Minimum requirements for ethics and compliance programs

As a consequence, we opted to provide both a hotline and a helpline , with the intention of removing, or at least mitigating, initial concerns employees might have about calling the hotline. We also went one step further, deciding to brand the helpline. In practice, those calls and emails went, just as they would have done before, to the compliance team. But, employees were now more prepared and used to raising compliance-related issues.

VeRoniCA provided a channel to raise issues semi-formally whilst also facilitating escalation directly to the hotline if deemed appropriate. In this way, the major step often associated with calling the hotline itself was mitigated. Moreover, VeRoniCA facilitated direct, indirect and subliminal messaging, including direct messaging via e-mail, and indirect messaging via posters.

Life-sized cardboard cut-outs of VeRoniCA were also used in building receptions and other areas to reinforce the compliance and ethics message very effectively. Data collected by the Sentencing Commission shows that organizations are sentenced for a wide range of crimes. The most commonly occurring in order of decreasing frequency are:. For example, modern slavery, or human trafficking, very rarely occurs without bribery and corruption.

This counter-intuitive result has been found to apply to a wide variety of data sets, including invoices and utility bills. One good example is that if someone attempts to falsify an accounting return then, inevitably, they will have to invent some data. When trying to do this, the tendency is for people to use too many numbers starting with digits in the mid-range such as 5, 6 or 7 — and not enough numbers starting with 1.

If suppliers are attempting to circumvent such rules — usually involving collusion, tacit or otherwise — then what else is going on? However, the guidelines are far from unique, and facets of each can be found in programs throughout the world. In this series, my goal is to offer actionable suggestions and insights that readers can use in their own compliance programs.

Implementing measures such as these can help compliance officers prove the efficacy of their initiatives, particularly in regards to the FSGO. This is clearly the right thing to do. However, most policies are just that; they sit on the shelf and often have little impact on what happens in day-to-day reality.

Whatever form the retaliation takes, it certainly impacts the individual and means that other people will inevitably think twice before whistleblowing. In fact, fears of retaliation is the principle reason why people say they would not make a whistleblower hotline report.

With this concern guiding me, I decided to look at the whistleblower data to determine who the whistleblowers were in cases where we had that information and then link those individuals to data that could be indicators of retaliation.

In essence, my manual analysis made it quite clear that retaliation is alive and well. Additionally, it demonstrated that the problem was being monitored in some capacity. Nudge is a concept in behavioral science which focuses on the power of positive reinforcement and indirect suggestions as ways to influence the behavior and decision making of groups or individuals.

Clearly, delivering effective communications is a key component of any compliance program. Still, it remains one of the biggest and most persistent challenges for virtually every compliance officer.

Implementing an effective communications regime hinges on a host of interconnected issues, including:. However, in my former role as CECO at British Telecom, I became concerned that our communications program was simply not effective, based on both anecdotal and factual evidence that many of our communications were being ignored, skim-read at p. These communications were prepared generically for an organization-wide audience, with little focus on personalization for department or job function.

For us, as the compliance and ethics team, this approach meant that we could write something, involve legal, HR, and any other stakeholders to get it cleared, and then simply send it out… job done!

Similar to many other organizations, we experienced a formidable logistical challenge in training those employees who were on the road or in warehouses, as they did not have straightforward access to a work-based PC. Taking groups of these employees or contractors off production, distribution, or customer service would have very direct and immediate effects on organization performance.

As a consequence, we implemented a process nudge by creating telephone training, where employees undertook their basic training over the phone and could do so from virtually anywhere. This was one of our most successful programs.

Further, by allowing the training to be undertaken at home, we fostered an environment of even greater trust. Much of our nudging involved experimentation — we discovered that minor terminology changes can make a huge difference, and sometimes brought surprising benefits.

Crucially, however, those communications benefits came at zero cost , and often hinged on just simple re-phrasing. Why not use nudge to budge your compliance and ethics program? By asking ourselves this question on regular basis, innovation in the delivery and implementation of organizational compliance programs is fast tracked and made more effective. These are just some examples of different approaches to achieving and maintaining world-class compliance and ethics… how far would you go?

A strong, properly functioning program will help prevent your company from drawing media attention for all the wrong reasons. The scope of a compliance program often depends on how large your business is. The larger your business becomes, the more the program will need to cover. It will also become more formal and will be able to implement more resources since it can now afford more. To understand the scope of your compliance program, you need to periodically gauge whether it is meeting your compliance needs.

You can do this by holding discussions with the Board of Governors, management, and employees to get a better understanding of what they think. You should also ensure you know what your business objectives are so that you can continuously improve your compliance program in order to meet those goals. As you perform periodic reviews of your compliance program and update it, be sure to conduct regular risk assessments and try to identify any new possible threats to your operations.

However, not all compliance programs are made equal. So, what are the elements of an effective compliance program? Employees, and all stakeholders for that matter, need to be living and breathing the organization's Code of Conduct.

Expected behaviour, as outlined in the Code, needs to be understood by everyone. So go ahead, have lunch and learn sessions, team meetings, performance reviews, and otherwise. Educate, communicate, then communicate again. Meet your compliance officer. This position must be held by a strong and honest leader, perhaps even a group of leaders depending on the size of your organization. Regardless, exercising appropriate due diligence during the vetting process must be completed before handing over those reigns because they are higher in authority and, according to the ACFEs Report to the Nations, the higher the position in seniority, the more median fraud is committed.

As the person in charge of investigating suspicious behaviour, appointing such a person the compliance officer would be a serious conflict of interest. Education and training organization-wide is vital to the success of your program.

Many organizations have policies in place but have not communicated them fully to achieve optimum success. Not only should the Code of Conduct and Ethics be shared and acknowledged in writing when an employee is onboarded, but there should be a regular review of the code. That way, when you find people doing things they're not supposed to fraud because it "wasn't clear" and the organization suddenly finds itself in hot water, the compliance officer has done their job.

All stakeholders need to understand the Code and prove they understand it via verification. Collecting signatures is integral to this process. Any internal system needs to be checked out to see if it's working. Auditing and monitoring of the ethics and compliance program should be top of mind of the compliance officer. Organizations should have a formal whistleblower system in place as part of their ethics and compliance program.

It's essential to ensure that every employee and stakeholder has a place to safely, anonymously report or voice any allegations of wrongdoing without fear of retaliation.

Implementing a third-party system is the best solution to enable anonymous reporting and ensures employees feel safe enough to voice their concerns without any threat of bias. Anonymous hotlines are one such popular way to implement whistleblowing systems. Compliance and ethics program means, with respect to a facility, a program of the operating organization that -. High-level personnel means individual s who have substantial control over the operating organization or who have a substantial role in the making of policy within the operating organization.

Operating organization means the individual s or entity that operates a facility. Beginning November 28, , the operating organization for each facility must have in operation a compliance and ethics program as defined in paragraph a of this section that meets the requirements of this section.