Complying with regulatory acts is not optional and ignorance of the law is not a defence. A credible compliance program will help organizations stay within the law by being aware of legal obligations and safeguarding against the risk of violating regulatory and legal boundaries.
At the same time, a credible compliance program needs a credible plan to design, build, operate, maintain, and improve over time. Creating a task list and doing the basics are not enough to establish credibility or achieve effectiveness.
In this article we take a deep dive into the Canadian [guidelines] regarding corporate compliance programs along with 5 immutable principles for program success.
Purpose of a Corporate Compliance Program
The Canadian guidelines on corporate compliance defines the purpose for a compliance program in the following way:
A good corporate compliance program helps to identify the boundaries of permissible conduct, as well as identify situations where it would be advisable to seek legal advice.
In essence a corporate compliance program keeps organizations operating within regulatory and legal lines. These lines form the basic boundaries for compliance with respect to a regulatory license to operate.
Additional obligations will come from stakeholder commitments which have more to do with a social license or at minimum; internal boundaries defined by corporate values. These will in turn create additional boundaries that go beyond the basics.
Benefits of a Corporate Compliance Program
According to the guideline, a credible and effective corporate compliance program generates three broad benefits:
it signals an entity’s seriousness in tackling and addressing the legal obligations and ethical considerations facing businesses today;
reduces costs of compliance by helping to clarify, for business managers and officers, the boundaries of permissible conduct as well as situations that could put their business at risk of violating the Acts; and
should there be any violations of the Acts, it provides a possibility for the business to mitigate the cost of non‑compliance.
The following specific benefits may also be realized:
maintaining a good reputation;
improving a business’ ability to recruit and retain staff—a business with a reputation for compliance is likely to attract higher‑quality employees and have a better employee retention rate;
improving a business’ ability to attract and retain customers and suppliers who value companies that operate ethically;
reducing the risk of non‑compliance;
triggering early warnings of potentially illegal conduct;
allowing a business to qualify for favourable treatment in sentencing, or reducing costs related to litigation, fines, AMPs, adverse publicity and the disruption to operations resulting from an investigation and/or proceedings before the court
reducing the exposure of employees, management and the business to criminal or civil liability;
educating employees as to the appropriate course of conduct if called upon to provide evidence in the course of an inquiry or if the company is the target of such an inquiry;
assisting a business and its employees in their dealings with the government—for example, by identifying contraventions of the regulatory acts early enough to request immunity or leniency; and
increasing awareness of possible conduct in breach of regulatory acts among competitors, suppliers and customers in the market.
With respect to stakeholder obligations (internal or external) the following additional benefits may also accrue:
reduced impact on the environment
safer work environment
greater data protection and privacy
greater stakeholder value
Basic Requirements for a Corporate Compliance Program
A credible and effective compliance program is one that addresses the risk profile of the business taking into account its resources and activities. In all cases a compliance program should have these seven basic elements as described in the guideline:
Management Commitment and Support – Management's clear, continuous and unequivocal commitment and support is the foundation of a credible and effective corporate compliance program.
Risk‑based Corporate Compliance Assessment – A thorough assessment of the potential risks faced by a company will allow it to properly design compliance strategies that address those risks.
Corporate Compliance Policies and Procedures – A corporate compliance program should be tailored to the operations of a business and establish internal controls that reflect its risk profile.
Compliance Training and Communication – A credible and effective corporate compliance program includes on‑going training and communications focusing on compliance issues for staff at all levels who are in a position to potentially engage in, or be exposed to, conduct in breach of the Act.
Monitoring, Verification and Reporting Mechanisms – Monitoring, verification and reporting mechanisms are vital to the success of any corporate compliance program.
Consistent Disciplinary Procedures and Incentives for Compliance – Consistent disciplinary actions as well as appropriate compliance‑related incentive plans demonstrate the seriousness with which the business views conduct in breach of the Act and its commitment to compliance.
Compliance Program Evaluation – A program’s ability to deliver its core objective must continuously be assessed. It is also necessary to monitor new developments regarding the Acts and business activities to determine their impact on the program.
However, to realize the broader set of compliance benefits organizations will need to go beyond these basic requirements.
A Credible Program Needs a Credible Plan
Instead of doing the basics, organizations should do what is essential to realize compliance benefits and contend with operational risk.
A credible and effective program with needed capabilities to achieve and sustain the outcome of compliance evidenced by realized benefits requires a credible plan.
Programs at an operational level manage systems and processes that achieve compliance objectives. These systems are social-technical in nature and objectives will vary in type and performance requirements. This all happens in the presence of uncertainty and may itself be subject to internal standards and guidelines.
The following are 5 immutable principles of program success adapted from Glen Alleman’s ([Five Immutable Principles of Project Success]).
EVIDENCE PRINCIPLE IS FOLLOWED
1. Define what compliance looks like.
2. Create plan to realize and sustain compliance.
3. Resource the plan.
4. Estimate and handle uncertainty.
5. Measure progress.
Following these principles has proven to increase the probability of success across all domains by helping organizations develop and execute credible program / project plans.