How To Build A Compliance Program That is Futureproof

BY: ComplyLog|November 7, 2022|Compliance

How To Build A Compliance Program That is Futureproof

Europe has experienced a series of occurrences that have changed the compliance game. And because of this shifting landscape, organisations need to know how to build a compliance programme that will stand the test of time. 

Consider how the compliance environment has developed in the last few years: 

  • Technological developments such as High Frequency Trading (HFT) were a key driver behind the development of the updates to the Markets in Financial Instruments Directive (MiFID II), which became law in 2018. 
  • The EU Whistleblowing Directive came into force in 2021. It was created to protect reporting persons following the treatment of individuals such as Antoine Deltour, who exposed the LuxLeaks scandal and was promptly prosecuted for his role in 2014. 
  • Regulators around the world responded to a host of market abuse and insider dealing cases with tough new legislation. In the European Union, it was 2016’s Market Abuse Regulation that sought to tackle these compliance issues. 

Your compliance programme must be robust enough to deal with current legislation and agile enough to encompass future pieces of legislation. 

Compliance-framework

What is a compliance programme?

A compliance programme comprises the policies and procedures your company has in place to prevent, detect and correct unethical behaviour within the organisation. It helps you remain within the scope of the laws within the jurisdictions in which you operate. 

Your programme will cover recording and documenting your compliance efforts. In addition, it should also incorporate the systems and framework you need to remain compliant with the various pieces of legislation already in place and those that will come into force in the future. 

You need to be able to prove to legislators that you have made determined and serious efforts to prevent non-compliant behaviour. A comprehensive compliance programme helps in this ambition and can be used as mitigation in the event that illegal activity does take place. A comprehensive strategy can lead to reduced sanctions if the regulator understands that it was an isolated incident and that the organisation takes compliance seriously. 

What is the purpose of a compliance programme?

Purpose Examples Explanation
Prevention Written policies /
code of conduct
Having written confirmation of policies, requirements and expectations of ethical behaviour is essential to preventing non-compliance. This ensures employees understand how they should act when representing the company. 
Compliance officer
and oversight
If your company has a dedicated compliance function, it is easier for the organisation to remain up-to-date with compliance concerns and to effectively communicate new legal requirements around the company.
Training/education It is essential that you organise training on compliance best practices and educate your employees on related topics. This is the best way to keep the information fresh in the minds of employees and to instil the importance of compliance in them.
Detection Reporting channels There must be confidential reporting channels available so that employees and other internal stakeholders can indicate wrongdoing when they see it. This could be a telephone hotline, a dedicated email, an automated online platform or any other channel. 
Monitoring/auditing
and internal reporting
Keeping track of practices that could exhibit non-compliant behaviour is important but can be labour intensive to fulfil manually. Using automated monitoring platforms such as TradeLog for pre-clearance and surveillance of employee personal trades makes it much easier to remain compliant. 
Corrective Action  Investigations
/remediation
If non-compliant behaviour takes place within the organisation, you should have systems in place to conduct a fair and thorough investigation into the accusation. Businesses within the scope of the EU Whistleblowing Directive must investigate all reports and deliver their outcomes and steps for remediation within three months. 
Disciplinary policies In order to correct the wrongdoing, there must be sanctions in place for those who flout the laws. This could be fines, suspension or even termination of the employment of culprits found guilty by your investigation. 


How to create an effective compliance programme

1. Appoint a compliance leader

Whether it’s a compliance team or a single compliance officer, you need someone who will be responsible for leading the compliance function. As compliance is essential for businesses to avoid illegal activity, financial sanctions and reputational damage, there should be a focal point for efforts to maintain it within the business. 

This officer should have a direct line to the board and feel able to report honestly and demand the resources they need to carry out their compliance programme effectively. 

The compliance officer is responsible for ensuring the company remains on the right side of the law as well as for fostering an ethical culture that, if successful, minimises the risk of compliance issues. 

Appoint-a-compliance-leader

2. Assess your policies and procedures

There will already be some policies and procedures in place that relate to compliance subjects. However, you need to audit and assess them to make sure they are up-to-date and fit for purpose in the current compliance climate. 

With new legislation being issued regularly, it could be that your existing policies are no longer relevant or are not stringent enough to keep the company compliant. 

In creating a new compliance programme, you should ensure that they meet the current requirements and that you add procedures for new compliance concerns that have not yet been addressed. 

Keep informed of forthcoming European Union and national legislation to make sure that you are ready for it. You should also schedule regular audits so that you can be certain that your policies and procedures are fully compliant. 

3. Create a code of conduct

If your organisation does not already have a code of conduct in place, you should create one. This is essential for a number of reasons:  

  • Creates a safe working environment
  • Improves staff morale and increases employee retention
  • Maintains compliance with legislation
  • Helps avoid financial penalties for non-compliance
  • Prevents behaviour that could damage the brand’s reputation

Having a code of conduct shows regulators that you are committed to preventing wrongdoing within your business. 

