In the past year, we have seen a salvo of standards and regulations across the globe offering guidance on how to develop effective ethics and compliance programmes. Along with providing guideposts for programme leaders, the volume of standards, and rate at which they are released, has created a moving target for compliance programme directors.
with no single standard or regulation that suits all situations or organisations, we are faced with Compliance’s age-old question – how do we define “effectiveness?”
At the end of 2016, we saw the launch of the ISO 37001 guidelines for effective anti-bribery and corruption programmes. The sentiment is also reflected in France’s long awaited legislation, Sapin II, which set out new requirements for implementing anti-bribery & corruption controls and greater provisions for whistleblower protection. Sapin II also created measures for companies over 500 employees to prevent and detect corruption. These measures include developing a code of conduct, actively conducting employee compliance training and undertaking a risk mapping exercise regularly, among other things.
In 2017 the U.S. Department of Justice (DOJ) released the Evaluation of Corporate Compliance Programmes comprised of “common questions [the DOJ] may ask in making individualised determination” to effectively evaluate a company’s unique risk profile and the solutions it uses to reduce these risks.
So with no single standard or regulation that suits all situations or organisations, we are faced with Compliance’s age-old question – how do we define “effectiveness?” The answer to this question must take into account the guidelines and standards mentioned above as well as provide adequate protection in a court of law from a host of other regulations such as the Foreign Corrupt Practices Act, UK Bribery Act and the Federal Sentencing Guidelines, among others. But, we must also consider the audience for whom we are defining “effective.” An effective programme may look different to regulators, your board, senior leaders and even your employees. Defining, evaluation and proving our programme’s effectiveness is key to not only protecting your organisation from risk, but also validating the need for additional resources or expanded budget.
So, what measures can you use to define your programme’s effectiveness?
Evaluate Your Awareness Efforts
Does your programme effectively drive awareness and understanding around the ethics and compliance requirements expected of employees? Are employees able to easily access policies and training?
Assess Actual Employee Behaviour Change
Does your programme change employee behaviour around particular issues such as bribery, retaliation and workplace harassment?
Do you have the right reporting mechanisms in place to monitor and document improvement that compounds to change and progress?
These are just a few elements of defining your programme’s effectiveness. A truly effective ethics and compliance programme implements a robust risk assessment that evaluates the programme as a whole as well as the strength of its parts.
Join us for our eight week series to find out all the crucial elements needed in an effective compliance programme such as how to implement a risk assessment, the importance of reporting processes and a look at how your culture affects compliance.