Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
A strong Ethics and Corporate Compliance Program has become a need for every regulated organisation. In addition to ensuring compliance to various regulations, such a program helps organisations to proactively identity risks, improve ethical behaviour within the organisation and become audit ready.
Fraud is never far from the headlines. In 2015, one of the biggest incidents of corporate fraud that dominated the news was that of German automobile giant, Volkswagen, which came under fire for inserting a "defeat device" in its diesel engines to cheat on emission tests. Today, the company is contending with potential regulatory fines and compensation cases from customers, as well as major reputational repercussions that have severely affected its market share. Meanwhile, in another instance of fraud, electronics conglomerate, Toshiba, was found to have overstated its earnings by nearly $2 billion over seven years, more than four times its initial estimate . With scandals such as these in the limelight, attention to ethics in the workplace has gained momentum.
Ethics and compliance is one of today’s highest risk concerns for businesses. This is especially true of organizations in a global marketplace where such risks become harder to identify and mitigate considering that there are often multiple subsidiaries, business units, and third parties involved. As the global market place has evolved, so has the role of a Chief Compliance Officer (CCO) and the corporate compliance teams. These individuals have their task cut out for them, as they strive to balance the ever-increasing compliance demands of regulators and internal stakeholders.
The primary responsibility of a corporate compliance team is to develop compliance strategies and programs, while also implementing processes and tools to identify, oversee, and mitigate compliance issues at an enterprise level. Additionally, with increasing regulatory compliance requirements, the corporate compliance team is required to collaborate with individual departments and regulatory teams to oversee compliance at the departmental level.
Every organization needs to have a compliance strategy in place to determine potential risks, identify ways to mitigate them in time, and outline a future course of action. These strategies need to extend to the department level where compliance violations and issues can often pose a threat to the organizational reputation. Programs, processes, and technologies need to be in place to identify, prioritize, investigate, and address compliance violations and risks before they morph into black swan events. Strong policies and processes are also important in mitigating these risks. In fact, having a robust corporate compliance program helps organizations maintain compliance with external regulations, as well as internal policies and processes. Training employees on policies also goes a long way towards ensuring an ethical environment.
Building a successful compliance and ethics program can often be challenging. How do you get from where you are to where you want to be? How can you be ready to deal with risks that you haven’t faced yet? Here are five best practices:
An organization’s readiness to handle a compliance issue is critical as it impacts brand value and profitability. To that end, successful businesses need to be proactive in terms of establishing controls and processes, defining accountability, and centrally managing compliance requirements so that they are easily accessible to all concerned departments. Being proactive also requires the corporate compliance team to collaborate with other departments and regulatory compliance groups to manage their compliance processes, controls, templates, and timelines. This approach gives the corporate compliance team comprehensive visibility into organizational compliance, so that they can perform regular or ad-hoc assessments to minimize violations.
Ethics begins at home. The foundation of an effective ethics and corporate compliance program is a strong and well-communicated code of ethics which can be best represented in terms of policies and procedures. These policies and procedures define the culture and expected behavior of everyone working in or with the organization. When there are multiple subsidiaries spread out across different geographies, policy creation needs to take into consideration various factors such as subsidiary location and industry. The key to policy creation is to ensure that policies are applicable globally as well as locally. This helps ensure that there are no gaps or loopholes in compliance. Automated tools can add further value by simplifying the process of policy management
Organizations cannot fully comply with regulations if its employees do not follow organizational policies and procedures. Investing in employee training is always a smart move. Employees need to understand the organization’s culture and its ethical boundaries. Technology can play an important role here in the form of learning or training management systems that make it easy to conduct and track multiple training programs.
Many organizations have found it useful to have hotline numbers for employees to anonymously report issues of bribery, fraud, ethical violations, discrimination, and other incidents of misconduct at the workplace. Integrating hotlines with the company’s corporate compliance program can be effective as it helps in tracking each issue from creation to closure.
A risk-based approach to compliance and ethics management involves identifying the high risk areas within the organization, and then prioritizing, managing, and monitoring those risks. Compliance risks can be measured and scored from different perspectives such as per business unit, process, and geography. Based on the risk rating, organizations can effectively plan control testing. Issues can be also prioritized based on rating, impact, likelihood, or type.
No organization can comply with rules and regulations overnight. Compliance is a continuous process that requires businesses to keep setting new goals, leverage technology to achieve these goals, assess the results, and again work towards improving the results by setting new objectives. This continuous process will help corporate compliance become an integral part of the business.