Compliance Program Evaluation to protect our assets
Normally we are too late. Just because mankind is reluctant to implementing preventional measurements. The implications in case of an incident (non-compliance, white-collar and cybercrime) can be immense. Therefore, I take a different perspective to support our clients. For me,
“it most matters what organizations can do before the external parties (e.g. regulators) asks questions.”
I mentioned already that for a lot of organizations compliance was not the key topic over the last months of the global pandemic COVID-19.
The next phase of this global pandemic should allow us all to re-focus on what we can do to support our business by protecting our assets. That is the “right to exist” for a savvy compliance program. Interested in making it more tangible?
The wheel of fundamental questions
Part 1 introduced the three fundamental questions which will be asked by the DOJ. My opinion: it is, that it is far too late when an organization is confronted by these questions – from an external party. Especially from the regulator.
With having our three lines of defense in place, these questions must be asked far before. Good Corporate Governance: The Board of Directors as well as the Executive Board members are highly interested in the assessment of a savvy corporate compliance program. Just take a few seconds to reflect about your maturity level of Good Corporate Governance in relation to the Compliance Program.
Introducing the wheel of fundamental questions supports involved decision maker in their process by visualizing the level of questions which can then also being applied to different owners. But let us start at the beginning.
Starting from the inner circle we have the three initial high-level questions to be answered.
- Questions No. 1: “Is the corporation’s compliance program well designed?“
- Question No. 2: “Is the program being applied earnestly and in good faith?“ In other words, is the program adequately resourced and empowered to function effectively?
- Question No. 3: “Does the corporation’s compliance program work“ in practice?
The details about these three initial questions are all reflected in part 1 and source from the DOJ release. JM 9-28.800*.
Is it possible or better asked: is it serious and professional to answer these three questions without having more information? I would definitively not feel comfortable in deciding about and answering these three questions without having additional in-depth information. Therefore, further information gathering is necessary for the owners of the above-mentioned area of responsibility.
Enriching the wheel with a second layer the following risk aspects are going to be on focus. Always directly allocated to the initial three questions.
Questions No. 1. “Is the corporation’s compliance program well designed?“
- Risk Assessment
- Policies and Procedures
- Training and Communications
- Confidential Reporting Structure and Investigation Process
- Third Party Management
- Mergers and Acquisitions
Question No. 2. “Is the program being applied earnestly and in good faith? “ In other words, is the program adequately resourced and empowered to function effectively?
- Commitment by Senior and Middle Management
- Autonomy and Resources
- Incentives and Disciplinary Measures
Question No. 3. “Does the corporation’s compliance program work“ in practice?
- Continuous Improvement, Periodic Testing, and Review
- Investigation of Misconduct
- Analysis and Remediation of Any Underlying Misconduct
With these above mentioned twelve sub-areas of focus, an evaluation of the Corporate Compliance Program can be conducted. By the organizations and regulators. I am not saying that these areas are concluding, complete or perfect. But:
“An organization covering these risk areas in their assessments already started to do a great job protecting their assets. “
The wheel of fundamental questions starts with three questions, followed by twelve key risk areas. With having these initial two layers the real work for each organization starts. The assessment of these key risk areas.
Assessing the existing Corporate Compliance Program
The starting point for the assessment is set and followed by the different actions to assess the key risk areas professionally and individually.
Identifying the vulnerabilities by this assessment and the outcoming actions implemented, safes the organization a lot of resources in the future – financially and reputational wise.
I cannot say it enough:
“Also, during the actual pandemic, keep track with the implementation, review, update, and improvements of your actual Corporate Compliance Program.”
If you need support – I am here. With a savvy Corporate Compliance program, you are the driver of a key competitive advantages. Please do not give it away!
*JM 9-28.000 Principles of Federal Prosecution of Business Organizations, Justice Manual (“JM”), available at https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations