INTRODUCTION:Communication and training are and should constitute fundamental parts of an effective compliance program or framework. Why? Because communication and training ensure the conveyance of certain compliance information to selected people.For organizations to deter or encourage certain types of conduct and to guarantee that persons working on their behalf are aware of the do’s and don’ts, these persons need to know the boundaries, the reasons behind them, and the consequences (bad or good) that result from acting outside and/or within these boundaries.In a typical organization, the various forms of compliance-related communication may consist of some mix of formal (e.g. code of conduct, policies, procedures, protocols, training) and less formal (e.g. discussions, emails, town hall meeting) components. Also, the variables associated with any significant compliance-related communication can be daunting; such as core message and rationale, message source (consider ‘tone at the top’), intended audience(s), message content, type, form, delivery mode and related tracking and opportunities for metrics reporting.These forms and variables are, in most cases, sporadic and can be more easily and efficiently managed as part of a comprehensive plan.Why does this matter?From an operational or tactical perspective, it is generally more time consuming and expensive to have various communications activities done on an individual or “one off” basis.Equally important, from a strategic perspective, several significant opportunities are lost by not having an integrated Plan – notably:
- As regulators (to include law enforcement) have occasion to assess compliance programs, they look closely for signs of thoughtful program design and operationalization – program activities that are proactive and appropriately focused on the highest risks emanating from a thorough risk assessment. A solid Plan that has been followed can help demonstrate that these elements are present in your program.
- The process of developing a Plan is also a chance to educate colleagues about the organization’s compliance function and program. By involving other departments and roles in the Plan design and operation, they may more fully understand the Chief Compliance Officer’s (CCO) role, and take their own compliance responsibilities more seriously.
- The more that compliance is viewed by senior management as being “part of the business” and not as a pure cost center, the greater the chances of programmatic support and success.
By engaging in the planning exercise and emphasizing the relationship between the related activities and the organization’s strategic goals, a CCO demonstrates that he/she is thinking and acting like a business person doing compliance, and not as the pure “compliance guy or gal”. And substantively, the opportunity to have Plan-related discussions with the CEO about topics such as “tone from the top” is likely to lead to more engagement on the latter’s part than the intermittent interaction involved with the CCO putting something on the CEO’s desk and saying “please sign this; it’s part of compliance”. So how does one go about designing and implementing a Plan? There are numerous available treatments that cover this question from a thirty-thousand-foot view or that analyze the pro’s and con’s of various communications types, forms and frequencies.We consider Plan design and implementation from the CCO’s perspective: what follows are the practical considerations that can make or break a Plan, however good it may be on paper. We break the design and implementation process down into four basic steps – Plan, Collaborate, Produce, and Implement – and pose the associated questions that CCOs should be asking as they think about what makes sense for their company and its particular facts and circumstances. (Want to get more compliance insights delivered directly to your inbox every week? Sign up here the Compliance Connection newsletter.)