In a constantly shifting regulatory environment, being able to conduct risk assessments is not enough. Organisations must also gear up to protect themselves against future risk and that means creating compliance plan objectives. Your compliance strategy must be as flexible and agile as the ethical landscape in order to avoid reputational damage and the potential of large financial penalties.
However, research has found that 69% of executives are not confident that their current risk management policies and practices will be enough to meet future needs. This concerning statistic suggests that, unless they activate a compliance plan with future-facing objectives, they could find themselves in regulatory trouble. We hope chief compliance officers and compliance teams looking to shore up their organisations and instigate robust compliance policies will find this article helpful when preparing their compliance plans.
|
Table of Contents
|
A compliance plan, or corporate compliance program, is a set of policies and procedures for managing risk as well as standards of conduct and internal controls. It prioritises best practices and commitment to business ethics. But it should also include provisions for regular review and auditing of your compliance procedures.
A company’s compliance plan takes into account the regulatory requirements it needs to address currently and in the future, as well as the steps the company is taking to meet those legal obligations.
Your plan can lay out the steps needed to ensure your compliance initiatives are successful and helps track your progress towards your goals.
There are multiple reasons why a compliance plan is important for your business. These include:
Using SMART goals, you can break down your compliance plan objectives and analyse them to ensure they are worth working towards and that you stand a chance of succeeding with them. SMART stands for Specific, Measurable, Achievable, Relevant and Timebound.
Taking the example from above, if the objective of the chief compliance officer was to implement and run a whistleblowing reporting channel ahead of the deadline for the EU Whistleblowing Directive, your SMART goals might look like this.
| Feature of the objective | What it means for a compliance plan | |
| S | Specific | This is the who, what, where, when and why. In our example:
|
| M | Measurable | By launching the channel and completing the relevant training, you can measure whether you have been successful. |
| A | Achievable | It is certainly possible to implement a reporting channel and train staff. There are no real barriers other than time. |
| R | Relevant | It is relevant because it is a regulatory requirement. In addition, an open corporate culture that welcomes reports of wrongdoing, rather than trying to shut them down, is more likely to retain its best talent. |
| T | Timebound | There are hard deadlines set by the European Union in the directive, making this a timebound objective. |
Compliance objectives can relate to major legislative changes, as in the example above. But they can also refer to operational adjustments within your compliance function. Here are some examples of compliance initiatives that chief compliance officers might include in their plan as well as details on how to measure the progress of the related objective:
| Objective | How to achieve the objective? | How to measure? |
| To speed up the process of creating an insider list when information becomes classified as inside information | Use an automation tool like InsiderLog to populate insider lists and to send reminders to insiders who do not respond | Use the data collected on when insider lists were created and populated before using InsiderLog and compare with the data collected in the tool afterwards to track the progress |
| Ensure employees have access to all policies and procedures relating to compliance | Designate a team member to be in charge of updating the company intranet and populating it with all relevant policies | Maintain a checklist of all relevant compliance procedures and compare with the information on the intranet |
| Reduce penalties and warnings for compliance breaches | Implement training sessions for staff in relevant departments on necessary topics | Compare data year-on-year |
| All new staff in high-risk positions must undertake specific compliance training within four weeks of joining | Work with HR to identify qualifying employees and automatically invite them to training as part of the onboarding process | Audit training attendance records to ensure they match with your employee records |
| Automate employee trade pre-clearance | Use TradeLog to set parameters for what are and are not acceptable employee personal trades and to accept or reject requests based on those parameters | Audit employee trades on a regular basis to make sure the pre-clearance system is working and keep the business compliant |
When companies expand and diversify, or rules change, they can sometimes overlook the risks and regulatory requirements in different territories or sectors. An example of this might be for UK-based companies that carried out business in the EU and now have to consider legislation from both territories since Brexit. Although the UK transposed much of the existing EU law into its national law, there are notable differences. One of these differences is that the UK chose not to implement the EU Whistleblowing Directive.
For these reasons, compliance department staff must be alert and forward-thinking, remaining up to speed with the company’s strategy and plans. By understanding the direction of travel of the business as a whole, they can work ahead and mitigate future risks.
In order to foster an ethical culture in the business, leadership has to be seen to embrace it. If leaders do not buy in to compliance measures, staff will see no reasons to do so either. The tone has to be set by senior management and the board of directors, and then passed down to middle management who should feed it down to everyone else. Unity of purpose is key to a successful compliance plan and for a culture of compliance.
The best way to get management and other company leaders to support your compliance efforts is to show them the business benefits of backing them. The reduction in unnecessary penalties, the improvement in staff morale, the efficiency savings of using automation tools to carry out tasks like creating insider lists are all persuasive arguments for promoting compliance.
Compliance activities are not just theoretical exercises, they have to be carried out by your staff and that means they need training. If they do not receive the right coaching to understand why and how to put your plan into practice, they will not be able to do it with any success. So, keep staff up to date with your compliance work plan and code of conduct. Inform them of the benefits of compliance and the disciplinary actions for failing to adhere to the plan.
Make sure compliance training is held regularly and covers the relevant topics that each employee needs to know about. This also helps them understand how seriously the company takes compliance. It could even encourage them to speak out if they spot something that appears to challenge the ethical culture of the organisation.
Collecting data at every stage of your compliance plan helps you to understand the differences that you make and to track your progress. Based on your business compliance objectives, you can develop key performance indicators (KPIs) to help you monitor those aspects of your plan that you are most keen to measure.
Distribute employee surveys to understand how much they understand about your compliance plan and how well equipped they are to deliver it too. You can also run an internal audit to make sure you are reaching your goals. If not, you can quickly take corrective actions.
ConclusionYour compliance plan objectives will differ from another company’s, but your plan should be relevant and achievable, as well as making progress towards a more compliant workplace and improved ethical culture. It requires buy-in from company leaders and should be an ever-developing entity that takes into account the shifting regulatory landscape. It helps avoid violations of laws and encourages ethical behaviour. One way to improve your compliance processes is to use the tools from ComplyLog that automate insider lists, employee trade requests and whistleblowing reports. |
-1.png)