant than ethical norms like fairness, justice, and responsibility.
If that concept takes hold in your company, all bets are off.
We’ve all seen and experienced this. Humans have a natural sense of fairness, and as any parent with two or more children knows, we are exceptionally tuned to see instances of injustice.
Inconsistent discipline corrodes company culture in this way. We detest it when we witness people getting preferential treatment they don’t deserve. This is something that any parent with two or more children understands.
You can muddle up any number of specific elements of a corporate compliance program, or you can limp along with those that are grossly inadequate for the risks you face. That isn’t ideal, but if a corporation can show dedication and a plan to improve those areas, regulators will take that into account.
If, on the other hand, your company bends the mission statement’s ethical standards at will, depending on who’s in the crosshairs and how valuable he or she is to the company, that’s terrible culture and bad values. And regardless of what else your compliance program has to offer, this is a systemic issue.
Next time the executive suite tries to go it easy on a top performer who merits harsh treatment, consider this.
Course Manual 4: Accountability
Accountability is essential in a compliance program. You can have ethics and compliance standards, procedures, and all the bells and whistles in the world, but someone has to be held accountable. A compliance program without it will simply float about, waiting for the next disaster to strike.
It’s difficult to witness an ethics and compliance program go awry. It’s tough to comprehend how an organization, its leaders, and a group of individuals can sit around and chat about what needs to be done, but then accomplish nothing because no one is making decisions, and, more significantly, no one is held accountable.
The contrast to this picture might be striking: an ethics and compliance program managed by one person or a committee of people. The board and the CEO have given the person and/or committee the task of “getting the job done.” That is when things happen, improvements are made, and ethics and compliance activities are increased, all to the company’s benefit.
Is it the board of directors or the CEO who sends out the message of accountability? They are basically throwing up their hands and letting the winds dictate business operations if they have no expectation of accountability from senior management.
In this climate, a Chief Compliance Officer will be disappointed. The CCO’s authority is proportional to his or her expectations and accountability. Accountability implies that the corporate organization must give the necessary resources and support to complete the task. Accountability gives the CCO credibility and allows him or her to request resources and assistance.
A CCO wants to be held accountable at all times. A business that refuses to make decisions, hold people accountable, and support their efforts will collapse.
Accountability is important for everyone, not just senior executives. It is a significant value that pervades the company’s culture. Employees who are held accountable are responsible for performing their duties efficiently and in accordance with management standards. Employees want to know what is expected of them so that they may feel certain that they have accomplished particular goals and objectives. It is a fundamental human desire and need.
In order to incentivize people and improve productivity, a firm must provide incentives and prizes. Holding everyone to the acceptable standard of performance is a crucial value that pervades an organization.
If an ethical and compliance program lacks accountability, you can bet that many other company operations are missing out on the same crucial criterion. A company’s commitment to responsibility must be demonstrated in a variety of circumstances – ethics and compliance are simple functions to apply accountability to, and such a standard should apply not only to the CCO but also to top executives, managers, and employees.
Your code of conduct, which should be reinforced through an annual evaluation that includes an ethical and compliance component, is the greatest approach to express this expectation. Everyone in a company should be held accountable for their ethical and compliance behavior. Using the same criteria to evaluate everyone helps to promote ethics, compliance, and organizational accountability.
Organizations Still Struggle With Accountability
93 percent of employees, according to author and transformational leader Anne Loehr, don’t even grasp what their company is trying to accomplish so they can align themselves with it. Furthermore, 85% of executives do not specify what their employees should be focusing on. And 84 percent say they’re “trying but failing” or “avoiding” accountability, even when they know what needs to be fixed.
The Importance of Individual Accountability
Those are alarming statistics for any leader to see. After all, accountability is critical to the success of your business.
1. Accountability Improves The Culture Of Your Firm
“A lack of accountability may have a snowball effect throughout the team,” said John Wright, director and vice president of marketing at MCGB Properties Ltd. “When an organization’s culture is embedded in honesty and integrity it enables people to acknowledge mistakes without fear of blame and to work with the team to reflect, learn and move forward positively” says author Pete Lowe.
It’s true: A healthy and happy work culture is created when everyone from the top down keeps their promises, doesn’t blame others for mistakes, and helps others achieve their goals. As a result, trust is built and productivity is increased.
How are you going to do it? You can entrench accountability by making it everyone’s responsibility, according to Wright. Before moving forward, set relevant goals and gain team buy-in. Build trust by supporting and encouraging your coworkers and demonstrating the conduct you wish to see. Individual team members will be empowered, and the team will be able to celebrate victories together.
2. It Boosts The Individual Performance Of Your Personnel
Getting the most out of your team is one of the most critical goals you should set as a business owner. What does this mean in terms of accountability?
For starters, accountability encourages participation and ownership because everyone understands their roles and duties. This not only teaches your employees to value and be proud of their job, but it also shows how it fits into the larger picture. It demonstrates that you trust them enough to allow them to operate in their preferred manner. Furthermore, because your team understands exactly what to do on a daily basis, time is saved on determining what to work on and in what order.
When you add it all up, you’ve got a more engaged, motivated, and productive team that’s producing higher-quality work. The best part is that you have a high-performing team that holds itself accountable without your help — when people are confronted with standards and adopt them for themselves, there’s little need for outside intervention. They want to be proud of themselves.
3. Accountability Leads To Greater Compliance Adherence
When it comes to employees following established and new company principles, laws, regulations, and standards, accountability is critical. People who understand the ramifications of failing to follow precise criteria are more inclined to do so, and entire teams that feel the need to meet those standards will work together to achieve them.
When individuals of an organization are held accountable for their conduct, it fosters a better, happier, and safer working environment in which everyone can concentrate on their work rather than dealing with inappropriate actions or behavior by coworkers. This may also limit the number of potential lawsuits or fines that your business may face.
4. Accountability Is Beneficial To Your Business
Finally, accountability can help you increase your profits. You and your team may dedicate more focus to the tasks that propel your business forward when you and your team aren’t wasting time identifying the sources of problems and making judgments. Furthermore, everyone is motivated to achieve their goals and improve their performance since they know they can’t rest on their laurels.
You’ll also outperform your competitors because they’re engaged – Gallup discovered that highly engaged workforces outperform competitors and generate 21% more profit. Adding a healthy level of accountability, as business consultant Jason Blumer puts it, can keep “the ideas flowing and the execution happening.” That is the easiest and most efficient method of expanding your business.
Although accountability is critical, thinking about it can be intimidating. The first step, though, is to establish what accountability means to you and your business. What will happen if no one is held accountable? Where do people require flexibility in order to be inventive and creative? Then, for everyone to follow, provide clear goals, expectations, and rules.
Most importantly, give your staff control. Allow them to figure out how to solve difficulties and work in their own way. You must, of course, establish parameters for them, such as deadlines and expectations. But giving employees ownership won’t just make them more responsible; it’ll also make them happier and more productive, saving you time and money while improving your cash flow. When — not if — they make a mistake, they will learn from it and improve.
Good habits are difficult to maintain, but if you avoid accountability, everything else becomes much more difficult. Make an investment in holding yourself and your teammates accountable for your actions. Your business, as well as your relationships, will profit.
Course Manual 5: Risk Assessment
Organizations are more exposed to compliance risk than ever before as global regulations multiply and become more complicated, and stakeholder expectations rise. The requirement for a broader picture of compliance risk has grown as a result of global regulatory convergence and business expansion into new or adjacent industries.
The harm to an organization’s financial, organizational, or reputational status created by violations of laws, regulations, codes of conduct, or organizational standards of practice is known as compliance risk. Many firms may need to update their risk assessment process to properly embrace compliance risk exposure in order to understand their risk exposure. Despite this, according to a Deloitte13 and Compliance Week poll, 14 percent of businesses do not complete an annual compliance risk assessment.
Many compliance professionals will agree that every day brings new compliance and reputational threats. Simultaneously, the recent global recession drove many business functions to scrutinize their budgets and resources more seriously. These forces have combined to create a conflict between increasing regulatory requirements and the temptation to achieve more with less. Compliance experts must ensure they understand the complete range of compliance risks lurking in each aspect of the organization to assist resolve this scenario and continue to offer value to their organizations. They must then determine which risks are more likely to cause legal, financial, operational, or reputational harm, and devote limited resources to minimize those risks.
What Distinguishes A Compliance Risk Assessment From Other Types Of Risk Assessments?
