We have been operating Compliance Quarter for over three years now and one of the key components of our service offering is the outsourced Compliance Manager role that we provide to several businesses operating in highly regulated industries.
Providing the outsourced Compliance Manager role gives us the ability to benchmark businesses when it comes to compliance. The outsourced Compliance Manager role also helps us understand when a business is likely to face compliance issues into the future.
When it comes to determining whether a business will or will not be compliant, there are some very basic metrics that determine success.
What is a compliance culture?
The most critical aspect of compliance is a compliant culture. What this means is that an organisation’s staff must value compliant and ethical conduct.
Compliance and ethics must be baked into decision-making. Compliance must be rewarded, and non-compliance addressed. When designing processes and reward structures, compliance must be paramount. A common example of where this is not the case is where a sales representative is rewarded purely based on sales completed rather than compliant sales.
To embed compliance in decision making, the Organisation should firstly have a complete understanding of their regulatory obligations and secondly should consider the impact of their decision-making when it comes to compliance with regulatory obligations.
Compliance, like many other areas of business, risks being tied up with buzzwords and some of the most spectacular examples of non-compliance have been by businesses that have been given a false sense of security either by internal or external advisors.
When it comes to compliance culture, the easy way to measure success is to review the decisions that have been made by senior management over time and to consider whether those decisions included compliance as a key feature or as an afterthought.
Businesses which rely heavily on external advice for approval, particularly after the fact, rather than for guidance before making decisions are typically those at most risk.
Training, documentation, and systems and processes
All businesses must ensure that they have a compliance management process in place that is robust, documented, regularly updated, and, most importantly, implemented. What this means in practice is that businesses should document their compliance policies and procedures and ensure that all staff have been trained on compliance.
Training is not a one-off exercise, this is been clearly demonstrated when it comes to various organisations response to the coronavirus. Staff must be given the tools and resources they require to implement an effective compliance program. In areas of key risk, this means investment by an organisation and this means continual training.
If you are considering whether or not your compliance management program was effective, ask yourself when your staff most recently completed training on compliance and whether you can say, hand on heart, that all of your staff have completed appropriate training for their roles.
Some of the warning signs that you need to do more work on this area include policies and procedures that have not been updated in more than six months and staff that have not completed training.
Compliance example by senior management
It is critical that your business conduct monthly compliance committee meetings where you consider the effectiveness of your compliance program and consider any improvements can be made.
Within your compliance committee meetings, you should be looking at any new or proposed regulatory obligations, looking at the measures of compliance, and developing a work programme for the month ahead. Compliance committee meetings should be documented and records of agendas and minutes kept.
What is a outsourced Compliance Manager role?
An outsourced compliance manager takes control of your compliance program and ensures that you have a robust compliance management system in place.
Depending upon the terms of the engagement, this individual may be responsible for regulatory updates, for reviewing the adequacy of the controls you have in place, and for training staff.
The benefits of an outsourced compliance manager include: a) their independence from the business, b) their industry expertise and ability to benchmark your business against others, and c) the value that they can provide at a lower cost to your business.