What Is a Compliance Program?
A compliance program is a company's set of internal policies and procedures put into place in order to comply with laws, rules, and regulations or to uphold the business's reputation. A compliance team examines the rules set forth by government bodies, creates a compliance program, implements it throughout the company, and enforces adherence to the program.
- Compliance programs outline a set of guidelines and best practices that ensure a company's employees are following all relevant laws and regulations.
- Compliance programs help corporations protect their brand from scandal and lawsuits.
- An effective compliance program should have clear policies, a healthy path of communication between employees and those who oversee the program, and not shy away from taking corrective action when the compliance program is breached.
Understanding Compliance Programs
The main financial regulators in the United States are the Federal Reserve Board, Securities and Exchange Commission (SEC), and the Financial Industry Regulatory Authority (FINRA). These and others have established requirements that must be followed, where applicable and in varying degrees, by banks, broker-dealers, asset managers, and other financial institutions.
Compliance programs have grown in importance in the financial industry since the shock of the financial crisis, but vehement complaints of bankers have found receptive ears of Republicans in the federal government. There have been concerted efforts to roll back regulations designed to keep some participants in the financial sector from overplaying their self-interested urges, but the push and pull of politics in D.C. make it unclear what changes, if any, will ultimately result.
Publicly traded companies are supposed to have robust compliance programs to follow requirements set forth by the SEC. In particular, filing requirements and deadlines must be strictly adhered to. Compliance programs are also important, though less formal, at companies big and small, public or non-public.
Where requirements of a regulatory authority do not apply, a compliance program of a firm addresses the conduct of employees to abide by internal policies (e.g., spending corporate funds or treatment of women) and, more importantly, to maintain the firm's reputation among its customers, suppliers, employees, and even the community where the business is located. Compliance departments have risen in stature due to their role in keeping their companies out of hot water with regulators, customers, shareholders, and the media and general public.
How to Create a Compliance Program
While there can be different types of compliance programs—those for closely following financial regulations or for ensuring a workplace is free of discrimination and sexual harassment—every compliance program should have a few key elements.
After the passage of the Affordable Care Act, the government outlined seven components of a strong compliance program for healthcare providers. The presentation identified the following elements.
Written Policies, Procedures and Standards of Conduct
The first step to implementing a compliance program is making sure your compliance program has clearly defined policies and expectations. Allowing the written program to be readily available for all employees, regularly updating and reviewing the policies, and ensuring new hires review the program within 90 days of onboarding are essential to a compliance program's success.
Compliance Program Oversight
Once the expectations of the program are clearly defined, you'll need to assign a compliance officer or compliance committee to oversee the program. This employee or group of employees should have a history and deep knowledge of ethical behavior, and, depending on how the company is structured, should report directly to the CEO.
Training and Education
A crucial aspect of implementing a compliance program in the workplace is spending the time and money to ensure all employees are familiar and appropriately trained to the program's new set of standards. This should include new hires as well as frequent check-ins with all current employees.
Hosting annual or quarterly company-wide meetings that address any concerns or updates regarding the compliance program as well as ensuring that all new employees complete the compliance training within their first few months of employment will help maintain a successful compliance program.
Opening the Lines of Communication
Another important aspect of running a successful compliance program is making sure employees at every level feel they have an open avenue to express their questions or concerns about the compliance program. Compliance programs should allow employees to report violations and address ethical issues via an anonymous platform. Furthermore, compliance officers should make themselves available and approachable to employees who have specific questions regarding the compliance program.
Establishing a solid path of communication between those overseeing the compliance program and the employees it covers is essential to ensuring breaches 1) get reported and can be prevented in the future.
Auditing and Monitoring
A system of auditing and monitoring should be implemented in order to measure the effectiveness of the compliance program, ensure adherence to external regulations, and identify compliance risks. Compliance programs should be reviewed regularly as part of normal operations, however, they should also be subject to a formal external audit. An audit should be performed at least on an annual basis. The auditor should provide a written report of their findings.
One element of an effective compliance program is that it is actually enforced. The compliance program should include clear, written policies that apply appropriate disciplinary actions to those who fail to comply with the program's expectations and policies. These disciplinary actions should apply when the following situations arise: non-compliance, failure to detect non-compliance when due diligence should have provided obvious clues, and failure to report instances of non-compliance.
As you can see, enforcing the necessary disciplinary actions will be made easier if the above steps, particularly having clearly defined expectations, and an open-door policy, are adhered to.
Finally, when all the above steps have been followed, and a significant compliance risk or vulnerability is discovered either through an audit, compliance breach, or internal review, the compliance committee should take timely, decisive action that will reduce the risk of non-compliance.