Organizations perform risk assessments to identify several types of risk. They may, for example, undertake enterprise risk assessments to identify the organization’s strategic, operational, financial, and compliance concerns. The majority of the time, the enterprise risk assessment process is focused on identifying “bet the business” risks—those that could jeopardize the organization’s ability to meet its strategic goals. Internal audit risk assessments are also performed by most organizations to aid in the formulation of an internal audit plan. Financial statement risks, as well as other operational and compliance risks, are likely to be considered in a standard internal audit risk assessment.
While both of these risk assessments are meant to detect substantial compliance-related risks, neither is designed to identify legal or regulatory compliance issues specifically (see illustrative table). While compliance risk assessments should undoubtedly be linked to business or internal audit risk processes, they often necessitate a more specialized approach. That isn’t to imply they can’t be done at the same time or that they should be done separately—most firms may combine the activities that support multiple risk assessments, perhaps after an initial compliance risk identification and assessment process.
Recognizing Your Main Compliance Threats
The compliance risk assessment can assist the company in determining the complete scope of its risk exposure, including the likelihood of a risk event occurring, the reasons for its occurrence, and the severity of its impact. An effective compliance risk assessment also aids organizations in prioritizing risks, mapping these risks to the appropriate risk owners, and allocating resources to risk mitigation effectively.
Creating An Approach And Framework
Because the range of potential compliance risks confronting a business is usually quite large, any thorough assessment should include both a framework and a methodology. The approach considers both objective and subjective techniques to analyze those risks, while the framework lays out the organization’s compliance risk landscape and divides it into risk domains.
The framework must be comprehensive, dynamic, and configurable, allowing the company to identify and assess the different types of compliance risk it may face. Some compliance risks are unique to a particular business or organization, such as worker safety requirements for factories or rules governing the behavior of pharmaceutical sales reps. Conflicts of interest, harassment, privacy, and document retention are examples of compliance hazards that cut across businesses and locations.
A good framework will also identify and arrange the components of a good risk mitigation approach that can be used for each compliance risk domain.
Conducting The Risk Assessment And Applying The Approach
The organization will gain a better understanding of its inherent risk exposure by using an objective methodology to assess the possibility and potential impact of each risk. The risk that occurs in the absence of any controls or mitigation techniques is referred to as “inherent risk.” Gaining a rudimentary grasp of inherent risk aids the company in developing an early picture of its risk mitigation approach. When companies identify inherent risk, they should think about key risk drivers, which can be divided into four categories:
• Regulatory or legal action taken against the company or its employees, which could result in fines, penalties, incarceration, product seizures, or debarment.
• Financial impact: Negative effects on the organization’s bottom line, share price, future earnings potential, or investor confidence.
• Business impact: Adverse occurrences that could considerably affect the organization’s ability to operate, such as embargoes or plant shutdowns.
• Reputational impact: Harm to an organization’s or brand’s reputation or brand, such as negative press or social media debate, loss of client trust, or low employee morale.
For each category, it’s critical to include both quantitative and qualitative data. However, like with any risk evaluations, exact quantification may be difficult to come by. When it comes to risks that have a direct financial impact, an actual monetary value can be calculated. Another technique to assess risk is to use a criticality scale, which reflects the severity of the consequences if noncompliance occurs. The magnitude of the impact can be expressed in qualitative terms. For example, a low reputational impact could be minimal to no press coverage, whereas a large impact could be widespread negative publicity in the national media.
Calculating Residual Risk
While it is impossible to eliminate all risk exposure in an organization, the risk framework and methodology can assist the business prioritize the risks it wants to actively manage. The development of a framework and methodology aids companies in determining the extent to which existing risk-mitigation measures (such as testing and monitoring or employee training programs) may minimize risk. Effective risk mitigation activities can minimize the possibility of a risk event occurring as well as the severity of the possible impact on the company.
The degree of risk that occurs when an organization analyses inherent risk in light of its existing control environment and activities is known as “residual risk.” If present risk mitigation tactics aren’t cutting it when it comes to lowering residual risk to an acceptable level, more action is needed.
What Distinguishes A World-Class Compliance Risk Assessment?
While each compliance risk assessment is unique, the most effective ones share a few characteristics. Consider the following best practices while creating a world-class assessment:
Obtain feedback from a multi-functional team: Deep subject matter specialists from the compliance department and across the company are required to participate in a compliance risk assessment. People who live and breathe the business—those in specific functions, business units, and geographies—are the only ones who fully understand the risks to which the company is exposed, and they will assist guarantee that all major risks are recognized and assessed. Furthermore, if the approach is developed in a vacuum without involving the risk owners, the process’ output will be untrustworthy when it comes to implementing mitigation strategies.
• Leverage current material: Rather than beginning from scratch, look for methods to include compliance risk content into existing material, such as enterprise risk assessments, internal audit reports, and quality reviews. Make sure organizations you want to engage understand the differences between compliance risk assessments and other evaluations. Clearly, each risk assessment procedure’ output should inform and link with the others.
• Assign clear risk ownership to specific risks and work to improve transparency: A comprehensive compliance risk assessment will assist executives in identifying who is accountable for managing each type of risk, as well as risk mitigation initiatives, remedial efforts, and developing risk exposures.
• Make the evaluation actionable: The assessment prioritizes risks and suggests ways to minimize or remediate them. Actions for environmental remediation should be generally recognized and feasible across boundaries. Make sure the risk assessment’s findings can be used in operational planning to allocate resources, as well as a starting point for testing and monitoring programs.
• Solicit external input where necessary: A risk assessment, by definition, relies on knowledge of new threats and regulatory behavior, both of which are not necessarily well known within the business. Bringing in outside help can help to educate the evaluation and ensure that it includes a thorough awareness of any impending compliance issues.
• Treat the assessment as a live, breathing document: As resources are allocated to minimize or remediate compliance issues, the severity of those risks may vary. The same can be said for business-related events. All of these should cause the assessment to shift.
• Write in plain English for a general corporate audience: The assessment must be obvious, understandable, and actionable. Avoid absolutes and legal analysis that is overly complicated.
• Repeat the risk assessment on a regular basis: Effective compliance risk assessments try to maintain a consistent strategy that is implemented throughout time, such as every one or two years. Risk intelligence, on the other hand, necessitates constant analysis and environment scanning in order to detect new dangers or early warning indications.
• Use data: Organizations can acquire a better knowledge of existing and new risks by incorporating and analyzing key data (e.g., hotline statistics, transactional records, audit findings, compliance exception reports, and so on). Many businesses are exploring technological investments, such as analytical and brand monitoring tools, to assist them harness and analyze data in order to improve their risk-awareness. Organizations are also contemplating data investments, such as monitoring conventional media/negative mentions, social media data, surveys, and other data sources.
Examine for Success
The ever-changing regulatory environment makes most firms more vulnerable to compliance risk. This is especially true for companies that operate on a worldwide basis. Organizations must do extensive evaluations of their compliance risk exposure due to the complexity of the risk environment and the penalties for non-compliance. A complete framework and methods for analyzing and prioritizing risk are included in a solid ethics and compliance risk assessment. Organizations will be able to design effective mitigation measures and lower the likelihood of a major noncompliance event or ethics failure using this knowledge, setting themselves apart from their competitors in the marketplace.
Course Manual 6: Compliance Officers
Enterprise ethics and compliance executives are a young but rapidly maturing profession, having emerged in the late 1980s as a result of several government initiatives and high-level commissions recommending that specific senior-level personnel be in charge of overseeing an organization’s ethics and compliance program. In the early 2000s, a slew of new rules and best practice guides backed up these ideas.
In practice, these professionals’ job responsibilities and titles range from chief compliance officer (with or without ethics obligations) to chief ethics officer (with or without compliance responsibilities), with a variety of models in between. Regardless of these organizational design elements, employees who lead efforts to defend the company from ethics and compliance concerns have a distinct function and specific value inside the company. Regardless of their title, the ideas outlined here apply to all leaders.
Chief compliance officers currently work in a fast-paced legal, regulatory, social, and economic environment that is filled with complicated and sometimes contradictory rules and regulations. Regulatory demands have risen globally, not just in the United States, putting significant pressure on businesses, especially those with foreign operations. CCOs are responsible for developing programs that help assure compliance with all of these legislation and recommendations.
However, this is only one aspect of their duties. CCOs must also respond to a slew of new threats that are rapidly emerging. For example, in the fight against bribery and corruption, law enforcement agencies have attained unparalleled levels of cross-border collaboration. Money laundering is no longer just a problem for financial institutions; it affects businesses of all kinds. Organizations must increase their efforts to ensure compliance with internal policies meant to combat cyber risk and digital crime, which pose tremendous challenges to enterprises worldwide. Furthermore, a greater emphasis on transparency has revealed many previously concealed conflicts of interest.
