Maintaining Your Company’s Compliance Program in the Rapid Policy World of Change by Tweet
Traditionally, businesses were able to prepare for changes in laws and regulations in advance by monitoring legislative and regulatory actions in Washington, D.C. and relevant state capitols. Agencies would initiate rulemakings and give notice to interested parties of new or changed rules. Congress would consider legislation and it would be subject to some kind of “regular order” or process. In the “good old days,” businesses had time to plan and anticipate potential changes. All of that has changed now. Government policy is a rapidly moving target and can even occur instantaneously – by tweet or other new communications message.
I recognize that this is a bit of an exaggeration, but my point is to emphasize that organizations have to remain nimble and responsive to a business landscape that can change overnight. Trade tariffs, sanction lists, cyber threats, employment and immigration policies; these are just the most recent examples of laws, regulations and attitudes that can change rapidly.
To remain compliant, companies have to maintain a regulatory compliance program that is tailored to today’s fast paced environment. That means a process that can quickly assess new risks, revise the company’s risk profile and then tailor compliance policies and procedures to meet these changing risks. It is no longer acceptable for corporate compliance programs to be so rigid and formal that updates take months or years to be implemented.
Given the speed at which regulatory bodies are now releasing information on enforcement decisions, and settlement actions and so on, the tedious plea that “the Board is working on it” is no longer acceptable.
A good compliance program must allow the compliance team to address changes to government policies and initiatives quickly and provide staff with enough information and guidance so they can make informed decisions.
The Credit Suisse FCPA settlement is a prime example of an enforcement initiative by the government – while many of us are aware that hiring relatives of our customers and clients can be a minefield, until BNY Mellon, JP Morgan, Qualcomm and Credit Suisse were penalized, many companies had not thought about formalizing a policy on this issue. It was left to management discretion, or rather, the abuse of discretion.
Many of our firm’s clients have already taken advice on the implications of hiring employees from this type of employee pool and are rolling out policies as we speak. The most important piece of advice to heed in this day and age of “policy by tweet” is do not delay. So, too, in the hotly debated areas of trade regulations, tariffs and sanctions. In these areas where the government has mandated a position, it pays to consult counsel and act swiftly.
Given the speed at which government policies are changing in today’s business environment, having an effective, flexible and responsive compliance policy is more vital than ever. The consequences of delaying an important update to your policy because of overly-rigid processes can be high and can detrimentally affect the bottom line.