Schedule Appointment
Schedule Appointment
Schedule Appointment

How savvy is your compliance program? Part 2

internet security and data protection concept, blockchain and cybersecurity
The updated release of the DOJs “evaluation of Corporate Compliance Program” JM 9-28.800 can be seen as a great tool. In our last published article we started with the introduction of the DOJs release focusing on the overview. Now, we go into the details of the key risk areas.
The updated release of the DOJs “evaluation of Corporate Compliance Program” JM 9-28.800 can be seen as a great tool. In our last published article we started with the introduction of the DOJs release focusing on the overview. Now, we go into the details of the key risk areas.
Compliance Program Evaluation to protect our assets

Normally we are too late. Just because mankind is reluctant to implementing preventional measurements. The implications in case of an incident (non-compliance, white-collar and cybercrime) can be immense. Therefore, I take a different perspective to support our clients. For me,

“it most matters what organizations can do before the external parties (e.g. regulators) asks questions.”

I mentioned already that for a lot of organizations compliance was not the key topic over the last months of the global pandemic COVID-19.

The next phase of this global pandemic should allow us all to re-focus on what we can do to support our business by protecting our assets. That is the “right to exist” for a savvy compliance program. Interested in making it more tangible?

The wheel of fundamental questions

Part 1 introduced the three fundamental questions which will be asked by the DOJ. My opinion: it is, that it is far too late when an organization is confronted by these questions – from an external party. Especially from the regulator.

With having our three lines of defense in place, these questions must be asked far before. Good Corporate Governance: The Board of Directors as well as the Executive Board members are highly interested in the assessment of a savvy corporate compliance program. Just take a few seconds to reflect about your maturity level of Good Corporate Governance in relation to the Compliance Program.

Introducing the wheel of fundamental questions supports involved decision maker in their process by visualizing the level of questions which can then also being applied to different owners. But let us start at the beginning.

Starting from the inner circle we have the three initial high-level questions to be answered.

  • Questions No. 1: “Is the corporation’s compliance program well designed?“
  • Question No. 2: “Is the program being applied earnestly and in good faith?“ In other words, is the program adequately resourced and empowered to function effectively?
  • Question No. 3: “Does the corporation’s compliance program work“ in practice?

The details about these three initial questions are all reflected in part 1 and source from the DOJ release. JM 9-28.800*.

Is it possible or better asked: is it serious and professional to answer these three questions without having more information? I would definitively not feel comfortable in deciding about and answering these three questions without having additional in-depth information. Therefore, further information gathering is necessary for the owners of the above-mentioned area of responsibility.

Enriching the wheel with a second layer the following risk aspects are going to be on focus. Always directly allocated to the initial three questions.

Questions No. 1. “Is the corporation’s compliance program well designed?“
  1. Risk Assessment
  2. Policies and Procedures
  3. Training and Communications
  4. Confidential Reporting Structure and Investigation Process
  5. Third Party Management
  6. Mergers and Acquisitions
Question No. 2. “Is the program being applied earnestly and in good faith? “ In other words, is the program adequately resourced and empowered to function effectively?
  1. Commitment by Senior and Middle Management
  2. Autonomy and Resources
  3. Incentives and Disciplinary Measures
Question No. 3. “Does the corporation’s compliance program work“ in practice?
  1. Continuous Improvement, Periodic Testing, and Review
  2. Investigation of Misconduct
  3. Analysis and Remediation of Any Underlying Misconduct

With these above mentioned twelve sub-areas of focus, an evaluation of the Corporate Compliance Program can be conducted. By the organizations and regulators. I am not saying that these areas are concluding, complete or perfect. But:

“An organization covering these risk areas in their assessments already started to do a great job protecting their assets. “

The wheel of fundamental questions starts with three questions, followed by twelve key risk areas. With having these initial two layers the real work for each organization starts. The assessment of these key risk areas.

Assessing the existing Corporate Compliance Program

The starting point for the assessment is set and followed by the different actions to assess the key risk areas professionally and individually.

Identifying the vulnerabilities by this assessment and the outcoming actions implemented, safes the organization a lot of resources in the future – financially and reputational wise.

I cannot say it enough:

“Also, during the actual pandemic, keep track with the implementation, review, update, and improvements of your actual Corporate Compliance Program.”

If you need support – I am here. With a savvy Corporate Compliance program, you are the driver of a key competitive advantages. Please do not give it away!

Yours,

Sonja

 

*JM 9-28.000 Principles of Federal Prosecution of Business Organizations, Justice Manual (“JM”), available at https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations 

Stay Updated

© 2024 Sonja Stirnimann

 

Keep in touch

© 2024 Sonja Stirnimann

Keep in touch
Receive the latest news

Subscribe To Our Monthly Newsletter

Get notified about new articles

Stay In Touch.