The definition of compliance encompasses several things. First, a compliance program should help the company prevent, detect, and respond to illegal or unethical conduct. Second, it requires developing standards and procedures that promote compliance with laws and regulations. Third, the company must build a culture that encourages ethical conduct and compliance with the law. Developing an effective compliance program doesn’t just happen by chance. A company must commit the resources from end to end – from a thorough risk assessment to an employee training program to proper investigations of alleged misconduct.
Many companies want to know why they would need a compliance program, and how it benefits them. An effective compliance program will help to avoid or minimize legal or regulatory penalties and potential civil litigation. It can help to promote ethical conduct across your company, as well as avoid or minimize reputational damage that often comes in the wake of a public compliance issue. Additionally, an effective compliance program can assist members of the Board of Directors in meeting their fiduciary duties.
Any effective compliance program will be tailored to your business and industry. However, all effective compliance programs should include:
Every company needs a compliance program. Otherwise, you run the risk of the negatives discussed in “Why is a compliance program important for my company?” However, every company is different, and tailoring the program to your needs is extremely important.
The federal government does not generally require a company to have a compliance program in place. However, if you are facing prosecution (civil or criminal), then the government may give you credit at the penalty stage for having had an effective compliance program in place. While this may not stop the proceeding, it could have the effect of significantly reducing any fine or penalty.
Every business should expect their compliance program to be tailored to the size of the company and the nature of the risks involved. Senior federal government officials have stated that more is expected of large organizations because of their larger resources.
A risk assessment is a thorough review of your business operations and the possible legal risks that may arise from any negligence or misconduct. It is also the foundation of an effective compliance program. Without a full understanding about the specific legal risks that your business operation faces, you cannot begin to put in place the policies, standards, and procedures to address those risks.
An effective risk assessment begins with bringing together the people within the business who are most knowledgeable about each of the business operations throughout the entire organization, such as purchasing, manufacturing, distribution, marketing, finance, etc. This team of business leaders, together with your attorney, will identify and evaluate any legal risks that may surface in any of the departments. This comprehensive approach ensures that no risks are overlooked. Additionally, by including all departments, your staff will be more completely invested in the success of the program.