In an interview with the Wall Street Journal, RevSpring’s General Counsel & Chief Compliance Officer, Analiese M. Fusner Esq., CHC stated the need to create a culture of compliance and ethics. Below are a some important points to define what a compliance and ethics culture entails, as well as a list of questions an organization should ask when implementing a program from the ground floor OR trying to assess the current state of its compliance & ethics program.
1) Do you have an employee designated as the Chief Compliance Officer (CCO) to oversee the compliance and ethics’ program enterprise-wide?
2) Do you have a Compliance & Ethics Committee to support the CCO?
3) Are there clearly defined roles & responsibilities for the CCO and each member of the Committee?
4) Does the company’s organizational chart illustrate the authority of the CCO needed to perform his/her duties, in other words does your Chief Compliance Officer truly have a “seat at the table?”
5) Does your CCO have unfettered access to the Board Audit Committee for your organization?
6) Does every employee have at least an awareness of the compliance & ethics’ program? Awareness meaning every employee understands the elements of the program, the name of the CCO, every employee knows how and where to report potential compliance & ethical violations, every employee knows where to find compliance & ethics policies, every employee receives and attests to annual compliance & ethics training.
7) Does every employee have at least one SMART goal related to compliance & ethics’ program activity?
8) Do all the job descriptions include a statement regarding compliance & ethics?
9) Is maintaining an effective compliance & ethics program part of your organization’s strategic objectives every year?
10) Does your CCO lead an Enterprise Risk Assessment (ERM) annually to ensure that scope of activity can be achieved to ensure the organization addresses its highest risks?
11) Do you have at least 1-2 Compliance & Ethics’ sub-committees actively supporting the Compliance & Ethics’ program? (ie Audit Sub-committee, Policy Sub-Committee, Education & Training Sub-committee, etc.)
12) Do you have Compliance & Ethics’ Program Key Performance Indicators (KPIs) and Program Effectiveness Index (PEIs) defined so that your organization can track continuous improvement and foster accountability?
13) Does your Compliance & Ethics’ Program drive lean principles in order to reduce duplicative activity?
14) Do you have an anonymous reporting line so employees can report confidentiality and non-retaliation is fostered? (Further do you have a single summary-level tracking log of all compliance and ethics’ complaints and investigations)
15) Does your organization conduct monitoring and auditing activities on an annual basis and rotational basis to ensure any identified deficiencies that were corrected are still working and effective?
16) Does your compliance & ethics program ensure deference to expertise? In other words, do your employees feel valued for their individual talents because they are engaged and consulted in areas they should provide input to enhance and integrate your compliance & ethics’ program fully?
Seems like a daunting list. However, all the most current changes from the relevant regulatory agencies (especially Federal Sentencing Guidelines) make it clear that a culture of compliance & ethics is the goal in order to show your program is effective– “Anything else is merely window dressing.”