Section 2

Building Your Foundation

MoreHide

Implement what you know with confidence

Discover action-based tools that provide simple steps for program improvement or robust plans for new ways of doing business. 

MoreHide

Your ethics and compliance program is an ecosystem of moving parts. New laws and regulations, new lines of business, new geographies, mergers and acquisitions become part of a growing enterprise that your compliance ecosystem must support. 

Effective compliance programs are able to deftly navigate these complexities because they have built strong foundations that were developed with the nature of the compliance industry in mind.

This section will give you the expert advice and programmatic best practices to ensure the first steps you take to develop your program are in the right direction. Or if your program is more mature, these resources and insights will give you the necessary guidance to course correct and improve your program’s foundation at whichever stage it is in. 

 

How to Survive a 500-Year Compliance Emergency

Chapter 5 of The Worst-Case Scenario Survival Guide for Compliance Professionals

Compliance emergencies can happen anytime, anywhere and within any industry. In times of crisis, the best organizations know there is a difference between responding to and preparing for emergencies. Learn how preparing with a trained, practiced and well-equipped workforce will position your organization for greater success

Tom Fox 09/27/2017

Chapter 5 of The Worst-Case Scenario Survival Guide for Compliance Professionals

Compliance emergencies can happen anytime, anywhere and within any industry. In times of crisis, the best organizations know there is a difference between responding to and preparing for emergencies. Learn how preparing with a trained, practiced and well-equipped workforce will position your organization for greater success

How to Survive

Are you prepared for the 500-year compliance emergency; i.e., one which has a one in 500 chance of occurring? How about the 1000-year compliance emergency, with the even longer odds of one in a 1000 chance?

Over the past three years, the state of Texas has sustained two storms, which are supposed to occur once every 500 years, and one 1000-year storm, which is supposed to occur with even less frequency. What were the chances of these events happening? What are the chances of similar events occurring going forward – like next year? From the compliance perspective if you are doing business in a high-risk country it could be quite high – about as high as Texas having three such storms in three straight years.

Are you ready for the true emergency?

1. Get Procedures in Writing

You must have a written emergency protocol in place.

After all, you’re preparing for a true emergency that will easily require more than what a simple investigation protocol can provide. It must include a notification list and a secure communication channel to exchange information across the globe. You need a written protocol so you are not making decisions on the fly during a highly stressful situation. A written protocol will also be important when you’re required to demonstrate to the Justice Department that you had a best practice compliance program in place when the incident occurred. This is just the starting point.


2. Dust that Protocol Off

Take that emergency protocol off the shelf and ask yourself some key questions.

Have any of the key compliance risks changed over the past year? Are you in a new geographic area? Do you have a new service being offered to foreign governments?

Next, go through your investigation and notification protocols.

When was the last time you updated your contact list for the compliance department – both primary and secondary? How about for senior management, IT, HR, the compliance or audit committee and the full board of directors? What about your key third-party sales agents and suppliers?

Now do the same for your primary outside counsel investigative firm and make sure they are ready to respond.


3. Test Your Hotline

Your organization’s basic mechanism for obtaining information is through your hotline. However, does it work? How about across the globe? Test it out by making an emergency call from oversees of a major compliance violation. Start with the basics, does your hotline work in every country where you do business? Do you have persons who can speak the language of the caller – either through your hotline service provider or internal to your organization? Finally, does your compliance team receive accurate reports of hotline reported incidents? How quickly does the escalation kick in so that the information gets to you in a timely manner?


4. Secure the Evidence

One of the most critical steps going forward will be securing the evidence. This means computer files and written documents. Call your IT folks and get them to freeze everything, even if this is done without the knowledge of the persons impacted or even if their computers are not physically secured. It may be tricky, but you must do so.  If you self-disclose, one of the most critical initial conversations with prosecutors will be to convince them you have a handle on evidence security.