As a result of these developments, the CCO profession has begun to shift in subtle but major ways, indicating that enterprises are recognizing the importance of CCOs. In short, these critical corporate leaders are in charge of not only ensuring compliance, but also defending an organization’s most valuable asset: its reputation.
A Profession In Transition: Where Are We Going?
While the CCO function has remained static in certain firms, it has evolved into one that is both strategic and value-adding in others. Companies with world-class ethical and compliance procedures have a world-class CCO in control. These individuals have contributed to the advancement of the profession. Many people aspire to this level, and it also indicates where the career is headed. The following are some examples of how the role has changed over the previous decade in different organizations.
From Risk Manager To Compliance Gatekeeper
CCOs are playing a far more strategic role in helping firms manage compliance and reputational risk as the risk environment continues to alter and ethics and compliance operations become more incorporated into the fabric of organizations. Risk management used to be the responsibility of other departments within the company, while the CCO’s main focus was on routine compliance risk management. Many firms have recently realized, however, that the risks that CCOs mitigate—particularly reputational risk—are crucial. As a result, a crucial component of the CCO’s responsibility is to assess and raise awareness of risks that could jeopardize the organization’s integrity. Today’s CCOs must not only be aware of the whole range of reputational threats, but also have a sense of what could go wrong and how their companies can prepare.
From Senior-Level Advisor To Legal Program Manager
Many of the original CCOs had legal credentials, as many of the CCO jobs arose in reaction to enforcement actions, and many of the more modern ethical and compliance functions grew from regulatory compliance departments. These compliance officers either worked in the Office of the General Counsel or reported to it (GC). This has obviously started to alter. Only 21% of CCOs indicated they reported to the GC, while 36% said they went directly to the CEO, according to a recent survey done by Deloitte and Compliance Week15. Furthermore, another 21% reported to the board of directors. From a governance standpoint, there is regulatory pressure for CCOs to move out from under the legal department, particularly in industries like financial services and health care: for money center banks, CCOs should report to the chief risk officer; in health care, the Department of Health and Human Services prefers to see an independent CCO who is not subordinate in any way to the GC. The worry, at least in part, is that the GC’s fiduciary commitment is to its client, the corporation, whereas the obligation of an independent CCO may be different.
The shifting background of those who enter the field today reflects this compliance and legal reform. These CCOs are increasingly diverse in their backgrounds, including time in operations where they were responsible for profit and loss. Organizations are increasingly looking for dynamic CCOs who can think strategically, communicate and convince effectively, and collaborate across departments. Beyond the ability to create the essential compliance architecture, analyze risks across the organization, implement training and communication plans, evaluate data, and conduct sometimes-critical investigations, the most sought-after applicants for the CCO post have the following talents. Because a key part of their role is to clearly communicate the ethics and compliance program’s vision, mission, and strategy, these world-class leaders also have an aptitude for auditing and monitoring, the ability to influence organizational culture and behavior, and a solid grounding in public relations tactics.
CCOs must be active not only in day-to-day concerns, but also in the strategic decisions that the company faces. Some CCOs are ascending to higher ranks within their organizations, with seats on the executive committee and unfettered access to the board, as the role’s value and prominence grows. The new reporting structure for CCOs may convey a powerful message to all stakeholders, including employees and regulators, that the company is serious about ethics and compliance.
From Box-Ticking To Question-Asking
The CCO’s duty includes developing programs to ensure compliance with laws, regulations, and corporate policies. This necessitates devoting a significant amount of effort to the nuts and bolts, as well as ensuring that the appropriate resources, processes, and controls are in place. However, many people regard this as “Compliance 101.” Simply complying with the law may not be enough in today’s global market, as companies are under pressure to establish openness across their whole supply chain. To ensure appropriate prevention and detection of unlawful behavior, enforcement authorities require measures that go beyond what is legally required, such as instilling a culture of integrity. CCOs must be able to go into firms and ask the tough questions in order to identify areas where the company is susceptible or exposed.
From A Liability To A Resource
The CCO is considered as a business enabler rather than a source of overhead in firms with more established ethical and compliance procedures. These companies understand that the CCO’s efforts defend the company’s reputation, which is likely its most valuable asset. The market capitalisation of the company can be used to calculate the worth of a reputation. All it takes is a rumor or hint of wrongdoing, or a viral social media post, for investors to respond quickly and harshly. The benefit of retaining integrity is more than clear for organizations that have faced negative press.
From Living Apart To Forging Connections
Many organizations maintained their CCOs separate from the rest of the business when the CCO role was in its infancy, maybe to maintain structural and functional independence. As a result, many CCOs would issue mandates, directions, and rules without understanding or respect for the day-to-day business activities and challenges in the field, because they were based in the relative isolation of headquarters. Organizations eventually realized that this arrangement was contentious and counterproductive, as it limited the CCO’s ability to comprehend the organization’s business operations, the risks to which they were exposed, and the chances for greater compliance synergies and cost savings.
As CCOs came from behind their desks and began to embed with businesses, this began to alter. On the operational side, getting out and studying the business is very critical for gaining the trust of employees, especially when they are being asked to make changes to their work habits. The CCO of today is a leader who can form alliances, increase trust within the business and among all stakeholders, and work to increase brand and reputational value.
From “We Can’t,” To “We Can”
One common gripe and misconception regarding CCOs is that they are “police officers” or “gatekeepers,” whose primary responsibility is to point out behaviors that are prohibited by law or policy. In actuality, CCOs are increasingly seen as business partners, collaborators, strategists, and internal consultants in many firms. They bring value by sitting down with firms and devising strategies for achieving goals within the parameters of what is acceptable. Today’s CCOs are more concerned with beginning dialogues than with ending them. When they can collaborate with the business to develop a solution that benefits everyone, it can become a competitive differentiator for the entire company.
Visionary CCOs
What started out as simply an administrative position entailed inventorying and comprehending the specific regulations and legislation that applied to a company has evolved. Today’s CCOs are taking risk management to the next level, digesting and interpreting risk data, determining what it means, and converting those insights into a unified ethics and compliance program and framework. Furthermore, because of the unprecedented rate of change in the external environment, CCOs must always be on the lookout for new risks (such as technological risks, customer information risks, and emerging market risks) that are just over the horizon and may necessitate enhanced policies or heightened enforcement. Organizations need visionary CCOs who can look around corners and view the full risk picture to prepare for these new and emerging threats.
Course Manual 7: Policies & Procedures
Regulations are only the beginning of establishing successful policies and processes. To measure understanding, the proper quantity of collaboration, the right forms of distributive media, and the right procedures are required. All of these activities take a lot of time and effort, but automating them with software can help you save time and ensure that your policies and procedures are followed. Here are five measures to ensuring compliance, as well as software elements to look for when selecting the ideal solution.
1. Consult with divisional executives to ensure that the policies and procedures being developed are appropriate for each department.
2. Determine the optimal policy format for your various audiences.
3. Provide your personnel with easy access to policies and procedures.
4. Establish timelines for acknowledging each policy and process.
5. Figure out the best technique to assess your employees’ knowledge of policies and procedures.
1. Obtain Leadership Commitment
The first step in maintaining compliance is to involve the leaders of each department inside the company. Policies are frequently developed by someone within an organization who lacks a thorough understanding of the everyday tasks performed by each department. Involving others, even if only for a 30-minute interview, ensures that new policies: are not misunderstood; and use the correct vocabulary.
2. Determine The Optimal Policy Structure For Your Target Audience
Diverse departments have different personalities, routines, and day-to-day activities. Ensure that rules and procedures are delivered to your staff in vessels that they are familiar with to ensure compliance. Meeting with your divisional executives has the advantage of providing you with more information, such as how the policies will be received. Employees who do not have access to computers during the workday but do have a business smart phone are a better fit for a video presentation of their policies and procedures, according to various vessel needs.
3. Make Your Employees’ Policies And Procedures Easily Available
Do your staff know where to find their policies and procedures, or are they getting lost in a maze of folders on a shared drive with a naming convention that only code-breakers can decipher?
Not only should you spend time making sure that your policies and procedures are organized logically, but you should also make sure that any employee in any department, at any level of management, can access the policies that relate to them in three clicks. This will keep them from becoming discouraged and abandoning their compliance efforts.
4. Establish Timelines For Acknowledging Each Policy And Process
Setting acknowledgement deadlines entails more than just setting an Outlook Calendar reminder for the effective date.
Set up weekly meetings with all managers once the policies and procedures have been prepared and are available to ensure they have an effective plan in place to ensure their employees’ compliance understanding.
Send periodic email reminders to each employee if you send out surveys to ensure they have received the policies and procedures and are aware of the deadlines.
