The Do’s and Don’ts of Corporate Compliance
April 7, 2021
At a glance:
- COMPLIANCE VS COMPLACENCE: Many corporate compliance programs fail to pass muster, but the DOJ guidelines for evaluating compliance program effectiveness can provide a roadmap to improvement.
- AVOID THE TRAPS: Limiting corporate compliance to the bare minimum of simply “checking the boxes” for legal accountability leaves you exposed to major compliance risks and legal nightmares.
- NEXT STEPS: An inadequate corporate compliance program is a disaster waiting to happen. Aprio can help you prevent a crisis by assessing your current compliance controls and identifying areas for improvement.
The full story:
Corporate compliance programs are an instrumental tool to prevent the fallout from infringement of applicable laws and regulations. Failing to comply with regulations, from local to international, can result in steep penalties and land your business in hot water with the government, so building out the best possible compliance program is critical.
One way to ensure your company’s compliance program is as effective as possible is to look at it through the eyes of a prosecutor – this will help you anticipate some of the needs of a compliance program before you’re forced to defend it in a regulatory proceeding.
Separating the good compliance programs from the bad
Prosecutors rely on guidance from the Department of Justice (DOJ) to assess corporate compliance programs. The DOJ created a reference document laying out three core fundamental questions to ask during an evaluation:
- Is the corporation’s compliance program well-designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program work in practice?
That first question may seem a little subjective, so let’s dive deeper into what that means.
According to the DOJ’s guidance, a “well-designed” compliance program should:
- Include a risk assessment incorporating risk management processes, risk-tailored resource allocation, and regular updates and revisions;
- Adhere to defined policies and procedures that consider the design, comprehensiveness, and accessibility of the compliance program;
- Incorporate training and communications that reinforce the policies and procedures; and,
- Provide an effective reporting structure and investigation process that ensures all investigations are confidential, properly scoped, effective, and tracked.
Avoid the traps of a bad compliance program
Does your company’s compliance program satisfy the above criteria? The ability to answer that question confidently has become a rarity among corporations. One study shows that only 70% of firms even attempt to measure the effectiveness of their compliance programs, and only a third of those firms are confident they are using effective metrics.
These days, it’s not uncommon for companies to write off compliance programs as a procedural nuisance – don’t make this mistake. Failing to assign the appropriate significance to compliance could be detrimental, but it’s not the only mistake that could undermine the effectiveness of your company’s compliance program. As you review your compliance program, be on the lookout for these common traps:
- Supporting your compliance program by collecting incomplete, invalid, or ineffectual metrics. For example, most companies evaluate the quality and effectiveness of their training by how many employees attend the training. But is the quality or the effectiveness of the training content being evaluated? The key to a successful compliance program is better metrics.
- Limiting your compliance program to the legal minimums for accountability. For example, employees may have blindly signed policy and procedure documents, but have they read and understood them? There could be an unspoken company culture with the implicit understanding that policies don’t have to be strictly enforced, which could lead to legal compliance issues down the road.
- Relying on self-reporting without considering self-selection bias. Any potential bias in the data collected needs to be accounted for when interpreting the data. For example, conducting an employee-wide survey asking if employees have observed any dishonest behavior may lead reluctant or dishonest employees to not participate in the survey at all, which would skew survey results.
Falling into just one of these common pitfalls could leave your company at risk of compliance failure and legal nightmares.
The bottom line:
Failing to design the right corporate compliance program with the appropriate measurement tools is a disaster waiting to happen. Don’t leave yourself exposed. Whether you need to reevaluate your current program or build a new one from scratch, Aprio’s Litigation Support & Forensic Accounting team can help you identify critical shortcomings and introduce necessary measures to maximize your compliance and prevent a crisis.
About the Author
Haley Beatty is a forensic accounting, financial crime reporting expert. Her specialties include Anti-Money Laundering (AML), Know Your Client (KYC) investigation and regulatory compliance. She has advised some of the largest financial institutions in the world and led teams of 500 investigators. Haley works closely with clients to establish and advance AML compliance, monitoring and reporting programs that exceed regulatory requirements. She has experience advising a broad spectrum of financial industry clients from FinTech companies to MSBs and transaction processors.