When a compliance crisis strikes your industry, it shines a spotlight on how your own company is managing its compliance risk. Newspaper reports on high-profile cases of bribery, corruption, conflicts of interest or misconduct can prompt calls from your Audit Committee Chair and other key stakeholders who will be asking anxious questions. Even if it is a competitor facing these challenges, it falls on the Chief Compliance Officer to quell concerns in the organization. Among the likely queries:
- “Could the legal and public nightmares felt by this other company happen to us?”
- “Are we legally exposed by similar unethical practices within our own company?”
- “How can we be sure we’re not?”
The CCO must have programs in place and be prepared to provide easy visibility into the most critical risk areas. This means delivering essential data and communicating a detailed picture of the risk landscape to concerned stakeholders without resulting in misunderstanding or information overload. It means giving Board members accurate reports, and fostering an understanding about risk and compliance within the Board is critical. It means giving Board members the knowledge and guidance they require to provide the necessary support and resources.
When taking that fretful phone call, the CCO’s governance, risk and compliance platform should provide a global overview of risk areas. Your risk assessment will already rank risk areas. For example, if the nature of the news-making crisis is corruption in China or bribery in Brazil, your risk assessment can help you understand if your business faces a similar crisis.
If a risk you have targeted is similar to the crisis at hand, highlight the measures you’ve already taken to keep your organization in legal compliance. These measures might include communication initiatives and training programs to ensure employees are aware of organization policies and procedures. For example, if a conflict of interest scandal is making headlines, you’ll want to demonstrate how you are requiring strictly scrutinized relationship disclosures to guard against conflicts of interest at your offices and departments nearest to the crisis. You will also want to report on how you’re promoting and managing your whistleblower hotlines, along with any responses, actionable information and outcomes.
Lastly, you should delineate your next steps to cover the immediate priorities in your recognized risk areas. Say your risk assessment has discovered pertinent employees with gaps in their completion of policy and ethics training programs. Or say a recent call to your hotline included an allegation of misconduct. Display how you are proactively addressing these situations by setting up notifications to encourage employees to catch up on missing training and by scheduling progress updates with the managers investigating those anonymous reports.
The CCO is well aware that it is crucial to the company and his career that the compliance program be measurably effective. When it comes time to present your annual report to your Audit Committee, use the information you’ve collected to show metrics-based improvement in how you’ve shored-up the organization by increasing policy and legal compliance in critical risk areas. Metrics commonly reported to the Board include compliance audits, training data, risk assessment results and hotline calls. Using this information, you’ll be able to defend and garner support for your compliance efforts with the Board, senior leadership and employees. Importantly, your reporting will meet government expectations of your organization’s legal compliance. Having a strong strategy in place will prove effective in reducing risk, protecting your organization’s good name and making sure the only headlines about you are positive ones.