Writing Effective and Clear Compliance Policies
In the press of compliance priorities, chief compliance officers have to prioritize what is important and what is not. In some respects, the task of a CCO is a continuous loop of prioritizing tasks. CCOs know that the job is never done – once a set of tasks is done, there is always a new list of tasks that need to be prioritized.
One of the more important tasks for a CCO and a company is to adopt clear and concise compliance policies. There are a number of important considerations when drafting compliance policies that require a balancing of important factors.
First, it is important to decide on the company’s policy structure. Some companies have a tiered approach to adopting policies, procedures and even rules. While this can get overly complex, it allows the company to target and segregate documents for specific purposes. Smaller companies tend not to have tiered policies, procedures and rules because of the unnecessary complication.
If the company plans to place the policy on its public Internet site, then the policy should be drafted carefully to avoid unnecessary details and practices. In some cases, the specific details can be used against the company management as a standard of conduct and cited for corporate mismanagement in the event of a compliance failure.
Most companies are adding broad anti-corruption compliance policies to its public website as a statement of commitment to compliance in an aggressive enforcement era. So long as the company’s statement does not describe details of the overall compliance program (e.g. due diligence process for third parties or onboarding of vendors and suppliers), a general pronouncement should be effective.
Second, in drafting the anti-corruption statement, the CCO has to make sure the policy is drafted clearly so that the overall message is concise and simple. Rather than explaining specific policies against bribery of public officials and commercial bribery, a strong statement against bribery anywhere is an easy way to communicate the company’s message against any type of bribery.
As always, the policy statement has to avoid legalese – lengthy legal explanations of what is prohibited can quickly dilute the impact of a company’s policy. Basic legal explanations need to be included in the policy to break down exactly what is prohibited and where the lines are drawn.
General statements that are short and sweet are easy to repeat and remember. Training programs should be tailored to repeat and reinforce these messages. A clear and simple message is more likely to be remembered an should be keyed to important disciplinary incentives and prohibitions.
It is important to remind policy recipients of the need to report misconduct that has been observed. Companies that maintain a culture of compliance have much higher reporting rates than companies that have a weak culture of compliance. A reminder of this important expectation should be included in every significant compliance policy adopted by the company.
The company’s board should review and adopt major compliance policies (e.g. anti-corruption, antitrust, trade compliance) and should “roll out” the announcement and implementation of the policy with a message from the board and the CEO. The policy should be widely disseminated in the company, maintained on an intranet compliance site (that has working links and updated information) so that it is accessible to everyone.
Finally, the policy has to be available in all languages relevant to the company, where employees, customers, third party intermediaries and suppliers are located.