Compliance Best Practices DOJ Should Endorse

When the Department of Justice updated its guidelines on evaluating corporate compliance programs in 2023, the agency mentioned several best practices — compliance champion programs and transparency in discipline, for example — that it wants to see more often. Here are some others I’d love to see the department embrace.

Qualitative feedback data

Many compliance officers know that exit interviews can be a rich opportunity to glean candid views from colleagues about misconduct and gaps in the compliance program because it’s the time in the employment cycle where people will be the most candid. After all, they have nothing to lose for being frank if they haven’t felt a culture of psychological safety at the organization. I mean, what are they going to do, fire the person already leaving on Wednesday for speaking up? 

Additionally, many companies have conducted culture of integrity surveys to identify gaps to focus on, such as whether people fear remediation and whether there is a perception that management walks the talk when it comes to ethics and integrity. 

Importantly, for colleagues to continue providing us with this information, we need to show that we’re listening and actually addressing specific areas highlighted. Deploying these feedback channels should be used in conjunction with communications that close the loop; for example, at the start of a training, make a statement that acknowledges feedback that suggested more real-life scenarios. Something like, “In this training, any resemblance to characters and circumstances described is entirely deliberate dun-dun.” (Yes, that is a reference to the iconic “Law & Order” sound effect.)

Mystery shopping your compliance program

It’s not uncommon for compliance officers to conduct test calls to all of their hotline numbers to make sure they’re working, that someone is available to speak in all of the languages the company is paying for and sometimes even engaging in a test scenario to assess the call intake person’s skill at getting information from the caller, as well as offering gracious service. It’s a good way to put yourself in the shoes of your internal customer. 

This approach can be extended more fully into other areas of the compliance program for continuous monitoring and improvement purposes, for example, by asking a colleague to read a policy relevant to their role and then explain back to you what the policy is saying and how they need to apply it in their day-to-day job. 

You could also stop by to attend the compliance section of staff onboarding and hear how your team member is presenting on the topic. Are they keeping the audience engaged, is the information still up to date and relevant? (Use the mystery shopping template in my book’s activity pack.) 

Many of these things are not captured by an internal audit review or standard compliance audit for those who have audit teams built internally into their compliance function, but they’re low-hanging fruit. They can help compliance teams take an honest look at themselves and ask what they could be doing better, both substantively and in terms of sales and customer service abilities. Let’s face it, we’re essentially a sales function that needs to have top-shelf customer service – even if we aren’t boosting company sales!

Compliance

Why Building a Holistically Competent Compliance Function Means Looking Beyond Lawyers

by Mary Shirley

March 12, 2024

A multidisciplinary approach is a better option for staffing your compliance & ethics team

Read moreDetails

Compliance weeks/fairs

Conducting a compliance week or a compliance fair as an annual event is a fairly common activity that focuses on outreach and advocacy of the compliance program and function, often with a bit of gentle education and incentives woven in. 

These activities are a useful forum for compliance departments to help shape the narrative around their reputations as well as draw people in to learn more about compliance in an appealing way. I have treated compliance weeks as major projects in the past because they do require a lot of planning and details to get right, especially in larger organizations where many team members may not have their own company computers or even email addresses. They also require careful budget management because typically ethics and compliance, traditionally viewed as a cost center, does not tend to be the best-placed to get a whopping wallet of funds to spend. 

We still really need to make the leap from being viewed as a cost center to the revenue and reputation preservation/protection department. Nevertheless, many have found compliance week to be well worth the time, effort and funds as it adds to our communication and awareness plan in a very powerful way. They can also be an ideal two-way feedback mechanism and get yourself more qualitative data to use.

More guidance would be welcome

As a bonus on the wish list, it would be wonderful to hear the DOJ share some specifics as to what they would consider makes for an adequately resourced program, but that agency isn’t the only one talking about what makes a good compliance program. The HHS Office of the Inspector General has drawn a clear line in the sand that compliance should be independent from other functions in the organization and should not give legal or finance advice.

DOJ’s “Evaluation of Corporate Compliance Program” guidance touches on the independence and empowerment themes by asking “Is the corporation’s compliance program adequately resourced and empowered to function effectively?” and provides some commentary around that question but doesn’t go so far as to state expectations in the same way the OIG has. 

Getting some low-level detail, even just examples of what backgrounds, experience levels and skills are deemed to contribute to being adequately resourced and what kind of profile a chief compliance officer might be expected to have at a minimum would be valuable guidance.

Regardless of whether these ideas are encapsulated in the next round of guidance, I eagerly look forward to the next update.