In case they have questions, include a phone number and an email address in their reminders.
Consider adopting a software solution for policies and processes to handle this process without slowing down your email servers. ConvergePoint, for example, is built within SharePoint, stays behind your firewall, and connects to your Active Directory, so you don’t have to worry about integrating an altogether new software into your organization.
5. Figure Out The Best Technique To Assess Comprehension
Each policy and procedure should be viewed as a unique entity. For some common rules, standardized oeI accept responses are acceptable, but guaranteeing procedure compliance should go a step further to ensure understanding.
Taking tests, arranging practice runs, or a mix of the two can drastically boost employee compliance with regulations and procedures, depending on the task or field.
5 Steps: Policy and Procedure Management Can Be Automated
Consult with divisional leaders to ensure that the policies and procedures are practical.
Look for a software that allows you to provide your employees personalized certifications. The ability to construct a personalized quiz offers you control over which content your employees recall.
Determine the optimal policy structure for your target audience.
For maximum efficiency, software tools that allow numerous formats to be uploaded, such as Microsoft Office Word and PowerPoint, mp3 and mp4 files, should be examined.
Make your employees’ policies and procedures easily available.
Make sure the program you’re using allows for folder and organization flexibility. Finding a program with permission controls will assist your end users in reducing clutter.
Set dates for acknowledging each policy and procedure.
A first priority should be to find a program that sends alerts to the appropriate persons. Task alerts, overdue reminders, and renewal notices are just a few examples of notifications.
Determine the best method for assessing your employees’ comprehension of policies and procedures.
This phase can be automated to improve efficiency. Programs that generate automatic notifications, give a central area for conversations, and enable workflows can help reduce time during policy drafting and auditing.
Policies and Compliance Documents to Consider
A Standards of Conduct or Code of Conduct should be the first document that companies create and share. Explicitly articulating the organization’s conduct and behavior expectations will give employees a clear image of how the company runs. The Code of Conduct must:
• State the organization’s goals, mission, and ethical requirements
• Express clear expectations for all members of the workforce, management, governing board, contractors, and other agents acting on behalf of the business
Policies and Procedures for Compliance Recommended Practices
Under the leadership of the Compliance Officer and/or the Compliance Committee, health care organizations should draft and evaluate all compliance-related policies and documents. The Compliance Officer should make these new or revised documents available to the workforce whenever the rules and procedures are finalized. In addition, if necessary, the Compliance Department should provide training or assistance to the workforce members affected by the policy area on the purpose and impact of the new or changed documents. The following are some more best practice guidelines for creating and maintaining compliance policies and procedures:
• Use policy templates to ensure that your organization’s materials have the same style and feel.
• Create documents that are simple to read and understand.
• Review policies on a regular basis, such as every one to three years, to verify that the material is current and in accordance with federal and state rules, laws, regulations, and recommendations, as well as internal practices.
• Establish a policy management procedure.
• During annual compliance program training, staff meetings, and/or ad hoc training sessions, educate the workforce on new and updated policy and compliance papers.
• Use signed attestations to prove that the employees received training.
• Ensure that all affected parties have simple access to policies.
• Use monitoring efforts to ensure policies are followed.
• Verify that policies are producing the expected results.
• Develop measures to demonstrate the policies’ success.
In Summary
Organizations must establish written advice on the policies, processes, and other compliance-related documentation that all workforce members are expected to follow in order for the compliance program to function properly. Organizations should provide this advice training upon hire and at least once a year to ensure that employees are aware of updated policies and procedures and will comply with them. Organizations with well-publicized compliance policies and procedures are more likely to have a successful Compliance Program.
Course Manual 8: Communication & Training
Compliance Communication Is The Key To Success
Whether your company is just getting started or is already in the process of establishing a compliance program, it is always necessary to implement an appropriate and consistent, target-oriented communication strategy to go along with your compliance measures that is consistent, regular, and starts from the beginning. The effectiveness of your compliance program depends on effective communication.
Get In Front Of The Right People
Employees, supervisors, vendors, and customers are among the people who will be affected by your compliance program. As a result, your communication strategies should be tailored to your target audiences to ensure that everyone is aware of and understands the importance of compliant behavior.
Creating an Effective Compliance Communication Plan
In compliance communication efforts, HR leaders are crucial. Every new employee must be schooled on the company’s policies, and existing employees must be kept up to date on those policies, but compliance communication isn’t as simple as sending a letter or creating an entertaining compliance training video.
Having robust policies in place is a fantastic start, but if staff aren’t aware of them, it’s pointless. Communication that is consistent and effective is critical. How can HR leaders take the lead in spreading this mindset throughout the company?
Get Rid of the CBT-Only Approach
The days of having everyone in your company watch a training video and then take an online test to ensure they understand your compliance program are long gone. This CBT method is inconsistent, and it sees compliance as something that may be forgotten once the test is over. There’s no replacement for intelligent compliance communication that develops a holistic culture and a constant compliance mentality.
Utilize A Variety Of Communication Channels
An HR leader’s communication approach for discussing compliance with a CFO or other C-suite executive is not appropriate for discussing the subject with an entry-level employee, for example. There is no one-size-fits-all solution: The message and channel should be carefully tailored to the target audience, and finding the correct combination of messages and channels for each of those audiences is critical. While a formal meeting to convey compliance processes may be appropriate for administrative offices, reaching production workers via a newsletter or bulletin board may be more effective.
Make a list of all possible communication channels and begin sending information to internal audiences who are interested. Kris Martino, a worldwide communications manager, says, “At our organization, communication is embedded at numerous levels, from top-level management to our line personnel.” Martino’s firm communicates with all of its compliance professionals via a worldwide compliance meeting, while line workers are reached via daily emails, posters, and the intranet.
Maintain Consistency and Availability
People are less likely to remember compliance information if they are overburdened by policies. Keep it simple and short: Break messages down into smaller chunks and send them out over time. Why not give your HR leader or CFO a monthly section to increase awareness instead of dedicating an entire edition of the company newsletter to compliance issues? You may use your company’s intranet page to promote compliance by creating a blog series or monthly films. Piggybacking compliance messages onto monthly all-hands gatherings or town halls is another good example.
The idea is to be consistent, and consistently accessible, in all your compliance-related messaging. In his blog post Rethinking Communications: 5 ways to boost the effectiveness of compliance communications, Joel Rogers, CEO of consultancy firm Compliance Wave, discusses the topic. “Look to offer short, non-intrusive interactions that can easily be incorporated into your employees’ workday and that appeal to all learning styles (e.g., visual, auditory, reader/writer, and kinesthetic learners).”
Work With Your CFO And Other Senior Executives
It’s probably better to use current resources rather than invest in new ones, and the ideal approach to piggyback off other company leaders is to take advantage of any natural chances that arise from speaking with them. Coordinate with that department’s communications personnel to distribute compliance notifications through that intranet page, for example, if one department maintains a webpage on the organization’s intranet. If a department has a monthly meeting, seek to be invited to provide compliance news.
Simultaneously, don’t be scared to go it alone to get your message out. Analyze existing communication structures and use them to push compliance communications to the widest potential audience. If it turns out that you need to hire outside resources, such as to hold a company-wide compliance conference, collaborate with the CFO on budgeting and cost-benefit analysis.
When meeting with other department heads, you should be prepared to present solid arguments for taking the lead. Begin by discussing how efficient compliance communications may save you money, not just by reducing regulatory penalties and protecting your company’s brand, but also by lowering training expenditures.
Furthermore, your compliance communication initiatives do not have to be costly, especially if you employ current communication channels. Because compliance is something that affects the entire firm, borrowing compliance resources from other departments is totally acceptable.
Setting up an effective compliance communications plan is a crucial part of every organization’s compliance strategy. The more frequently you bring compliance demands and obligations to employees’ attention, the more likely your entire staff will be on the same page.
What Is The Definition Of Compliance Training?
The process of ensuring staff comprehend the relevant laws, rules, and internal policies that govern your organization’s function is known as compliance training. It also ensures that they understand how and why they must follow them in their work.
Effective training leads employees through instances of how ethics and compliance apply to their jobs, and it can provide them with the information they need to deal with a variety of scenarios and difficulties.
Employees benefit from good compliance training. They understand their roles and responsibilities, and they can work efficiently with little supervision. They also know how to react and what to do in a new situation that puts their ethical training to the test.
Compliance Training Is Distinct From Other Types Of Company Training
General training, which often covers job functions and processes, is not the same as compliance training. These sorts of training could include learning how to use ERP software, filing reports, and requesting time off. Compliance training covers a wide range of topics and regulations.
