Thursday, February 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Does Your Compliance Program Contain the 5 Essential Elements?

by Kris Welch
December 1, 2015
in Compliance
Does Your Compliance Program Contain the 5 Essential Elements?

The five elements are:

  • Leadership
  • Risk Assessment
  • Standards and Controls
  • Training and Communications
  • Oversight

Leadership

This point means more than the “tone at the top; a successful compliance program must be built on a solid foundation of ethics that are fully and openly endorsed by the company’s senior management. Management’s commitment to compliance should be unambiguous, visible and active. Even more important than support or the right tone, compliance standards require companies to have a high-ranking compliance officer with the authority and resources to manage the program on a day-to-day basis. The compliance officer must also have unrestricted access and a direct reporting line to those responsible for the corporate conduct, including the Board of Directors.

Valuable questions regarding the leadership of a compliance program are: How is Board oversight implemented? Does the company have an ethics or audit committee reporting to the full Board? What is the role of the Chief Compliance Officer? What is the role of the company’s general counsel? How do the legal and compliance departments interact? Does the Chief Compliance Officer have “real power?”

The Board of Directors has an equally key role to fulfill. The Board must ensure compliance policies, systems and procedures are in place. The Board is also responsible for providing the resources needed to effectively implement the compliance program. Additionally, the Board should monitor the implementation and effectiveness of the compliance program by:

  • Being actively involved
  • Attending Board meetings
  • Reviewing, considering and evaluating the information provided
  • Inquiring further when presented with potential issues or questionable circumstances
  • Acting on potential compliance issues as soon as the Board is aware of them
  • Regularly receiving compliance briefings and trainings

Risk Assessment

The implementation of an effective compliance program is more than simply following a set of compliance regulations or providing effective training.  Compliance issues touch many areas of the company and you need to know not only what your highest risks are, but where to focus your efforts to mitigate them and move forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify the areas of high risk in order to prioritize and allocate your resources to the appropriate areas first.

What are some of the areas where you need to assess your risks?

  • Products and services?
  • Customers and entities?
  • Geographic locations?
  • Business opportunities and partnerships?
  • Transaction risk?

In addition to an initial risk assessment used to either: (1) develop your compliance program or (2) help you identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of the compliance efforts rather than an occasional ad hoc effort exercised when convenient or after a crisis has occurred. It is recommended that risk assessments be prepared close to the same time each year or prior to when new products or services are introduced. Annual risk assessments act as a strong preventive measure if they are performed before something goes wrong and help you avoid a “wait and see” approach.

Standards and Controls

Generally, every company has three levels of standards and controls:

  1. Code of conduct – a must have for each company expressing its ethical principles. However, a Code of Conduct is not enough.
  2. Standards and policies –policies in place that build upon the foundation of the code of conduct and articulate code-based policies, which should cover such issues as bribery, corruption and accounting practices.
  3. Procedures – enabling applied procedures to confirm the policies are implemented, followed and enforced.

The purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than words on a piece of paper.

Training and Communication

An important pillar of a strong compliance program is properly training company officers, employees and third parties on relevant laws, regulations, corporate policies and prohibited conduct. There are several key elements to training. First, you need to train the right people. You must prioritize which audience to educate by starting your training program in higher risk areas and focusing on directors, officers and sales employees. Second, for high-risk industries, it is recommended to provide in-person annual training for employees and third parties. Enforcement officials have made it clear that the most effective training is presented in-person, regularly and frequently. Another benefit of in-person training is the immediate feedback from the audience, which would be much less likely to occur during a webinar or other remote training. Lastly, during in-person training, employees are more likely to make casual mention of a potential risky practice, giving the company the opportunity to address the situation before it becomes a larger problem.

It is important to pay attention to what employees say during training.  This is because training can alert you to potential problems based on the types of questions employees ask and their level of receptiveness to certain concepts.

Oversight

Even after all the important ethical messages from management have been communicated to the appropriate audiences and essential standards and controls are in place, the key question is: are your employees following the company’s compliance program?

Monitoring is a commitment to ongoing assessment of compliance programs, detecting issues in real time and then reacting quickly to remediate the findings. Reviewing is a more limited process that targets a specific business component, region or market sector during a particular time period in order to uncover and/or evaluate certain risks.

Finally, what are your remediation efforts? Your company should remediate problems quickly. A key concept behind the oversight element of compliance is that if a company is policing itself on compliance-related issues, the regulators will not have to do it for them. Remediation, then, is an important component of oversight. It is not enough to just gather information and identify compliance problems through monitoring and reviews. To fulfill this essential element of a compliance program, you also have to respond and fix the problems.

By following the “five essential elements” approach, your company can virtually meet any legal requirement you come up against when doing business anywhere in the world.


Previous Post

Data Security and the “Low-Hanging Fruit”

Next Post

Top 10 Technology Challenges for IT Audit Professionals – New Study from ISACA and Protiviti

Kris Welch

December 1 - Kris Welch headshot (265x400)Kris Welch, CRCM, CAMS, is a long time banker and financial services consultant with over 25 years experience in regulatory compliance, risk assessments, financial institution branch management and real estate appraisal. As a former Bank Secrecy Act/Audit Project Leader with Wells Fargo, Kris has established, coordinated and maintained effective financial institution compliance and reporting programs. Please contact Kris at KrisWelch@chartwellcompliance.com.

Related Posts

illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
King & Spalding: GC Decision Tree for Internal Investigations

King & Spalding: GC Decision Tree for Internal Investigations

February 19, 2021
mini businessmen separated by COVID particles

Compliance, Culture and COVID

February 9, 2021
closeup of gear shift with red face

Preparing for the Inevitable Regulatory Policy Shifts in Q1 2021

January 29, 2021
Next Post
Top 10 Technology Challenges for IT Audit Professionals – New Study from ISACA and Protiviti

Top 10 Technology Challenges for IT Audit Professionals – New Study from ISACA and Protiviti

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights