When a compliance incident occurs within a company in today's business world, a company's business may be at risk. A compliance incident may lead to a civil and/or criminal violation, financial loss, or damaged reputation.
In order to minimise these risks, it is recommended for companies to have a robust compliance program in place which prevents and detects any compliance incidents. In the cases where a compliance incident occurs and a company or its senior management or employees face investigations by a prosecutorial authority, a compliance program can be a valuable tool to show that the company has taken appropriate steps to prevent compliance incidents. Thus, a robust compliance program may help to avoid or mitigate potential liabilities.
Companies should consider the following key points when designing and implementing an effective compliance program:
▪ Conduct a thorough risk assessment about the risks the company faces.
▪ Establish appropriate policies and procedures that reflect these risks.
▪ "Tone at the Top" and support for senior management.
▪ Third party due diligence
▪ Communication and training
▪ Monitoring and review
Sometimes the key points "Tone at the Top" and "Communication and training of the employees" do not have such a high priority as the others. Thus, below is a list of Do's and Don'ts in these crucial areas.
1. TONE AT THE TOP
DO: Senior management and 'tone at the top' are of utmost importance for a well working compliance program. The senior management's statement of support of the compliance program should be made accessible to all employees and should be published on the company's website. A member of the senior management team should be responsible to oversee the compliance program and ensure that the company's compliance program is robust.
DON’T: Create and support a culture within the company that ignores compliance.
2. COMMUNICATION AND TRAINING
DO: Set up written policies which are easily understandable for all employees.
DON’T: Create policies consisting of hundreds of pages with legal texts in a very sophisticated language that will not serve any purpose.
DO: Communicate to the staff that every employee is responsible for compliance within the company and that compliance is a joint effort within the organisation.
DON'T: Create the impression that compliance is a minor program which is only taken care of in the compliance department by people who don't matter at all.
DO: Set up tailored training sessions for the senior management, all employees and (if necessary) external parties which address real life scenarios.
DON'T: Set up a training session according to the "one size fits all principle" to save time and money.
DO: The training interval should be repeated regularly.
DON’T: Perform a training interval once every five years.