The DOJ and SEC haven’t used the word “scalable” to describe an effective compliance program. But they’ve described scalability when talking about what’s needed.
For example, part of the job of the DOJ’s new compliance counsel is to help “assess a company’s program, as well as test the validity of its claims about its program, such as whether the compliance program truly is thoughtfully designed and sufficiently resourced to address the company’s compliance risks.”
And in the FCPA Resource Guide, the DOJ and SEC said: “When it comes to compliance, there is no one-size-fits-all program . . . Compliance programs that employ a ‘check-the-box’ approach may be inefficient and, more importantly, ineffective.”
Translation: Anti-corruption compliance program need to find and respond not only to known risks, but also unforeseen and emerging risks. That means a program needs built-in flexibility to meet the challenges of new markets and unexpected exposure, including varying regulatory requirements from one jurisdiction to the next.
In other words, compliance can’t be bottled up and static. That’s a check-the-box approach. Instead it has to be . . . . scalable.
How do you build in the needed scalability without driving compliance costs through the roof?
The best way is to apply project management techniques, and to shift from manual to automated tools.
What does a project management approach do? It can provide a clear framework for planning and implementing new initiatives, and help standardize controls and data analytics procedures.
It can also increases the level of monitoring effectiveness for compliance initiatives, especially those in high-risk areas. At the same time, project management makes it easier to communicate and coordinate with global compliance stakeholders using automated portals and dashboards.
Some example are:
- Policy Portal: Develop and publish policies, procedures, and processes.
- Global Compliance Dashboard: Track and review global compliance initiatives and data analytics risk results.
- Due Diligence Portal: Evaluate, track, and store third party and employee due diligence.
- Monitoring Portal: Report and communicate monitoring analytics and provide internal audit status and results.
- Investigations Portal: Report on investigations and rapidly deployed data analytics for red flag issues, and document corrective-actions, remediation planning, and implementation plans.
- Training Portal: Track historical training sessions and related information, and provide employees with calendar and registration access for upcoming training events.
Another benefit of an automated compliance project management approach is that it facilitates coordination among the compliance, legal, and internal audit functions. This can enable these groups to address compliance initiatives more efficiently while broadening the reach of global compliance communications.
Manual controls might still play an important role in handling issues that require a more hands-on approach. Those could include language and training requirements, for example.
The DOJ has been clear. It will evaluate compliance programs in part based on their ability to address evolving risks. Scalable programs can do that. And automation makes scalability affordable.
Brooke Hopkins, pictured above, is a director in AlixPartners’ Dallas office. She focuses on helping companies with the design and development of compliance programs, remediation plans, and related data analytics and online dashboards. She has either led or performed FCPA investigations and internal controls reviews in numerous foreign countries.