The ability to craft effective policies is key to the success of any compliance program, however, the task is much easier said than done. Today’s business environment is global, diverse, highly regulated, and fraught with risk, making the process of working out straightforward and effective company policies even more complex. It is therefore essential for compliance officers to work closely together with other units in the organization to build an informed insight into the workings of the organization and thereby identify the types of risks and objectives company policies must, respectively, mitigate and target.
That said, it is an almost established fact that most compliance departments have to master the arts of running an encompassing compliance program on a tight budget. Thus, it is all the more essential for CCOs to devise company policies in a systematized manner even as the substance of these policies becomes more specific and granular. It might be that the company risk map changes as it expands into new markets or takes on new third parties, ventures into a new industry, or maybe even new regulatory requirements come along imposing a reassessment of company policies.
But how to actually get to the stage where you can effectively systematize your processes of devising compliance policies? The answer lies in identifying the main traits that make up an effective compliance policy.
To help you on your way, here is what you need to keep in mind:
- Clearly state the objective of your policy: Don’t confuse your policies with your procedures. Your policy should explicitly define good business practice: what employees should do or avoid.
- Use simple and clear language: Avoid using complex language to convey the objectives of your policy. In fact, according to an Ernst & Young 2017 Fraud Survey, 85% of respondents want to see their anti-bribery and anti-corruption policies changed because of too long and unnecessarily complex language.
- State the purpose of your policy: Include the relevant regulation, core value, performance objective or other purpose that has triggered the creation of your policy. This motivates employees to engage with the message communicated to them.
- Include examples: Examples and real-life scenarios will enhance the understanding of employees. Carefully consider your choice of examples and the audience you’re targeting. Tailor your examples to provide receivers with ones that match their local business context.
- Include related material: Always link policies to underlying regulations, laws and other related material.
- Take exceptions into account: Remember to dedicate part of your policy to explain where exceptions are allowed or prohibited. As such, you avoid ‘cornering’ your employees by a policy and risk violations.
- Formulate encouraging policies: Avoid prescriptive policies and employ persuasive rather than dictative formulations to encourage good business conduct.
The above-listed policy traits are only some of which that make up an effective compliance policy. And it, of course, goes without saying, that CCOs must devise policies that fit the individual risks and objectives of their organization. However, from a general perspective, CCOs must ensure that employees can understand, respect and follow the rolled-out policies.