The Federal Sentencing Guidelines for Organizations (FSGO) offer a three point reduction in culpability scores for an organization that can demonstrate an effective compliance program. This lowered score can reduce potential fines up to 60 percent. On an enterprise-scale, that could translate to significant cost savings.
Not only can effective compliance reduce a fine, it has the potential to completely eliminate a fine if a company willingly self-reports and demonstrates they have robust procedures in place to capture, prohibit and remediate compliance breaches.
Despite the best of intentions, no compliance program is ever truly perfect. That’s where the seventh hallmark of an effective compliance program-remediation-comes into play.
According to Former Department of Justice (DOJ) expert Hui Chen in our recent interview, “Remediation can mean what actions the company took to discipline the employees engaged in the misconduct, whether the company compensated the victims impacted by the misconduct and whether the company enhanced their compliance program as a result of the misconduct.”
Once the other six hallmarks are in place, this seventh hallmark should essentially create a feedback loop to continuously review and improve the implementation of the other hallmarks. While it would be amazing if we could just follow the steps once and have the perfect compliance program forever, the reality is the hallmarks serve as more of a cyclical roadmap than as a race from a starting line to the finish.
The FSGO states that “After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.”
In other words, this hallmark of effective compliance is all about learning from your mistakes, responding appropriately and continuously improving your programs.
Learn from Your Mistakes
“Every time something goes wrong, you can learn from it, even in situations that aren’t that significant,” Chen states.
The first step to learning from your mistakes as an organization is to periodically assess the risk of the criminal conduct faced by your company and your employees. After all, hindsight is 20/20, and if we never look back and review, we can never learn from our mistakes.
According to the FSGO, these reviews should lead you to take the steps necessary to design, implement and modify each of the seven hallmarks so you can identify and reduce the risks of criminal conduct within your organization.
“The remediation, root cause analysis and continuous improvement all serve one purpose – to ensure that you don’t keep making the same mistakes and to prevent any recurrence of issues,” Chen states.
When it comes to responding appropriately to a compliance issue, Chen mentions that she’s seen several companies make mistakes after they get in trouble with the DOJ. Instead of responding appropriately, these companies often respond by throwing money at their problems.
“As a result, they spend a disproportionate amount of money on compliance in a way that’s really not necessary for their organization,” Chen states. “In those cases, you wonder if these companies are just doing it to show us for now, because this is clearly not going to be sustainable in some organizations. Organizations cannot support an over-bloated type of program of any kind.”
Regulators won’t be fooled by simply throwing money at a problem. A company needs to prove that their solutions are considered carefully and applicable to their specific issues.
This is where it’s important to consider an effective compliance program as part of your overall business strategy. You need to learn to proactively protect your organization from risks and respond appropriately so you can ultimately save your business money and resources, and allocate employee time in a cost effective manner.
This is where technology solutions can play a pivotal role in helping to determine your course of action around compliance. By collecting data, and using the insights from this data to drive your decision making process, you can determine exactly where you should allocate your resources to create and maintain the most cost-conscious and effective compliance program you can.
So how do you continuously improve your compliance function? The questions asked in the DOJ whitepaper on the Evaluation of Corporate Compliance Programs provide some insights on where to get started.
First, according to the whitepaper, regulators want to know how often a company updates their risk assessments and reviews their policies, procedures and practices.
“Every time something goes wrong, you should sit down and figure out why it went wrong,” Chen states. “What in the system allowed it to go wrong?”
According to Chen, people often ask her about rogue employees, and if sometimes rogue employees just happen.
“My answer is yes, of course,” Chen responds. “However, the compelling questions they should be asking are why did the employee go rogue in your organization at this time in this place in this way? How was he or she enabled in going rogue?”
In other words, the DOJ wants to know what is it about your system or your process that could enable rogue behavior? Usually, the answers to these questions reveal the path forward towards correcting the issues and improving the effectiveness of your compliance program.
Identifying the causes behind why people act out of policy can provide a lot of insight into how you can correct these issues.
The second question regulators ask is whether your policies and procedures make sense for the particular business segments and subsidiaries they’re used for.
It’s just good business to be effective, ethical and robust. Not only is the cost of noncompliance often three times the cost of staying compliant, ethics and compliance scandals can damage your company in several ways. Maintaining an effective compliance program not only positively impacts your brand reputation and public image, it can even impact your bottom line.
Many people argue that the true goal of compliance is to create and implement processes and procedures that help mitigate the risk of a compliance breach. However, the fact remains that if a breach occurs, your ability to prove that your compliance program follows regulatory guidelines can reduce your culpability score and lead to significant reductions in fines and penalties.
Remember that staying compliant is never finished – rather it’s an ongoing process. Be sure to regularly review the Seven Hallmarks of an Effective Compliance Program to proactively protect your company from breaches and penalties today.
To find out more about how our experts can help you grow an effective compliance program, connect with us today. Be sure to check out more information on how our technology solutions can help your organization become – and stay – compliant.