In order for a compliance professional to be effective, it is important that the organization trusts the compliance professional’s judgment. Without that respect and trust, it will be difficult for a compliance professional to build consensus around the compliance professional’s recommendations to mitigate potential risk. If a compliance professional manages a department, it is important that the entire department has that same respect and trust within its organization. Accordingly, a compliance professional should design the department’s structure so there is an appropriate level of oversight throughout the department to ensure staff’s compliance recommendations also represent the department’s views on compliance matters.
A compliance officer’s role is to effectively influence the organization to comply with the applicable rules and regulations. It is not uncommon for some compliance departments to be labeled as another “enforcement agency” or thought of as policing the organization. A compliance function’s success is not dependent upon a single compliance professional or department, but the entire organization.
To accomplish this objective, it is important for a compliance professional to collaborate with applicable departments in helping solve business issues in a compliant manner. A compliance department should strive to be thought of as an important business partner and not an enforcer. While compliance professionals need to say no to business initiatives that do not comply with the rules, compliance professionals should also provide constructive feedback to the business on how it may be able to structure a business initiative in a compliant matter. By creating appropriate solutions to a business problem, the business department will further respect the compliance department and view it as part of its solution to resolve an issue.
Support from the CEO and Senior Management
Support from the CEO and senior management is critical to integrating compliance functions in every area of your organization. To help build trust, compliance officers should spend time with management, include them in investigations as appropriate, work with them in their development of corrective action plans, and just be available when needed. Attendance at educational programs cannot be mandatory for everyone except managers and vice presidents. Some organizations may include specific compliance training for managers. Management needs to demonstrate a personal commitment to the program, which will enhance a system-wide commitment. After attending training sessions, managers should discuss the content with staff either at a regular department meeting or as circumstances permit.
Supervisors or managers must also lead by example, as actions speak louder than words. A manager cannot encourage employees to report questionable behavior and then give special treatment to a friend. And once a potential infraction is reported, the non-retaliation policy must be rigorously observed. It is up to management to make sure employees do not hesitate to come forward for fear of retaliation. The cultural tone is set by management and its actions.
Staying on top of compliance issues is part of a manager’s day-to-day obligations. Managers and supervisors must closely follow news and information from their professional organizations and pass along any and all compliance-related issues to the compliance department. And compliance officers can be proactive by periodically asking managers and supervisors what new regulations are developing in their fields.
How can compliance officers help build that trust with the chief executive officer (CEO) and senior management? What follows are ideas to try and areas to work on to gain the support and commitment the compliance department needs.
Communicate Staffing Needs
Staffing is a struggle for any department, and the compliance department is no exception. If the budget will not allow for it or there is not enough work to increase staff, but a certain project requires additional staff, the compliance department may get support from other teams. CEOs and management who recognize that everyone in an organization affects compliance (in effect making everyone part of the compliance team) will help get approval for staffing support from other departments when needed.
Regular Meetings
Although the compliance department may report directly to the board, it is still valuable to meet with the CEO for more than data dissemination. The CEO has experience to share that can help the lead of the compliance department’s navigate working with the board and other departments. During this one-on-one meetings, discus how the department is doing, where it is going, and what assistance may be needed. Additionally, this time allows for the CEO to provide valuable communication about organizational goals and which areas the compliance department could assist. By holding these meetings, and by other departments being aware of the supervision structure, it again shows a clear sign of support for compliance within the organization.
Candid Communication
Is your communication with the CEO open and candid? Being candid does not mean being rude, nor does it have to be direct. Many people have strong communication skills and know how to be open and honest while still conveying certain unpleasant facts or circumstances. To be candid is to explain your thought process, how it informed your conclusion, and why you may or may not agree with what another individual believes. Having candid conversations with your CEO promotes a better understanding of decisions or topics. The point is not to win; the point is to try to ensure everyone understands where others are coming from, and to provide insight into your decision-making process.
Employee Compliance Training
Having a CEO who supports the annual compliance training plan and takes it seriously goes a long way with senior management’s involvement. The CEO should follow up with the compliance officer about the attendance at the annual trainings, in addition to checking in with other department heads about their team’s attendance. The CEO doesn’t need to know each person who is delinquent (unless it’s a smaller company or the CEO wants to know that level of detail), but the CEO should know if a group from a location or department is not attending.
Compliance Department Personnel Training
Compliance department employees require outside training and resources. Being a member of a professional compliance association, such as Health Care Compliance Association (HCCA), provides access to a number of resources. An example is a compliance community blog, which can help when creating new policies or learning what a specific external audit might entail. Profession-specific magazine, newsletter, and blog articles keep the compliance community sharp and up to date on best practices for the industry and things that are coming down the regulatory pipeline. Being able to attend trainings creates new contacts for complicated topics and provides information that would take hours for one individual to pull together—perhaps still missing key pieces. Being a competent professional does not mean being an expert in every area we encounter, but it does involve learning from experts. A CEO who supports a reasonable personnel training line in the budget, can help compliance department personnel stay knowledgeable about the profession.
