Compliance officers are regularly searching for tricks, tips, and secrets to give their compliance program an advantage. We could probably draft a long list of helpful strategies; however, it is actually most beneficial to look at it from a different angle. Compliance officers need to find force multipliers for their programs.
Force multipliers are any tools or techniques that allow someone to accomplish much more than he or she could otherwise do. A force multiplier in action is a soldier using a machine gun, or a sales executive using automated email marketing. These tactics allow soldiers or sales executives to maximize productivity and efficiency to achieve their goals.
You’re probably wondering how compliance officers find force multipliers that let them push their program’s goals more productively. We came up with five examples of how compliance officers use force multipliers to create a successful compliance program and tied each example to important tasks compliance officers do every day.
1. Start data analytics early
Data analytics helps compliance officers understand the “battlefield activity” in their organizations — what employees are really doing and which transactions are really happening. From there, compliance officers can start refining policies and procedures to change that activity.
Everyone understands the importance of data analytics, but the department might be strapped for analytics expertise or advanced visualization software.
Let’s start with spreadsheets. They can do very basic analytics and visualization. They are vehicles to collect information, making web-based systems that store data in a central repository. Once you’re confident in the dataset you have, spreadsheets can start you on your data analytics journey. Then, you can begin looking into more robust reporting and monitoring solutions.
The sooner you start analytics, the better. Your compliance program can be more responsive to actual conditions in the company, making data analytics an essential force multiplier.
2. Incorporate ethics into employee training
We’ve covered the key elements of training in our post 3 Compliance Training Elements You Should Be Addressing. As important as training on specific policies or compliance obligations may be, it’s also important to spend time talking about ethics. We all like to talk about ethics because we have an intuitive sense of right and wrong. Ethical dilemmas are usually quite relatable to our daily lives.
Moreover, a good ethical foundation helps employees with the most dangerous risk of all: the one your compliance program hasn’t anticipated. Eventually, your employees will encounter a dilemma that your Code of Conduct or policy manual doesn’t address, and that’s when they will rely on ethics to guide their decisions. So it’s important to help them build that foundation.
A compliance officer once told me, “If I can only talk about ethics or compliance, but not both, I’ll talk about ethics every time. If I get the ethics part right, the compliance part becomes a lot easier.” In other words, ethics is a force multiplier.
3. Utilize your third party contracts
Third party governance is about getting business partners to do something, whether that’s certifying your anti-corruption standards or promising to use ethical sources in their own supply chains.
Well, if your contracts with those third parties don’t include clauses allowing you to force those issues, you have no leverage to impose that governance. So, use your contracts to create that leverage for the future.
In practice, this raises important questions about policy management within your own company. Who can create and execute contracts on behalf of the business? Do they know to include these clauses? Do you have a system that prevents them from evading the third party governance issues you want to be included?
The contract is the force multiplier that allows you to push third party governance forward. Use it to full advantage.
4. Protect confidentiality in internal reports.
This seems simple, but you’d be surprised at how often confidentiality breaks down. For example, earlier this year the Government Accountability Office did an audit of the whistleblower systems at the Defense Department and found numerous ways that senior officers might share (accidentally or deliberately) the identity of a whistleblower who assumed his or her identity was protected.
Confidentiality builds trust. Even anonymity builds trust because the whistleblower gets to control when he or she might disclose their identity.
Anonymous reports are more difficult to address; and confidentiality requires lots of policy, procedure, and testing to be sure your protection protocols work. They’re still worth it because they help employees trust that the company will take their concerns seriously. That’s the force multiplier.
5. Frequently test internal controls
Testing controls is a crucial part of compliance programs. Numerous regulators have published guidance for corporate compliance programs where internal controls get extensive commentary. We have no shortage of FCPA enforcement actions where poor internal controls led to monetary penalties.
That means compliance officers need to get into the nitty-gritty of how internal controls work. If you fear resellers or local agents might offer bribes, you need to study accounting policies and sales practices at your company and see what internal controls they do (or don’t) have against that risk. You need to befriend your internal audit or accounting team and be ready to have conversations on subjects outside your comfort zone.
Strong internal controls are vital to compliance, but you won’t know whether they’re strong until you test them. Then, they can be a force multiplier that prevents a compliance failure — rather than just letting you know promptly that you have one.
Force multipliers that multiply each other
As you improve your data analytics skills, this may inform you which internal controls to test more often. If you protect confidentiality and build trust, employees will raise the ethical issues you discuss in training more freely. That’s how a compliance program can be more than the sum of its parts.