Skip to content

In the compliance practice context, the term change management refers to the process by which an organization controls, monitors, and reports on the implementation of modifications to various compliance policies and procedures.

Change management is critical in ensuring:


That key compliance changes are clearly communicated and disseminated throughout an organization.


That such changes are effectively integrated into an organization’s daily operations.


That the compliance function can demonstrate to internal and external stakeholders that such changes have, in fact, been implemented.

Continuous improvement of compliance programs requires proper change management.

Key regulators and enforcement agencies—including most notably, the U.S. Department of Justice (“DOJ”)—have emphatically emphasized that a compliance program must be subject to continuous improvement based on lessons learned; both from the organization’s own experience and from companies operating in the same (or substantially similar) industries.

Specifically, the DOJ’s Guidelines for the Evaluation of Corporate Compliance Programs require prosecutors confronting a potential enforcement action to ask whether the organization has made “evolving updates” both to its risk assessment and related compliance policies, procedures, and practices.

Prosecutors are asked to consider whether the organization has undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed; whether the company has taken any steps to determine what policies, procedures, and practices make sense for particular business segments and subsidiaries; and whether the organization has periodically reviewed and adapted its compliance program to account for changing circumstances.

It is of paramount importance that organizations adopt technological solutions that equip compliance officers with the ability to control the change management process from start to finish. This is particularly true in the context of introducing new policies and procedures or modifying existing policies and procedures that may be integral to an organization’s day-to-day operations.

For instance, almost all compliance-conscious organizations have adopted a third-party risk management policy that provides detailed procedures for the holistic assessment of third party risks based on role, industry, geography, and other factors. Global regulators and enforcement agencies have repeatedly emphasized the need for organizations to prioritize the risks inherent in each type of third party relationship to maximize the effectiveness of anti-bribery and corruption controls.

At times, an organization’s compliance function may be called on to adjust the acceptable risk threshold for certain categories of third parties, or reconfigure workflows to collect additional information on third parties posing the greatest risk.

GAN Integrity equips compliance officers with the ability to implement changes in a concerted, organized, and intuitive manner. Designed with the compliance officer in mind, GAN Integrity’s integrated compliance management platform allows compliance officers to:

  • prioritize third parties by risk,
  • implement fully customizable and alterable workflows based on that risk,
  • track the effectiveness of third party due diligence efforts, and
  • report on the status of those efforts with the click of a mouse.

Changes are continuously tracked and aggregated by GAN Integrity’s platform, providing crucial insight to compliance officers into core elements of the organization’s compliance program at a particular moment in time.

In the unlikely event that the organization faces a regulatory inquiry or enforcement action, GAN Integrity’s audit trail and reporting tools will allow the company’s compliance function to demonstrate how the organization has changed its approach to key elements of its compliance program over time.