The training can cover company and employment laws, as well as the consequences of breaking them. Financial disclosures, patient/client/member privacy, and even reporting requirements are examples of industry-specific legislation. It should also include your organization’s beliefs, principles, and operating philosophies, as well as legal and ethical considerations.
Mandatory and continuing compliance training should be implemented. Not only should every new employee receive compliance training, but it should also be an annual event for all employees. When done correctly, this provides the foundation for a good working culture in which you can discuss difficulties and prevent problems from arising.
Issues Of Compliance That Necessitate Training
The specific topics covered in compliance training will vary depending on the organization and industry. Training types may differ from job to job and department to department.
Some areas, such as healthcare and financial services, are more heavily regulated than others, such as Software as a Service (SaaS) firms. They’ll need extra training on HIPAA standards and the Sarbanes-Oxley Act, for example.
Organizations may cover the following subjects in compliance training:
• Federal and state legislation
• Company procedures and policies
• Code of conduct
• Data security and privacy (anti-money laundering, anti-bribery, etc.)
• Workplace discrimination
• Sexual harassment
• OSHA standards and workplace safety
• Workplace violence
• Risk management
• Workplace substance abuse
• Workplace violence
• Diversity and inclusion in the workplace
Compliance training may also differ by department. Those in the finance department, for example, may be required to undergo more thorough fraud prevention training than employees in the production department.
Compliance Training’s Advantages
Noncompliance has the potential to harm an organization. We may read story after story about businesses, government agencies, and high-ranking individuals breaking ethical and regulatory rules, which can result in large penalties, income losses, reputation harm, and even arrest and criminal prosecution.
It is insufficient to just provide employees a list of the rules they must follow. You can’t simply hand someone a binder on their first day of work, expect them to read it, and expect them to follow it for the next ten years.
Compliance Training Aids In The Integration Of Compliance Into Your Organization’s Culture
Employees, for the most part, do not break the law on purpose. They didn’t intend to break it, and that was never their intention when they arrived at work that day. A violation frequently occurs when an employee is unaware of a rule or does not comprehend how it applies to their work.
Employees that receive compliance and ethics training learn how to stay compliant and obey the regulations. It assists them in identifying and reporting any infractions they encounter. They can also help their colleagues avoid problems by seeing possible compliance concerns before they become a problem.
All of this contributes to the organization’s compliance by ensuring that everyone is accountable. The organization can function at its best when everyone understands the expectations and norms.
However, if a compliance issue or even a lawsuit arises, your training records will show that your company educated its staff on the numerous requirements and took steps to ensure compliance. This can assist reduce your company’s liability and risk of being sued.
If an employee was injured on the job, for example, your compliance training records would indicate that the company made every reasonable precaution to ensure a safe working environment and that all of your employees were taught in the various safety protocols. This shifts responsibility for safety standards back to the individual and protects the corporation against a lawsuit brought by that employee.
A strong workplace compliance training program ensures that your organization follows the law, minimizes liability risks, and operates efficiently. It safeguards the company from a wide range of legal, regulatory, and even corporate infractions that could result in significant fines and civil and criminal punishments.
When it comes to providing regulatory compliance training to your organization, make sure you provide engaging and personalized content, make your training available through a variety of channels, provide it on a regular basis, and track everyone’s completion and understanding of what they’ve learned.
Course Manual 9: Monitoring & Auditing
Auditing and monitoring is one of the most important aspects of a successful compliance program, and it is a requirement in several businesses. Why? Because it’s difficult or impossible to know what’s functioning and what needs to be improved without auditing. Similarly, effective monitoring programs act as an early warning system, allowing compliance specialists to spot possible compliance issues sooner rather than later.
Auditing and monitoring are critical, yet they are frequently misunderstood and underappreciated. For a variety of reasons, including a lack of skilled resources, the difficulty of designing and driving consistency across the enterprise, and the reliance on others within the organization for both data and, in many cases, program execution, organizations continue to face challenges in implementing and maintaining efficient and effective auditing and monitoring programs.
The focus on other compliance program elements, including as risk assessments, training, and policies and procedures, has occasionally resulted in the auditing and monitoring functions being undervalued and under-resourced. As compliance programs mature, these features provide a valuable source of information regarding deviations from expected behavior that could lead to major or systemic compliance concerns. Furthermore, businesses frequently assert that the adoption of new laws and regulations poses a risk, despite the fact that this is an area that is frequently not examined, or not thoroughly checked, to assess whether the firm is meeting the standards.
The absence of competent auditing and monitoring can have repercussions across the compliance program. Compliance professionals have expressed frustration with the quality of metrics used to quantify the efficacy of their compliance programs in a number of recent studies and surveys16. The results of continuing auditing and monitoring programs generate metrics that can indicate not just the effectiveness of the program design, but also the effectiveness of the program’s operations, especially when seen over time. Although compliance measures are well known or even mandatory in some areas, like financial services, for many firms these activities provide new, more insightful indicators related to program performance than those compliance experts have depended on in the past.
Similarly, thorough auditing and monitoring—along with the data that goes with it—provides useful and trustworthy information to compliance program stakeholders:
• Auditing and monitoring efforts are seen by regulators as proof of a company’s dedication to compliance. Furthermore, in some industries, such as financial services, auditing and monitoring programs are a regulatory requirement, and companies that fail to implement them may face fines or penalties.
• In order to perform fiduciary duties, boards require substantiated information on the effectiveness of compliance programs.
• These actions are cited by both internal and external counsel as markers of the company’s compliance diligence as part of their legal plans.
• Employees, customers, and investors want to know more about compliance processes, and they might use that information to make hiring, purchasing, or investing decisions.
Defined And Contrasted Auditing And Monitoring
Many compliance experts interchange the phrases “auditing” and “monitoring.” While auditing and monitoring are complementary, and neither can be fully maximized without the other, they are not interchangeable. Many people believe their designs and desired outcomes are drastically different. The following are commonly accepted meanings for each:
• Auditing Program: A dynamic, risk-based, independent compliance oversight process that involves selecting and reviewing a sample of business products, services, communications, and other areas on a regular basis in order to assess and report on the effectiveness of compliance controls and/or adherence to stated policies and procedures.
• Monitoring Program: The organization’s ongoing observation, assessment, and analysis of important business performance and risk indicators to detect potential compliance infractions. While many people want to build “automated” monitoring programs, monitoring can be done manually or automatically.
These definitions clarify the auditing and monitoring aims and objectives; nevertheless, the precise processes for achieving these goals and objectives are not always evident. Even if regulatory expectations for these important features are clear—as they are in some parts of the banking and pharmaceutical industries—details regarding the exact auditing and monitoring activities that would achieve those requirements may not be. Regulatory guidance on the specific expectations of auditing and monitoring operations may not be accessible at all in other industries. Even in circumstances when legislative expectations are clear, designing, implementing, and maintaining an efficient auditing and monitoring program is one of the most difficult tasks facing individuals in charge of risk and compliance.
At The Level Of Accountability, Compliance Is Assessed
Compliance auditing is carried out at every level of the organization in a good auditing program. Weak controls are immediately discovered in the firm, where they are most likely to be promptly remedied, according to this approach.
• The first line of defense: At this level, business unit leadership devotes time and resources to ensure that controls and activities to prevent, identify, and respond to compliance failures are sufficiently designed and running efficiently.
• The second line of defense: Individuals performing the audits in the second-line auditing program must not be the same people who are in charge of executing the controls. The compliance function—whether it’s the “centralized” compliance function at headquarters, the compliance team within the business unit, or a combination of the two—should devote time and resources to developing and implementing independent compliance control testing. “A monitoring program, when properly built, should trigger an early warning indicator that something is happening in the firm that could result in an ethics or compliance failure,” Deloitte Advisory Director Laurie Eissler. Under the federated compliance model, these individuals are answerable to the independent compliance function, regardless of whether that function is located at “corporate” or within the business unit.
• The third line of defense: Internal audit should be in charge of “testing the tests,” which is the third line of defense. Internal audit has a greater role in several industries. Internal audit functions in the financial services business, for example, go beyond testing the tests. They do further transactional and process-related audits rather than relying on the outcomes of second-line testing.
In all cases and at all levels, auditor independence is a critical component of effective auditing.
Regardless of industrial sector, we’ve found that the third line of defense—internal audit—identifies a disproportionate amount of compliance issues. This could imply that compliance auditing in the business unit (first line of defense) and the compliance function (second line of defense) is ineffective at detecting compliance flaws.
