Europe has experienced a series of occurrences that have changed the compliance game. And because of this shifting landscape, organisations need to know how to build a compliance programme that will stand the test of time.
Consider how the compliance environment has developed in the last few years:
Your compliance programme must be robust enough to deal with current legislation and agile enough to encompass future pieces of legislation.
|
Table of Contents
|
A compliance programme comprises the policies and procedures your company has in place to prevent, detect and correct unethical behaviour within the organisation. It helps you remain within the scope of the laws within the jurisdictions in which you operate.
Your programme will cover recording and documenting your compliance efforts. In addition, it should also incorporate the systems and framework you need to remain compliant with the various pieces of legislation already in place and those that will come into force in the future.
You need to be able to prove to legislators that you have made determined and serious efforts to prevent non-compliant behaviour. A comprehensive compliance programme helps in this ambition and can be used as mitigation in the event that illegal activity does take place. A comprehensive strategy can lead to reduced sanctions if the regulator understands that it was an isolated incident and that the organisation takes compliance seriously.
| Purpose | Examples | Explanation |
| Prevention | Written policies / code of conduct |
Having written confirmation of policies, requirements and expectations of ethical behaviour is essential to preventing non-compliance. This ensures employees understand how they should act when representing the company. |
| Compliance officer and oversight |
If your company has a dedicated compliance function, it is easier for the organisation to remain up-to-date with compliance concerns and to effectively communicate new legal requirements around the company. | |
| Training/education | It is essential that you organise training on compliance best practices and educate your employees on related topics. This is the best way to keep the information fresh in the minds of employees and to instil the importance of compliance in them. | |
| Detection | Reporting channels | There must be confidential reporting channels available so that employees and other internal stakeholders can indicate wrongdoing when they see it. This could be a telephone hotline, a dedicated email, an automated online platform or any other channel. |
| Monitoring/auditing and internal reporting |
Keeping track of practices that could exhibit non-compliant behaviour is important but can be labour intensive to fulfil manually. Using automated monitoring platforms such as TradeLog for pre-clearance and surveillance of employee personal trades makes it much easier to remain compliant. | |
| Corrective Action | Investigations /remediation |
If non-compliant behaviour takes place within the organisation, you should have systems in place to conduct a fair and thorough investigation into the accusation. Businesses within the scope of the EU Whistleblowing Directive must investigate all reports and deliver their outcomes and steps for remediation within three months. |
| Disciplinary policies | In order to correct the wrongdoing, there must be sanctions in place for those who flout the laws. This could be fines, suspension or even termination of the employment of culprits found guilty by your investigation. |
Whether it’s a compliance team or a single compliance officer, you need someone who will be responsible for leading the compliance function. As compliance is essential for businesses to avoid illegal activity, financial sanctions and reputational damage, there should be a focal point for efforts to maintain it within the business.
This officer should have a direct line to the board and feel able to report honestly and demand the resources they need to carry out their compliance programme effectively.
The compliance officer is responsible for ensuring the company remains on the right side of the law as well as for fostering an ethical culture that, if successful, minimises the risk of compliance issues.
There will already be some policies and procedures in place that relate to compliance subjects. However, you need to audit and assess them to make sure they are up-to-date and fit for purpose in the current compliance climate.
With new legislation being issued regularly, it could be that your existing policies are no longer relevant or are not stringent enough to keep the company compliant.
In creating a new compliance programme, you should ensure that they meet the current requirements and that you add procedures for new compliance concerns that have not yet been addressed.
Keep informed of forthcoming European Union and national legislation to make sure that you are ready for it. You should also schedule regular audits so that you can be certain that your policies and procedures are fully compliant.
If your organisation does not already have a code of conduct in place, you should create one. This is essential for a number of reasons:
Having a code of conduct shows regulators that you are committed to preventing wrongdoing within your business.
Although the compliance team takes the lead on these matters, other departments also deal with elements of remaining on the right side of legislation. Your legal team, for example, must be aware of their obligations under the many different directives and regulations that apply to your organisation. Furthermore, HR could be involved in handling whistleblowing reports and in adjudicating retaliation after someone makes a report.
This means that the compliance function should catch up with each of these departments on a regular basis to share the latest updates and resolve issues.
Compliance affects everyone within a business, so coordinating messaging across the whole organisation is important.
A key part of detecting wrongdoing is to create a process by which employees feel comfortable reporting misconduct. Organisations that fall under the scope of the EU Whistleblowing Directive must have these reporting channels in place to comply with EU law. In the jurisdictions where the directive has already been transposed, national law also requires that such channels be implemented.
However, even if you do not have to meet the requirements of the EU Whistleblowing Directive, making it easy and confidential for your employees to flag non-compliant behaviour means that you can take action more quickly. This will help you avoid the bad publicity that comes from wrongdoing only being revealed when it becomes evident from outside of the company.
Your reporting process should include whistleblowing channels, from which a department picks up the complaint and investigates it, feeding back to the reporting person and carrying out the necessary disciplinary action.
Keeping track of the activities of your employees to ensure they remain compliant is important for your programme. If you spot any non-compliant activity, you can take action straight away.
Monitoring practices such as employee personal trades is another way to detect wrongdoing before it becomes a major issue for the company. Automating this process will cut down on the manual work involved in this process.
Compliance training reinforces your message about what constitutes acceptable behaviour in the workplace. It reminds staff of their own responsibilities and obligations, as well as informing them of the kinds of actions they should report if they witness them during their daily duties.
During the training, you should also inform employees of the wider compliance culture, the process that they should go through to report any problems and the type of monitoring you perform that might relate to their work.
This helps to foster a speak-up culture that values compliance and ethical behaviour.
Compliance software automates the processes of monitoring, recording and reporting. This helps you maintain your ethical standards with less effort. Compliance can take a lot of your team’s time, and that is why implementing specialised software will save you time and money, as well as keeping your organisation compliant.
The following tools by ComplyLog can help you automate your compliance processes and save precious time while staying compliant with EU legislation. Here is more information about these pieces of software and the related directives:
| Tool | Related Legislation | Features |
InsiderLog |
Market Abuse Regulation (MAR) |
|
TradeLog |
MiFID II |
|
IntegrityLog |
EU Whistleblowing Directive |
|
Lack of training for employees can lead to the failure of a compliance programme. If they do not understand the value of buying into the programme, they cannot fully participate. Underfunding compliance efforts can have a detrimental effect, too, as can unclear procedures for monitoring or reporting.
A compliance framework is much like a compliance programme; it is the ecosystem in which your compliance efforts exist. A compliance framework provides structure to a company’s efforts to prevent wrongdoing.
Chief compliance officers take the lead in implementing the programme, but everyone in the organisation has a responsibility to remain compliant in their actions.
ConclusionKnowing how to build a compliance programme is key to preventing wrongdoing from occurring in your business. A robust programme leaves no one in any doubt of what is expected of them and their responsibilities. It also informs them how they can help the business maintain compliance and avoid any of the detrimental consequences that occur when non-compliant behaviour flourishes. Using automated compliance tools helps you streamline the process and adhere to the various pieces of legislation related to your business. IntegrityLog allows for confidential, GDPR-compliant reporting of unethical behaviour and provides an easy-to-use dashboard that helps you monitor ongoing cases and meet deadlines. Request a free demo for your organisation today. |
-1.png?width=24&height=24&name=linkedin%20(1)-1.png){kind=small}