4. Coordinate internal teams

Although the compliance team takes the lead on these matters, other departments also deal with elements of remaining on the right side of legislation. Your legal team, for example, must be aware of their obligations under the many different directives and regulations that apply to your organisation. Furthermore, HR could be involved in handling whistleblowing reports and in adjudicating retaliation after someone makes a report. 

This means that the compliance function should catch up with each of these departments on a regular basis to share the latest updates and resolve issues. 

Compliance affects everyone within a business, so coordinating messaging across the whole organisation is important. 

Coordinate-internal-teams

5. Create a process for reporting misconduct

A key part of detecting wrongdoing is to create a process by which employees feel comfortable reporting misconduct. Organisations that fall under the scope of the EU Whistleblowing Directive must have these reporting channels in place to comply with EU law. In the jurisdictions where the directive has already been transposed, national law also requires that such channels be implemented. 

However, even if you do not have to meet the requirements of the EU Whistleblowing Directive, making it easy and confidential for your employees to flag non-compliant behaviour means that you can take action more quickly. This will help you avoid the bad publicity that comes from wrongdoing only being revealed when it becomes evident from outside of the company. 

Your reporting process should include whistleblowing channels, from which a department picks up the complaint and investigates it, feeding back to the reporting person and carrying out the necessary disciplinary action. 

6. Create a monitoring procedure

Keeping track of the activities of your employees to ensure they remain compliant is important for your programme. If you spot any non-compliant activity, you can take action straight away. 

Monitoring practices such as employee personal trades is another way to detect wrongdoing before it becomes a major issue for the company. Automating this process will cut down on the manual work involved in this process. 

7. Establish compliance training

Compliance training reinforces your message about what constitutes acceptable behaviour in the workplace. It reminds staff of their own responsibilities and obligations, as well as informing them of the kinds of actions they should report if they witness them during their daily duties. 

During the training, you should also inform employees of the wider compliance culture, the process that they should go through to report any problems and the type of monitoring you perform that might relate to their work. 

This helps to foster a speak-up culture that values compliance and ethical behaviour. 

8. Implement compliance software

Compliance software automates the processes of monitoring, recording and reporting. This helps you maintain your ethical standards with less effort. Compliance can take a lot of your team’s time, and that is why implementing specialised software will save you time and money, as well as keeping your organisation compliant. 

The following tools by ComplyLog can help you automate your compliance processes and save precious time while staying compliant with EU legislation. Here is more information about these pieces of software and the related directives: 

Tool Related Legislation Features

InsiderLog

Market Abuse Regulation (MAR) 
  • Creates and maintains insider lists
  • Sends automated reminders to insiders to ensure you have followed all required steps
  • Tracks insider list changes
  • Tracks the list of Persons Discharging Managerial Responsibilities and closely associated persons (legal and physical)

TradeLog

MiFID II
  • Automates the process of pre-clearance of employee trades for financial services firms
  • Monitors employee trading activity
  • Alerts you to potential violations

IntegrityLog

EU Whistleblowing Directive
  • Automates whistleblowing reporting
  • Ensures confidentiality when reporting suspicious activity
  • Only allows authorised access
  • Meets GDPR requirements
  • Dashboard allows investigators to track the progress of reports and meet deadlines


FAQ

Why do compliance programmes fail?

Lack of training for employees can lead to the failure of a compliance programme. If they do not understand the value of buying into the programme, they cannot fully participate. Underfunding compliance efforts can have a detrimental effect, too, as can unclear procedures for monitoring or reporting.

What is a compliance framework?

A compliance framework is much like a compliance programme; it is the ecosystem in which your compliance efforts exist. A compliance framework provides structure to a company’s efforts to prevent wrongdoing. 

Who is responsible for implementing the compliance programme?

Chief compliance officers take the lead in implementing the programme, but everyone in the organisation has a responsibility to remain compliant in their actions. 

 

Conclusion

Knowing how to build a compliance programme is key to preventing wrongdoing from occurring in your business. A robust programme leaves no one in any doubt of what is expected of them and their responsibilities. It also informs them how they can help the business maintain compliance and avoid any of the detrimental consequences that occur when non-compliant behaviour flourishes. 

Using automated compliance tools helps you streamline the process and adhere to the various pieces of legislation related to your business. IntegrityLog allows for confidential, GDPR-compliant reporting of unethical behaviour and provides an easy-to-use dashboard that helps you monitor ongoing cases and meet deadlines. Request a free demo for your organisation today. 

 

References and Further Reading


 

Popular posts

Insider list management

Market Abuse Regulation (MAR) Explained

Whistleblowing

4 Interesting Examples Of Whistleblowing In The Workplace

Insider list management

The 7 Behaviours That Qualify As Market Abuse – Part 1

Whistleblowing

How To Encourage Whistleblowing (And Why It’s Key For Compliance)

Insider list management

Market Abuse Penalties Under MAR + 5 Case Studies