The skillsets used in the programs are diverse. Professionals with particular knowledge or skillsets, which may differ from those found in a standard corporate compliance and internal audit department, are involved in outstanding auditing programs. Professionals with understanding of the applicable laws and regulations, regulator expectations, and compliance risk drivers are often necessary to create and implement auditing programs. This isn’t to imply that existing compliance or internal audit personnel couldn’t be taught to fulfill those requirements. Many internal audit departments have concentrated on people with more traditional financial accounting controls knowledge in the post-Sarbanes-Oxley world. These people frequently lack the regulatory and compliance subject-matter expertise needed to conduct successful compliance auditing. Continuous training, as well as cross-training of individuals in other functional areas, can help to improve the team’s knowledge and effectiveness.
A risk-based strategy is used to create the program. The technique used to create the auditing itself is another differentiating feature of a top auditing program. It all starts with a thorough compliance risk assessment, as is almost often the case with compliance initiatives. A good auditing program takes the risk assessment’s results and goes one step further: critical compliance risks are mapped to the business units and business processes where they are most likely to occur. An “applicability analysis” is another term for this. Within those operating regions, the process processes are thoroughly defined, with both vulnerabilities and critical controls specified. The compliance auditing is driven by this procedure, which is designed to be repeatable and produce actionable outcomes.
Auditing programs that are effective are repeatable and statistically valid. While knowing if a control is working properly right now is important, strong auditing programs recognize that long-term quality is obtained when major risks and controls are assessed on a regular basis using statistically accurate sampling procedures.
Putting It Through Its Paces
Auditing and monitoring are important components to construct and exploit as firms strive to establish best-in-class compliance systems. An business can use effective auditing and monitoring systems to not only collect crucial information about compliance program flaws, but also to engage in risk sensing activities that may provide an early warning of any looming problems before they become substantial and possibly damaging. Auditing and monitoring, like the other important aspects of a strong compliance program, allows firms to learn from the past and employ people, process, and technology with an eye to the future to improve the maturity of their compliance program.
Course Manual 10: Issues Management
For audit departments, issue management can be a time-consuming undertaking.
What is the definition of issue management?
The audit is completed, the closing meeting is completed, the audit report is issued, and the audit cycle moves on to the problem management phase. Management resolves concerns rapidly in certain audits, but it takes months or even years for management to resolve difficulties in others. The problem management process is frequently a project management exercise in and of itself. Keeping an issue log containing action items, due dates, and accountable team members is part of issue management.
What Are the Five Steps of the Issue Resolution Process?
There are five processes in the problem management process for identifying and resolving control environment deficiencies. These procedures will assist you in identifying and resolving the problem quickly, effectively, and predictably.
1. Determine Potential Problems
During an audit, you will find the problems. During fieldwork, the issues should be adequately supported and confirmed with management.
2. Establish Priorities
To stress the risk-based priority, it is critical to document the issue completely according to The IIA’s guidance by identifying the criterion, condition, cause, and effect.
3. Decide On A Stance On The Issues
Create a recommendation from the perspective of audit to give management direction on how to respond.
4. Create A Response
Work with management to develop the action items that will be taken by management to resolve the problem, as well as due dates and accountable team members.
5. Keep An Eye On It
Treat each issue as a project management job in your issue tracking system to track management’s progress in resolving the issue within the agreed-upon period.
How do you keep track of issues and report on them?
Tracking and reporting on issue remediation is one of the most critical KPIs that internal audit should manage. Because of the time it takes to close out recognized concerns, how quickly issues are resolved is an indicator of how effectively a company manages risk.
Siloed issue management procedures are a prevalent challenge in firms with separate audit, risk, and compliance departments. Addressing conflicting approaches and consolidating enterprise-wide problem management under one common framework can help organizations improve their issue remediation metrics.
Challenges in Issue Management
Different business divisions may be undertaking duplicate operations surrounding issue tracking using inconsistent techniques in firms with siloed issue management efforts. Multiple problem logs (in multiple formats) monitoring similar results create inefficiencies for all stakeholders, especially issue owners who are expected to deliver consistent information to different groups at different times. The ability of the organization to have a holistic perspective of challenges is limited by siloed issue management techniques. This can lead to the following effects, according to Protiviti:
• Poor data quality and root cause analysis
• Lack of issue prioritization
• Lack of clear accountability
• Incomplete impact analysis of the organization
• Processes for resolving issues that aren’t well defined
• A culture of fast fixes rather than long-term solutions
How can companies work to break down these barriers and achieve what Protiviti calls an agile state of problem management?
Standardizing your issue management program can help improve collaboration and connections between internal audit and other business groups, as well as eliminate inefficiencies for internal audit and other stakeholders.
How do you create an Issues Management Framework that is best in class?
For financial institutions, issues management is becoming an increasingly significant and visible component of Enterprise Risk Management.
While risk management focuses on the level of uncertainty and/or potential financial loss, issue management assists the company in identifying and mitigating actual risks. Large institutions deal with serious breaches (control, process, policy, regulatory, etc.) on a regular basis, and concerns often require a coordinated effort to overcome, given the size and complexity of such institutions today.
Issues are not effectively analyzed for root cause in the absence of a solid, centrally established issue management program, the appropriate individuals are not involved, and remedial activities can sometimes lead to insufficient or even competing remedies. These difficulties may result in cost overruns due to issue extensions, as well as increased regulatory scrutiny. Furthermore, up to 15-25 percent of low severity occurrences may be false positives, according on our experience. Mistaking these events for issues might result in wasted effort and resources being diverted from more important endeavors.
Issue management concerns are frequently caused by a lack of defined standards and inconsistent application across enterprises due to their large nature. A compartmentalized strategy might result in different taxonomies, less openness across programs and businesses, and a lack of management awareness of issues. Furthermore, old technology systems may stymie process improvement efforts and create a user-unfriendly environment, both of which lead to poor data quality.
When creating a best-in-class problems management framework, we found six critical design considerations:
1. Define the problem: Define issue and associated standards that can be used consistently across all business lines. A uniform standard allows for more thorough and detailed documentation of difficulties. Issue definitions, for example, usually include non-compliance with a regulation or policy, as well as a process or control flaw.
2. Responsibilities and Roles: To enhance accountability, reinforce clearly defined roles and duties throughout the lifecycle through policies or procedures. To help users stay informed, develop a communication strategy and role-based training modules.
3. Risk Management Program Integration: Develop a long-term policy and process structure with a streamlined end-to-end lifespan, with input from those who will be affected. To increase predictive analytics and early prevention, link concerns to processes and controls. The issue management program, for example, would require buy-in from all three lines of defense, as well as specific risk management procedures (e.g. Testing and Validation teams).
4. Standard Risk Rating: Establish standard standards for assessing issue risk (e.g., financial loss, customer impact, reputation impact). To aid consistent application, incorporate risk rating into the policy structure and training.
5. Escalations: As part of policy and procedures, define the escalation path; provide quantitative criteria to determine materiality. With standard reporting, use technology to transmit issues to the right top leaders or governing bodies. New low-rated issues, for example, may not require escalation to high management, but expansions of the same issue may.
6. Simplified Technology and Data: The solution should make workflow easier by incorporating automated controls to ensure data quality and actionable notifications. Only issue important attributes and make relationships to additional data sources with the amount of core data maintained within the solution. If the tool demands that an issue be linked to a control or process, the issue management system should connect to a process repository. It shouldn’t be a free-form entry, and it’ll almost certainly be owned by a risk group outside of the problem management program.
More than just mitigating regulatory scrutiny is possible with a best-in-class problems management program. It may be beneficial to the company’s performance. By removing occurrences that were misclassified as issues and addressing them via business as usual activities, as well as reducing mitigation timescales and the risk of costly extensions, an effective issues management program can yield operational cost savings. Issues management can promote a proactive risk management culture by recognizing flaws early and offering transparency to senior executives making crucial choices, in addition to financial rewards. Issue analysis can also highlight underlying challenges and provide managers with instances of similar problems that have been effectively managed.
Organizations should not wait for criticism from regulators to improve their problem management program. They can greatly improve their material and realized risk management by being proactive.
Course Manual 11: Metrics
Benchmarking and Metrics are the Best Compliance KPIs to Track
Digital disruption has changed the way businesses approach everything from strategic decision-making to business process optimization to risk management. The requirement to acquire, organize, and analyze Big Data in order to gain actionable insights has made the usage of tools like key performance indicators (KPIs) a necessary component of any proactive and successful corporate management strategy.
Compliance management is one of the most essential areas where KPIs are used. Companies can use compliance KPIs to establish effective compliance programs that are backed up by informed risk assessments. Compliance officers can avoid the financial problems that come with non-compliance by closely monitoring these KPIs, identifying the fundamental causes of compliance issues, and better shield their firms from potential risks.
