Editor’s Note: Fresh Perspectives is an exclusive series of The Compliance Report that features expertise across Convercent. Each week we will feature a different Convercent expert, capturing their opinion and unique voice. Fresh Perspectives will be published weekly on Fridays.
The big idea
While detecting and remediating misconduct remains at the heart of every compliance program, regulators are placing an increased emphasis on what organizations are doing to prevent misconduct from happening in the first place. Being able to tie cases back to the policies they violated gives you a more holistic view of your program and a clear audit trail in the event of an investigation.
The next step in program evolution
I talk to ethics and compliance professionals on a daily basis. Through these conversations, I am able to get an inside look at programs stretching across every major industry. I learn what’s working, what’s not, and how they’re aligning their E&C initiatives with the company’s corporate strategies to drive their businesses forward. I’ve also learned that many are struggling to stay in front of the DOJ’s ever-evolving and increasingly subjective expectations around what constitutes an effective compliance program.
The new norm
If “culture” is the 2016’s word of the year, “proactive” isn’t far behind, especially when it comes to judging program effectiveness. This is where linking policy and case management comes into play.
At this point, we all know that if you’re on the receiving end of an investigation, the DOJ is going to take a long hard look at the controls that were in place at the time of the transgression. They’ll want to see clear evidence that the company (you) took every step necessary to prevent the misconduct from occurring. Having a policy management process that provides a clear audit trail of the activity related to each employee – what policies they received, when they received them, when they attested to them and what version they attested to – will allow you to do just that.
(Side note: have you ever timed how long it takes you to pull together a report that details the attributes listed above? It’s a time suck. Think about what you and your team could accomplish if you had that time back.)
I’ve sold a lot of hotlines and case management systems since I’ve been with Convercent (shameless plug). I’ve also sold quite a few of our policy management systems. What I’m starting to see is that customers who bought one are now reaching out to add the other. Why? Because they understand that by linking the two they can identify and mitigate specific risks before they have a chance to metastasize and cause financial and reputational damage.
The cost of doing nothing
Few compliance professionals expect to find their company at the center of an investigation. At the same time, few are naïve enough to think it could never happen to them. Unfortunately, many CCOs I talk to aren’t given the resources they need to procure systems that would enable them to put forth a more vigorous defense, a la Morgan Stanley, in the event they do find themselves in the DOJ’s crosshairs. Not surprisingly, according to the PwC State of Compliance Survey 2015, only 21 percent of CCOs are using dedicated compliance technology solutions. Instead, most executives are forced to “get by” with in-house tools, which, while less expensive, could end up being far more costly.
As the saying goes, insurance is only expensive until you need it.