Section 2

Building Your Foundation

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Implement What You Know with Confidence

Discover action-based tools that provide simple steps for program improvement or robust plans for new ways of doing business. 

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Your ethics and compliance program is an ecosystem of moving parts. New laws and regulations, new lines of business, new geographies, mergers and acquisitions become part of a growing enterprise that your compliance ecosystem must support. 

Effective compliance programs are able to deftly navigate these complexities because they have built strong foundations that were developed with the nature of the compliance industry in mind.

This section will give you the expert advice and programmatic best practices to ensure the first steps you take to develop your program are in the right direction. Or if your program is more mature, these resources and insights will give you the necessary guidance to course correct and improve your program’s foundation at whichever stage it is in. 


Top 10 Reasons Compliance Programs Fail

When it comes to FCPA compliance and anti-corruption policy, it’s always nice to observe failure rather than experience it. Learn the top 10 failures for many compliance programs without actually having to go through them yourself. 

CREATe Compliance 02/15/2017

When it comes to FCPA compliance and anti-corruption policy, it’s always nice to observe failure rather than experience it. Learn the top 10 failures for many compliance programs without actually having to go through them yourself. 

An effective compliance program manages an organization’s policies and procedures in a way that protects the organization and supports an ethical organizational culture. The challenge is turning those policies into practices that drive employee behavior.

These are the top 10 reasons compliance programs fall short.

1. Failure to Assess and Understand Risk

When entering new markets or embarking on a new business model, businesses can get caught up in the momentum of achieving future goals and not take the time to assess and understand new risks. Others rely solely on intuition and experience in identifying threats to the business. Performing a thorough risk assessment or due diligence on agents working in international markets is essential to proper third-party risk management. Companies miss significant risk exposure by not undertaking a process to evaluate actual corruption risks posed by their market entry strategy and business model. A risk assessment creates awareness around business risks that can then be managed or avoided through strengthened internal controls.

2. Lack of Leadership

“Tone at the top” – that is, an organization’s general ethical climate as established by its top management and supervisory authority – is a concept often held up as sine qua non of a successful compliance program. However, as shareholders and employees of companies that seemingly “talked the talk” but actually only paid lip service to ethics and compliance have discovered, that phrase rings hollow unless backed by action. True leadership is embodied by those who “walk the talk” as well. A successful compliance program requires leadership to underscore loudly and often that compliance is a key to good business. In a practical sense, a culture of compliance must be informed and supported by business processes that are continually improved.

In addition to tone at the top, “tone in the middle” is a key indicator of successful anti-corruption program implementation, and a detrimental weakness in programs that have failed. It is at the level of middle management that most compliance violations occur – where the rubber meets the road. If mid-level managers are not taking accountability for compliance and sending the right messages – or giving mixed messages – the risk for program failure is high.

In most companies, employees rely on their direct manager, rather than senior executives, to set the example for behaviors ranging from meeting attendance to management skills to integrity. When employees encounter management that is either insincere, or hypocritical in their support of compliance programs, the company and the program are undermined.

3. Insufficient Resources

Without adequate human and financial resources, compliance programs often fail. Take for example the single person compliance department with no additional resources, or the additional compliance tasks added on to a legal counsel’s already too-full plate, or the ‘tagging-on’ of anti-corruption to other programs where it gets lost in the shuffle. Often, these methods of tacking on compliance responsibilities to other roles indicate a lack of commitment to anti-corruption compliance.

Matching resources – both human and financial – to the corruption risk the company actually faces shows commitment to integrity in business and is key to the effectiveness of the anti-corruption program.

4. Insufficient Profile of the Compliance Function

Elevation of the compliance function and those who lead it are essential to the success of the program and the effectiveness of its risk prevention. How many companies have a Chief Compliance Officer (CCO)? How many companies have anti-corruption compliance as an additional task for the legal department? Does the anti-corruption team report directly to the board, legal department or the chief executive?

In Deloitte’s 2015 Compliance Trends Survey, 59 percent of respondents reported that they have CCOs – an increase from 50 percent in 2014 and 37 percent in 2013. Approximately half said that they have five or fewer employees dedicated, and about 40 percent reported that their total budget is $1 million or less. Organizations with $5 billion or more in annual revenue have much larger budgets and staff: 34 percent report budgets of $1 million to $10 million, while 54 percent of smaller organizations have budgets of $1 million or less.

The compliance function, whether an individual or hundreds of people around the world, needs to have a “seat at the table” at the most senior levels of the business if compliance is going to be consistently prioritized in a company. Many international compliance standards also call for the CCO to formally report to the Board, or other oversight organization, to protect the independence of the function. In fact, in a 2007 report, the Ethics Resource Center identified reporting line as the “single biggest influence on [a Chief Ethics and Compliance Officer’s] credibility within the organization” and recommended direct reporting to the CEO or the Board, or with “direct, unfiltered access to the Board.”