Why Do Compliance KPIs Matter?
In today’s global market, doing business isn’t exactly a stroll in the park. Internal and external stakeholders expect (and demand) top-notch performance, profitability, and compliance, all while maintaining complete transparency. Companies are frequently forced to adjust to unpredictably changing government and industry risk and compliance laws. New threats to profitability, reputation, and compliance occur on a regular (and terrifying) basis, and the expenses of identifying and mitigating these threats can be prohibitive.
Today’s business leaders, who are data-driven, forward-thinking, and committed to continuous improvement across all business processes, require effective risk assessment and risk management solutions to stay ahead of the competition.
Compliance KPIs are a set of metrics that measure how well an organization’s compliance department is keeping the organization’s compliance with internal and external policies, as well as industry and government regulations. They’re critical for protecting your business and helping it grow beyond its current capabilities.
Internal audits, policy enforcement, and compliance training at all levels of a business assist compliance officers manage risk more effectively by tracking these KPIs and altering compliance rules and workflows accordingly.
Governance, Risk Management, and Compliance (GRC) criteria for operational excellence can all be measured with compliance KPIs.
• Data storage and management compliance; financial compliance, including internal and external audit management.
• Purchasing regulations.
Compliance KPIs can act as “watchdogs” or “early warning systems” for potential risk. Some compliance measurements are referred to as key risk indicators (KRIs).
While no two businesses will have the same risk mitigation priorities, businesses of all sizes can benefit from a compliance program based on measuring, assessing, and changing workflows and rules using compliance KPIs.
Compliance KPIs are a set of metrics that measure how well an organization’s compliance department is keeping the organization’s compliance with internal and external policies, as well as industry and government regulations. They’re critical for protecting your business and helping it grow beyond its current capabilities.
Monitoring Compliance KPIs Has Its Advantages
Compliance professionals, like their counterparts in the procurement and accounts payment (AP) divisions, rely on clear, accurate, and full data to do their duties well. They use the same data to assess the overall success of their activities and to steer the company away from possible disasters before they occur.
Rogue spend, a lack of training, and non-compliance with procurement policies can obfuscate data critical to effective spend management and financial planning in procurement, making it difficult to maintain adequate cash flow, capture value and savings through strategic spend, or build a resilient supply chain to protect business continuity.
The same may be said for compliance, where a poorly implemented program can result in reputational damage, hefty penalties and fees, as well as potential litigation and regulatory action.
Best-in-class firms are progressively implementing digital solutions meant to automate and optimize compliance management, including tracking compliance KPIs, to achieve this goal.
Best Practices for Using KPIs for Compliance
Senior management need a compliance program that not only detects possible hazards, but also assists in identifying and correcting their core causes. Following a few best practices will help you develop your compliance standards and make the most of the compliance metrics you track.
1. Using a needs analysis, develop and implement a performance rating system.
You must first determine where your firm stands in terms of compliance before you can start your compliance program. You can determine the success of your present compliance program using needs analysis and risk assessment, and then structure your program around the business objectives you want to achieve.
Your rating system for analyzing your present compliance ecosystem might look like this:
I. Risk assessment reveals excessive risk that is either insufficiently mitigated or fully uncontrolled. Internal controls and compliance regulations are applied inconsistently, inefficiently, or fail often.
II. Effective and consistent risk mitigation is achieved through compliance standards.
III. Implements Best Practices: Compliance rules and practices effectively and consistently minimize known risks while also providing tools for recognizing, analyzing, and mitigating potential hazards.
IV. Transformative: Protocols and rules must be updated or modified as the risk profile of the firm changes or as part of a continuous improvement effort to avoid stagnation.
2. Put in writing your compliance program.
Having everything in black and white makes it easier to teach your employees on your new compliance policies and practices, as well as providing a real, audit-friendly record for internal and external review.
3. Invest in compliance training and education.
Compliance superstars are created rather than born. Ensure that everyone in your organization has access to comprehensive compliance training, including updates and refreshers as needed. Financial, operational, and regulatory compliance are considerably improved when everyone is on the same page (so to speak). This compliance guarantees that top management has all of the data they need to effectively harvest insights while reviewing compliance KPIs.
4. Begin by using broad compliance KPIs and then narrow your focus.
It’s critical to have measurability, consistency, and adaptability incorporated into your compliance program when employing key performance indicators to manage risk. Begin with measuring and reviewing your most important compliance KPIs, and then modify your routines as needed to establish a more comprehensive approach.
The Most Important Compliance KPIs to Monitor
You might potentially develop hundreds or even thousands of KPIs to track the many compliance issues that influence every organization, depending on your industry and type of business. Government agencies have their own sets of often complex compliance standards that corporations must follow to be on the right side of the law, from avoiding corruption to assuring food safety. When you add in industry standards, internal controls, and compliance rules, as well as the need to comply with third-party requirements like green business certifications or Energy Star laws, the average compliance staff can quickly become overwhelmed.
However, a successful compliance program isn’t founded on details. It all begins with identifying, monitoring, and fine-tuning the compliance-related key performance indicators that have the greatest impact on operational performance. The process of identifying and codifying these KPIs establishes a compliance paradigm that informs all subsequent controls and regulations.
Your compliance team should aim to employ KPIs that are:
• derived from best practices and benchmarks informed by needs analysis;
• developed and applied consistently across the enterprise;
• clear and simple in terms of relevant risks and mitigation.
• Easy to measure within a particular time frame and across business units.
• Designed to evaluate risk owners’ accountability and performance.
• Designed to consume resources as efficiently as possible.
Every company is different, but most may start improving their overall compliance (and setting a precedent for monitoring more detailed KPIs in the future) by tracking certain key compliance KPIs like:
Compliance In General
• Total Number of Open Employee Relations/Human Resources Issues
• Total Number of Open Compliance Issues
• Percentage of Post-Audit Issues Outstanding: The total number of issues that remain unresolved following an audit, represented as a percentage.
• Average Cycle Time for Compliance Investigations by Type
• Operational and System Compliance Percentage of Internal Audits Completed On Time
• Mean Time Between Failure (MTBF): The total number of minutes (or hours, or days, or other units) since a system or piece of equipment has failed.
• MBTF Percentage Difference: A percentage comparison of failure rates across different systems or units of equipment.
• Mean Time to Repair (MTTR): The average time it takes to fix problems and get equipment or systems back up and running. It’s also known as “downtime.”
• Percentage Difference in MTTR: A percentage measure of changes in MTTR as an indicator of relative efficiency.
• System Availability: The total number of minutes (or days, hours, or other units of time) that systems or equipment were actually available divided by the total number of minutes that they should have been accessible.
Compliance In Procurement
• Percentage of Invoices Automatically Matched
• Average Invoice Cycle Time
• Average Purchase Order Cycle Time
• Supplier Defect and Compliance Rates: Ratios of correct and contract-compliant orders fulfilled, respectively.
Compliance Management That Is Effective Reduces Risk Exposure
A pound of compliance cure is worth an ounce of proactive prevention. Invest in the tools and procedures you’ll need to create a robust, flexible compliance program based on specific KPIs, and your company will gain a competitive advantage through better risk management and business strategies.
Course Manual 12: Technology
Integrating Technology into a Compliance Program
For any Chief Compliance Officer (“CCO”), let alone an experienced one, managing an advising firm’s compliance program can be a difficult assignment. Regulators want investment advising firms to have a thorough compliance program, regardless of the number of workers or a CCO’s expertise, and many CCOs are frustrated by the administrative nature of their compliance program.
Technology can be an invaluable ally. There have been a slew of tools built expressly to address regulatory requirements for investment advisers and provide the essential supervisory and surveillance capability for a firm’s CCO to properly monitor and document compliance actions at their firm throughout the last decade.
We look at three areas where customized software applications can help CCOs and their staff handle their firm’s compliance programs, as well as providing essential risk management guidelines while utilizing the software.
Electronic Communications Retention and Review
Electronic business messages, such as emails, instant messaging, and text messaging, must be reviewed and retained as part of a company’s electronic communications policy. Two significant reasons for this are that investment advisers are required by state and federal requirements to keep copies of such records, and reviewing these communications serves as an invaluable tool for monitoring for any infractions of the firm’s policies and procedures.
There are software solutions that can help advising firms automate and expedite the evaluation of electronic messages in addition to capturing and storing them.
