Could you ever imagine coming to work one day and realizing that you have “finished” your ethics and compliance program? There is nothing left to do. You can go home. Ohhhh, if only it was so.
We all know the truth – a compliance program is never finished, never completed and there is always something to do. This gets us back to defining exactly what a compliance program is designed to accomplish and how a chief compliance officer can set goals and milestones.
We all know the familiar loop of continuous improvements. The compliance loop continues ad infinitum – it is never finished because a company does not operate in a static world nor does the company remain static internally. To the contrary, we can all agree on the certainty of one thing – change, not death and taxes.
The mantra of change is evident in one simple process – a continuous and evolving risk profile. Companies face new risks all the time, depending on changes in laws and regulations, leadership and most importantly, the company’s operations and response to the market.
Demand and supply is never static and the economy is always changing. A company responds to those changes and seeks to sustain growth, while planning for even more opportunities and challenges in the future.
As a company’s risk profile changes, the company’s ethics and compliance program has to be molded to the new risk profile. In the absence of a significant change in the business, the ethics and compliance program will not demonstrably change. But let’s be realistic – every CCO is playing catch up, and prioritizing assignments and projects based on risk ranking. As a result, there is no CCO who can ever say by the end of the year, I have accomplished everything I wanted to do, now I just need to determine my new risk profile.
The evolution and growth of a compliance program is a cacophony of separate and distinguishable streams of information, analysis and response. A CCO’s challenge is to focus on the right stream based on risk, maximize the company’s response to mitigate that risk, and then input new information based on updated risks, investigations, employee concerns, business needs and overall business strategy. A new set of streams of workflow will develop and the process begins all over again.
I know this may sound like a CCO is fly-fishing in the Montana wilds, but trust me the analogy works. Risk ranking, design, response, analysis and update are all the functions that occur on a continuous basis. An effective compliance program is one that maximizes the design, efficacy and application of compliance controls to a given amount of business activity.
Life is a continuous process of learning and experiencing, and compliance shares the same general; pattern of education and operation.
To maintain sanity, CCOs have to change their perspective. A compliance program is never done, but the continuous process can be designed and measured in discrete projects, improvements and achievements. With that perspective, while there is never complete closure, there are certainly many significant milestones that a CCO can cite in the journey of ethics and compliance. Once a CCO adapts to his new perspective, life and work are filled with celebrated accomplishments, each of which are directed to maintaining an effective ethics and compliance program.