Last night was David Letterman’s farewell to late-night TV. For over 30 years, he has entertained us with his interviews and antics, showing that the mundane can be funny and made unfamiliar. The guy was a class act, and he will be missed.
As a tribute to Dave, we’ve created a Top 10 list focused on the basic structure of a compliance program—tone at the top, policies, risk assessments, training, communication, monitoring and response. Do your best to imagine Rupert Jee of Hello Deli reading aloud: “Top 10 Signs Your Compliance Program Is In Trouble”
10. The company is using a straw poll to monitor the compliance program.
Monitoring a compliance program is a key ingredient to its success. Unless they know the compliance initiatives are working, compliance professionals cannot gauge whether the program is effective and make potential adjustments. Options for monitoring range from using technology tools to evaluate controls or compliance resources to test how well the program is working.
9. The CCO’s license plate reads “LAWRUP.”
When a compliance professional identifies a compliance failure, the program must respond accordingly. If the failure implicates criminal consequences or a large fine, outside counsel may be appropriate. The compliance team, who has a greater understanding of the business and comes without the increased cost, may handle less-complex issues. There is no one-size-fits-all solution.
8. Company policies are an oral tradition that are categorized only as “Before and after the war.”
If you don’t tell employees what a good job looks like, you cannot expect them to perform. The best policies are clear, concise and contain usable teaching aids. Try using universal imagery. Think of icons that speak to your organization and the risks faced. Give employees the tools they need to succeed and make following the policies simple.
7. The CEO’s favorite episode of “Mad Men” is the one in which Joan secures the Jaguar account to become a partner.
Leadership is the best advocate for compliance. When the CEO speaks, people listen. Smart compliance professionals use business leaders to advocate for their program. Teach the CEO what to focus on—create messages and tools to incorporate compliance into presentations and meetings. When the CEO and CCO work together, they can impact the culture of compliance.
6. The company’s online training consists primarily of YouTube excerpts from “The Wire,” with the CCO talking about how all employees need to “re-up.”
At conferences, we hear that live training is always superior to online training. But what about the employee who has been with the company for 20 years and listened to the training program numerous times? Isn’t it better to provide that employee with the changes to the compliance requirements through online training or some other module that does not detract from his day-to-day job? Does that employee need the same training as someone that is new to the company? As with the compliance program itself, training is not a one-size-fits-all proposition.
5. The CCO insists that any bad news be delivered only via texts to his personal cellphone.
It is easy to overlook communication. We all think we communicate well. Emails and texts may be useful, but implementing formal communication in a compliance program takes some work. Effective communication depends on defining the right channels and a thoughtful escalation process.
4. The business folks sing the tune “Bad Boys” from “Cops” every time anyone from compliance walks into a meeting.
The first job in compliance is to understand the business. Compliance does not work without buy-in from the business. What makes the business operate? What are the pressures from different operations and markets? What keeps the COO up at night? Effective programs have strong coordination between compliance and operations, where the operations team sees compliance as a business enabler—not just a cost center.
3. The CCO frequently invokes scenes from the movie “Jumanji” when discussing the company’s risk assessment results.
A proper risk assessment looks forward and evaluates risks that may impact the compliance program according to subject matter. What could go wrong? When could it happen? What are the potential consequences? How do you rate these things? What factors should you use? A risk assessment is not an internal investigation that provides you with historical information about your program. It’s an exercise in predicting and forecasting.
2. Employees in international markets cannot pick the CCO out of a line-up.
CCO visits to an organization’s international markets have a profound impact. These visits increase compliance visibility and leadership awareness of market activities. Different regions have different issues, and to adequately understand and develop a compliance program that mitigates international risk, the CCO has to mingle with employees and collect information on how the program is working.
1. The U.S. Attorney General refers to your company as “a cartel.”
Public perception of a compliance program is important—and that goes double for your regulators. Speaking at compliance conferences and other events not only provides an opportunity to pick up on the best practices of other organizations, but it also allows a CCO to publicly promote the program. Sometimes perception becomes reality in the mind of regulators.
Ryan McConnell and Meagan Baker are lawyers at McConnell Sovany—a compliance and litigation boutique. McConnell is a former assistant United States attorney who, in addition to writing this column, has taught compliance and criminal procedure at the University of Houston Law Center. Baker’s practice focuses on international compliance issues ranging from risk assessments to developing compliance programs. Send your favorite stupid pet trick to firstname.lastname@example.org.