Do You Know and Understand Your Compliance Policies?
My question appears to be fairly obvious, right? This is not a question or a quiz of every chief compliance officer. Rather, this is a question for everyone but the CCO and compliance and legal staff.
Think about it. Does your board, your CEO, your senior executives know and understand your compliance policies? If asked by someone, can they provide meaningful guidance or even get close to the right answer.
The implications of this question are far-reaching: managers and employees have to know and understand compliance policies. They do not have time nor interest in reading compliance policies and procedures. They want guidance and to know what they can and cannot do, or what requires approval.
I would wager a healthy sum that most managers and employees are not able to articulate specific policies and procedures. For example, if an employee asks his or her supervisor if the employee needs to get approval for a nominal charitable contribution or a gift for a foreign official. Unless the manager has to provide that approval, I would bet that the supervisor couldn’t provide the employee with an answer.
One way for a company to promote compliance is to make sure business staff owns compliance, and that requires the business staff to know and understand the company’s policies and procedures. It is a task that sounds mundane but is an important symbolic issue – a business that embraces compliance, knows what compliance requires beyond just “doing the right thing.”
Contrary to what most professionals may believe, the job of instilling compliance knowledge is not solely the job of the CCO. It is everyone’s job – that sounds trite and simplistic but if your business staff understands the critical role they play in compliance, hopefully they will own the compliance program by knowing and understanding what the program requires.
Once they reach that point in their knowledge and commitment, business staff can become the vital cog in a compliance program – communicating and acting consistent with ethical and compliance program requirements in their day-to-day activities. They set an example for their staff and they communicate in words and in conduct what ethics and compliance really means.
It is a work of art and beauty when a tone-at-the-top is carried through an organization to mid-level managers and then employees. When a systems works in the messaging and standards for conduct, a company is in a position to make real and significant gains in compliance, sustainability and ultimately, profitability.
The Justice Department and the SEC require companies to maintain an advisory function so that compliance guidance can be provided when necessary. Every CCO knows there are important learning moments for managers and employees, and a robust guidance system should be maintained and promoted. Questions should be encouraged because they provide important insights into staff knowledge and awareness.
Compliance staff cannot let employee questions sit for very long. A prompt and robust response is critical and is an important discipline to a compliance program. When staff fail to get answers to their questions, they wonder whether compliance is really that important.
A compliance program should offer multiple avenues for compliance questions – 1-800 numbers, internet emails, and other avenues promoting contact persons and points for employees to raise their questions. Training should encourage these same points and provide contact points for staff.