Using this type of technology solution has numerous advantages. Most software is meant to help businesses capture and filter incoming and outgoing electronic communications, looking for messages that contain specified phrases and keywords (as determined by the business) that need to be addressed. Messages that meet the keyword and phrase policies are marked for evaluation, and the software keeps track of all reviews and actions. The keyword policies can be tweaked and altered to provide businesses more control over which messages are screened and flagged for review. Furthermore, most software packages provide a capability that enables for specialized assessments of select groups or individual employees. Finally, these software solutions make it easy to find and recover specific emails that authorities may seek during an examination.
Advice on Risk Management
• Conduct regular reviews of electronic communications: Regular reviews aid in the detection of possible and actual infractions, which, if detected early enough, could save the company time and money. Furthermore, the SEC frequently requests evidence of the evaluations conducted during examinations, and supplying the documents demonstrates that the firm has effective compliance procedures in place.
• Tailor reviews to the size and frequency of the firm’s electronic communication use: While firms are not obligated to evaluate every message, it is critical to review all flagged messages as well as a random sample of non-flagged messages. The sampling size should be representative of the total number of messages sent and received, and could range from 1% to 10%.
• Organize the reviews: CCOs should schedule each review on their calendar to ensure that enough time is spent on them and that they are completed on time.
Reporting and Monitoring of the Code of Ethics
Both state and federal requirements require the reporting and monitoring of employee personal trading and other conflict behavior under the Code of Ethics (“COE”). A company should have a solid COE in place, as well as a good set of tools for reporting and monitoring these actions. Technology can play a critical role, and there are various manufacturers on the market who offer software packages with extensive COE reporting and monitoring capabilities.
While software capabilities differ by vendor, the majority are meant to automate a firm’s COE pre-clearance, reporting, and review needs. In general, each employee designated as a “access person” under a firm’s COE has their personal brokerage account activity electronically fed into the system and monitored for compliance with the firm’s COE standards. Exception reports are generated for any potential infractions, which the CCO or designee can analyze and follow up on. Certain programs can also keep an eye out for possible insider trading behavior. Other problem areas, such as pre-approval and/or reporting of gifts, political contributions, and outside commercial activities, can also be managed using the program.
The COE software may track all activities and generate reports that can be sent to a regulator upon request to demonstrate compliance with the COE. Finally, many of these apps allow the CCO to establish cases in which they can record any breach of the COE, including specifics of the infringement and evidence of the steps taken.
Advice on Risk Management
• Implement controls to ensure that each new employee is added to the system as soon as possible: To ensure that COE acknowledgment and initial reporting are completed by the employee within the appropriate dates, add this step to your “new employee” checklist (or implement if you don’t have one).
• Make use of the document storing feature: Firms can commonly attach and store documents for backup purposes, such as copies of emails, trade memoranda, brokerage statements, memos, and employee certifications, using software tools. When exceptions are made or steps are taken when violations occur, this function is extremely significant.
• Keep track of and update your restricted/watch lists: If you’re using restricted or watch lists, make sure they’re updated as soon as something changes so outdated data doesn’t get stuck in the system.
• Review all exception reports as soon as possible: Most software runs an automatic check of access person personal trading information against COE rules, generates an exception report, and, in certain situations, sends an email alert to the CCO. These reports must be assessed as soon as feasible in order to reduce any potential or actual risk or injury to any firm customer as a result of a COE breach.
Calendars of Compliance
Performing different compliance chores, such as regulatory filings and testing the firm’s policies and procedures to guarantee efficacy, is an important set of responsibilities for a CCO. Technology can assist the CCO in staying on top of these responsibilities and completing them within the appropriate time frames. Various software tools can serve as an automatic calendar and send out electronic reminders, as well as construct processes, assign tasks, and track and document the steps completed.
Each activity is often tracked electronically to demonstrate progress and completion. Furthermore, because the applications allow users to submit documents, proper documentation may be maintained.
Advice on Risk Management
• Ensure that tasks are monitored on a regular basis: This ensures that given tasks are completed and deadlines are met.
• Check the calendar for adjustments at least once a year: It’s crucial to go over the calendar at least once a year to see if any tasks need to be added or removed, and to double-check that due dates have been updated as needed.
• Make use of the document storing feature: This facilitates the retrieval of task-related documentation. For example, as part of the firm’s annual assessment, this can be especially useful when documenting the results of periodic testing and evaluations done throughout the year.
Overcoming Obstacles to Compliance Technology Implementation
The reality of using compliance technologies may not be as idyllic as you had envisioned at the outset. You may confront a variety of obstacles, ranging from abstract goals and outmoded base technology to human problems like change aversion and enabling suppliers to dictate a product-focused approach rather than your own long-term, outcome-focused compliance technology adoption plan. The list may appear endless, and obstacles may differ from one business to the next.
However, you may overcome these obstacles by developing a long-term, outcome-oriented plan that takes into account your organization’s present technology, software assets, and data environment. You should bring in your IT department early on to help with strategy, project planning, and identifying long- and short-term objectives. It’s critical to put “compatibility” and “integration” at the forefront of each new tool evaluation, and any new tool joining your compliance technology arsenal must not only be able to interact with other existing tools, but also learn from and teach other tools (through data feed) at the same time.
Conclusion Advisory firms can use technology to efficiently monitor, complete, and document numerous administrative compliance activities. It not only ensures that compliance programs run smoothly and that regulatory obligations are satisfied, but it may also be very cost-effective when compared to the time it takes to do these operations manually. In addition, most software platforms provide compliance consultants “review” access, which can help CCOs with additional supervision.
Workshop Exercises
Compliance Essentials Exercises
01. Culture: Explain in your own words how this process will directly impact upon your department?
02. Incentives & Rewards: Explain in your own words how this process will directly impact upon your department?
03. Enforcement & Discipline: Explain in your own words how this process will directly impact upon your department?
04. Accountability: Explain in your own words how this process will directly impact upon your department?
05. Risk Assessment: Explain in your own words how this process will directly impact upon your department?
06. Compliance Officers: Explain in your own words how this process will directly impact upon your department?
07. Policies & Procedures: Explain in your own words how this process will directly impact upon your department?
08. Communication & Training: Explain in your own words how this process will directly impact upon your department?
09. Monitoring & Auditing: Explain in your own words how this process will directly impact upon your department?
10. Issues Management: Explain in your own words how this process will directly impact upon your department?
11. Metrics: Explain in your own words how this process will directly impact upon your department?
12. Technology: Explain in your own words how this process will directly impact upon your department?
SWOT & MOST Analysis Exercises
01. Undertake a detailed SWOT Analysis in order to identify your department’s internal strengths and weaknesses and external opportunities and threats in relation to each of the 12 Compliance Essentials processes featured above. Undertake this task together with your department’s stakeholders in order to encourage collaborative evaluation.
02. Develop a detailed MOST Analysis in order to establish your department’s: Mission; Objectives; Strategies and Tasks in relation to Compliance Essentials . Undertake this task together with all of your department’s stakeholders in order to encourage collaborative evaluation.
Project Studies
Project Study (Part 1) – Customer Service
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 2) – E-Business
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 3) – Finance
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 4) – Globalization
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 5) – Human Resources
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 6) – Information Technology
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 7) – Legal
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 8) – Management
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 9) – Marketing
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 10) – Production
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 11) – Logistics
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Project Study (Part 12) – Education
The Head of this Department is to provide a detailed report relating to the Compliance Essentials process that has been implemented within their department, together with all key stakeholders, as a result of conducting this workshop, incorporating process: planning; development; implementation; management; and review. Your process should feature the following 12 parts:
01. Culture
02. Incentives & Rewards
03. Enforcement & Discipline
04. Accountability
05. Risk Assessment
06. Compliance Officers
07. Policies & Procedures
08. Communication & Training
09. Monitoring & Auditing
10. Issues Management
11. Metrics
12. Technology
Please include the results of the initial evaluation and assessment.
Program Benefits
Management
- Employee awareness
- Enables confidence
- Better decisions
- Risk mitigation
- Process simplification
- Mission realization
- Enhance relationships
- Transparency supported
- Assure engagement
- Professional ethics
Operations
- Increase bottom-line
- Support whistleblower
- Audit ready
- Disciplinary measures
- Effective governance
- Monitoring mechanism
- Compliance culture
- Crystallize workflow
- Avoid insider-trading
- Cybersecurity assurance
Human Resources
- Onboarding practices
- Fraud awareness
- Prevent discrimination
- Information security
- Continuity management
- Compliance induction
- Compliance essentials
- Identify conflicts
- Ethics code
- Personal trading
Client Telephone Conference (CTC)
If you have any questions or if you would like to arrange a Client Telephone Conference (CTC) to discuss this particular Unique Consulting Service Proposition (UCSP) in more detail, please CLICK HERE.