Support from the Board of Directors or Board of Trustees
The board is the accountable governing body that is responsible for overseeing the fiduciary assets and mission of the organization. Support from the top is very important; there can be no program at all, much less an effective one, without the vision and guidance of the board. It is the board that officially recognizes the need for a compliance program and authorizes its launch and implementation, including the hiring of a compliance officer. The Federal Sentencing Guidelines are very clear on the expected board commitment.
The first step toward implementation of a compliance plan is management’s communication of its commitment. A resolution or memo from the board stating its unequivocal support for the program is a strong beginning. The source of such a statement may differ according to the organization. In some organizations it might come from the chairman of the board; in others from the CEO. A teaching hospital or medical school may want the statement to come from the dean. Whatever the source, it is helpful for board endorsement to be conveyed in a written format; communicate unqualified support for and commitment to the compliance process and ethical business behavior; and be effectively communicated to everyone. Board oversight responsibilities are outlined in the OIG’s Practical Guidance for Health Care Governing Boards on Compliance Oversight, as well as other industry and regulatory documents.[7]
One option is for the board or CEO to distribute the memo or resolution to all managers. The managers would then distribute the document to their employees so that the word trickles down and the message is reinforced that all managers endorse the compliance program. This approach also makes the compliance program directly accessible to staff and gives staff an opportunity to discuss the document in relatively small groups. A special department or unit meeting to discuss the program and distribute the letter can lend weight to the message. Or it can be an agenda item for a regularly scheduled meeting. Whatever the venue, staff should be given ample opportunity to ask questions and offer feedback.
The board’s role does not end with voting to establish a compliance program and distributing a letter of support—nor does its responsibility. Ongoing, visible support from the board of directors is crucial. Most people care about what the boss cares about. When the board takes compliance seriously, that sense of importance will trickle down. The board may need guidance in understanding the seriousness of compliance, particularly the implications of not taking active measures to prevent potential wrongdoing. This makes it necessary for the compliance officer to include some form of education about the compliance program and important regulations at board meetings. Following are some ways to keep the board engaged and keep compliance in the forefront of their minds.
Connect Compliance to the Bottom Line
Put compliance in the context of achieving the organization’s mission and strategic goals. If you want the board to see the compliance program as an operational imperative, you need to articulate the business case that ethical organizations have the competitive advantages of attracting the best talent, fostering brand loyalty, and earning greater profits. In addition to making more profit, ethical organizations have more value and are better positioned to survive a scandal. In an increasingly connected and data-driven world, the more connections a compliance officer can communicate about the interrelationships of the compliance program and the organization’s mission, strategy, risks, and key business processes, the better it will be for the program.
Use Scandals as Case Studies
Boards and compliance officers want to foster an ethical culture in which a proactive approach can help prevent misconduct and avoid scandal. When speaking with the board, use large and very public scandals as case studies to ask the question: “Could it happen here?” Then engage the board on its obligation to set the tone from the top.
Be Clear and Consistent on Handling Misconduct
It is not uncommon for the board to have a separate and different code of conduct than the organization’s C-suite and employees. One way to make the message clear that ethical expectations are the same for everyone is to have one code of conduct, which also applies to the board. Every organization should be clear about what kinds of misconduct lead to termination, no matter who is at fault. The tone set by the board and the C-suite determines if misconduct will be tolerated by some but result in punishment for others. Are there unspoken rules that “superstars” and “high potentials” get a pass and another set of rules that result in discipline for employees lower down the corporate ladder? The compliance officer should advise the board on the outcome of applicable compliance disciplinary matters. The board should inquire whether the organization consistently and appropriately imposes disciplinary measures.
Have Dialogues, Not Monologues
Board members want to be good managers, and the compliance officer plays a role in helping the board and the organization succeed by giving them the information, support, and counsel they need to fulfill their fiduciary duties. Create one board ally at a time and foster relationships with managers that focus on having dialogues rather than monologues. Ask them what would help them be successful and what information they want to know.
Share Metrics and Resources
In light of the U.S. Department of Justice (DOJ) guidance Evaluation of Corporate Compliance Programs, boards need to play a more active role in determining metrics, obtaining information from sources besides the C-suite, and establishing how often they should receive these metrics.[8] Compliance officers should set up touchpoints before board meetings to discuss recent developments, new initiatives, and other items. Share articles, podcasts, and benchmarking surveys about ethics and compliance to build a relationship with the board.
Compliance officers should also share important organizational metrics. One critical metric could be whether disciplinary actions are administered fairly at all levels of the organization. Another metric could be the number of compliance inquiries received and how quickly those compliance inquiries were closed out. To get a feel for whether the organization’s culture really encourages people to speak up without fear of retaliation, the board should know how many employees feel comfortable identifying themselves compared with how many employees elect to remain anonymous.
Get on the Agenda
DOJ guidance focuses on whether the board is regularly interacting with compliance officers who are independent, have required knowledge and expertise, and possess relevant information. At least annually and more frequently if necessary, the board should discuss the critical risks of the organization. Because the execution of the strategy is connected to the compliance program, the compliance officer should have a seat at the table and be on the agenda for these discussions in both regular and executive sessions to assist the board with identifying, managing, and overseeing the mitigation of those risks. The compliance officer should also be on the agenda to discuss the metrics that will establish a board-level system of mandatory reporting that measures the culture and the tone at the top, as well as to assist with raising issues that might not be brought forth by management.