Does your organization have an effective compliance program? The questions below come from the government’s official description of what’s needed.
Congratulations if you can answer yes to everything. (Don’t get cocky. Compliance isn’t about math but human behavior. Just when you think everything is going well . . . .)
Ready to test yourself? Pencils up, and begin:
1. Does the leadership promote a culture that encourages ethical conduct and a commitment to compliance with the law?
2. Is the purpose of your compliance program to prevent and detect criminal conduct? Any other goal is secondary. (Hint: A program that doesn’t work every time can still be effective.)
3. Are there clear and concise written standards and procedures?
4. Are those standards and procedures communicated through training programs appropriate to the listeners’ respective roles and responsibilities?
5. Does the organization use due diligence to prevent and detect criminal conduct? Does it know its own employees, partners, agents, and suppliers?
6. Has overall and day-to-day operational responsibility for the program been assigned to high-level individuals? Do they know and understand the content and operation of the compliance and ethics program?
7. Have they been given adequate resources, appropriate authority, and direct access to the top decision-making body? Do they report about compliance up the chain of command periodically?
8. Would anyone involved in the administration of the compliance program whose conduct is inconsistent with its aims and goals be removed?
9. Is the program monitored and audited by a third party to make sure it works to prevent and detect criminal conduct?
10. Is there a system in place to handle anonymous whislteblower complaints from employees and other stakeholders, without fear of retaliation?
11. Is the program promoted and enforced consistently throughout the organization, with rewards for compliance and punishment for non-compliance?
12. Does the organization respond to criminal conduct with corrective action and appropriate modifications to the compliance program?
View Chapter 8, Part B of the U.S. Federal Sentencing Guidelines here.
A good list – to which risk assessment should probably be added, as it is called out both by the Sentencing Guidelines and new OECD Good Practice Guidance.
Sometimes it is assumed to be not necessary vis a vis a defined risk area (such as FCPA), but in fact risk assessment is very important to assure that:
*) resources are well deployed (key for global companies in this area – because otherwise FCPA compliance can be infinitely costly); and
*) nothing is missed (e.g, that FCPA risks in corporate, as well as sales, are addressed).
Comments are closed for this article!