The Compliance Profession Needs to Adopt Professional Standards
Those who regularly read my blog have heard me often cite the need for the compliance profession to adopt professional standards. With the rise of the profession, and the expectations placed on the shoulders of compliance officers, the compliance profession has to develop and promote its own set of ethical standards.
We have the benefit of many extraordinary and talented leaders in the compliance profession. They have worked tirelessly to advance the stature and role of compliance officers in the corporate governance framework. Adding to this incredible leadership, we have several significant professional organizations and leaders of those organizations who have dedicated significant time and effort to promote the compliance profession.
This is my clarion call – the compliance profession needs its own code of conduct, or set of ethical principles. As an initial step, I will provide some suggested topics and ideas.
Compliance professionals are distinct from other professionals such as accountants, lawyers, auditors and human resource personnel. That is a given. However, the precise role and responsibilities of a compliance officer can vary from organization to organization. This makes crafting ethical standards a little more challenging.
Let’s start with a general explanation of a compliance professional’s responsibilities, which include:
- Preservation and promotion of a culture of ethics and compliance, as reflected in the company’s code of ethics and business conduct;
- Design and implementation of compliance policies and procedures as part of a company’s internal controls;
- Internal communications to reinforce and promote the company’s ethical culture and compliance program;
- Development of an internal system of organizational justice designed to encourage reporting of employee concerns, to ensure timely investigation and resolution of such concerns, and to assure consistent discipline of directors, executives and employees who engage in misconduct;
- Implementation of internal policies and procedures to continuously audit, monitor, and update a company’s compliance program to address risks, compliance program controls, and modifications needed to maintain the effectiveness of a compliance program;
- Regular and comprehensive reporting to the board of directors and senior management on the performance of the compliance program to ensure that the program is operating effectively;
- Coordination and cooperation with important compliance-related functions such as human resources, finance, internal audit, legal, security, information technology, sales and business functions, procurement, and other necessary functions; and
- Commitment to professionalism and career development programs in the company to ensure that compliance professionals have sufficient stature and promotion opportunities in the company.
This is a basic list of compliance officer responsibilities, and I am sure more can be added or fleshed out.
To address these basic functions, and to develop more specific standards for compliance professionals, we need to drill down into specific expectations of compliance officer conduct.
In carrying out his/her duties, we need to consider how and where a compliance officer acts and the expectations we have for such conduct. In this regard, a compliance officer should consistently:
- Perform his/her duties in conformance with the company’s code of conduct and to promote the company’s ethical principles and culture;
- Perform his/her duties without the appearance or creation of any conflict of interest;
- Design and implement, with the cooperation and coordination of compliance-related functions, internal compliance policies and procedures to prevent and detect violations of the company’s code of conduct and law;
- Honestly and regularly report to the company’s supervising board of directors, and senior executives or internal compliance management committee on the:
- Effectiveness of the company’s compliance program;
- Participation and support of compliance-related functions in the overall compliance program; and
- Short-term and long-term needs of the company’s compliance program; Honestly report to the company’s board of directors and senior management team on the:
- Provide candid advice and recommendations to company directors, executives, managers and employees concerning issues related to the company’s compliance with its code of conduct, and promotion of the company’s culture of ethics;
- Create an effective internal reporting and system to investigate allegations of misconduct, and report on such investigations, as appropriate, to the company’s directors, executives and managers;
- Implement internal review of substantiated allegations of misconduct with key stakeholders to ensure consistent treatment of directors, executives and managers who have engaged in misconduct; and
- Develop reporting , monitoring and auditing systems to continuously monitor, assess and improve the company’s compliance program;
- Encourage all directors, executives, managers, and employees to report potential misconduct using corporate reporting systems;
- Implement appropriate policies and procedures to protect whistleblowers from retaliation in any form, and ensure that any person who attempts to or retaliates against a whistleblower is appropriately punished; and
- Escalate and report potential, ongoing or past misconduct to the board, senior management, as needed, to protect the company from any violation of the its code of conduct or law.