What a Proactive Compliance Program looks like

A hallmark of a well-designed and effective compliance program is proactivity.  This means an organisation is actively taking steps to comply with legislative requirements and industry regulation by anticipating and rectifying areas of risk within the business as the business evolves and its risks diversify – without being prompted, for example, by an internal audit report or a knock on the door from enforcement.  It’s also about embracing the spirit and the letter of the law and embedding this culture throughout the organisation.

In the aftermath of the global pandemic, we’re finding that adopting a proactive approach (as opposed to a reactive one) is now more important than ever, particularly within our evolving regulatory landscape.  Many companies will now be confronting new compliance risks and may be subject to unprecedented disruptions.

This infographic illustrates how organisations can structure a proactive compliance program.  By periodically reviewing, improving, implementing and owning a well-designed and effective proactive compliance program, organisations demonstrate better practice and place themselves in a stronger position of defence.

01 – Top-level Commitment – Demonstrate strong and explicit leadership and commitment from the Board, senior and middle management who prioritise ethics and integrity.

02 – Resourcing – Adequately appoint dedicated personnel (proportionate to the size and complexity of the organisation) who have the requisite skills, experience and authority and who have visibility throughout the organisation.

03 – Regulatory compliance – Track and prepare for changes to laws and regulations relevant to the organisation’s operations and assign responsibility for regulatory liaison including response.

04 – Policies and Procedures – Be clear on what matters most.  Implement clear, consistent, and accessible policies and procedures which are integrated into organisational processes and subject to regular review.

05 – Risk Assessment – Perform a continuous formal risk assessment process to identify and assess current and emerging compliance risks.

06 – Monitoring and Testing – Assess controls through monitoring and testing to ensure controls are well designed and operating effectively with reference to sufficient direct or indirect sources of data and analytics.

07 – Whistleblowing – Facilitate efficient and trusted reporting of misconduct with no detriment or retaliation.

08 – Training and Awareness – Deliver a risk-based compliance training program which is appropriately tailored in content and delivery method and considers positions, roles and responsibilities.

09 – Investigations Process – Perform timely, confidential and comprehensive investigations.  Ensure they are appropriately scoped and conducted by suitably qualified personnel.  Understand and address root cause analysis.

10 – Accountability – Develop and implement an accountability framework for managing compliance risk.  Discipline those who engage in misconduct or fail to take reasonable steps to detect or prevent misconduct.

11 – Reporting – Generate specific, meaningful and transparent reporting to senior management, governance committees and the Board.  Act upon the information provided.

12 – Continuous Improvement – Understand interdependencies, assess maturity and remediate the origins of misconduct and control failures.  Review and enhance compliance program based on “lessons learned.”