The Compliance Officer's Killer Application
All organisations need to keep abreast of regulatory developments relevant to their business but to do so they need to enter into a regulatory and legal minefield.
Human resource personnel now need to grapple with the nuances of employment and health & safety law, in some industries corporate manslaughter charges are a real risk and for others licensing laws have reached new heights of complexity. With the growth in e-commerce where consumer protection is dependent on jurisdiction, trademark and intellectual property laws are becoming confused and the 'risk' list for all organisations is now seemingly endless.
Small businesses in particular are finding that a casual and informal approach to these issues can result in regulatory censure and regulatory fines that can have no bearing on the financial health of the individual company; for larger companies there is the potential of material, financial and reputational damage.
Small to medium businesses will rarely have the luxury of employing a full time Compliance Officer but they should charge someone with the responsibility and although larger organisations can afford a dedicated person they are finding that with compliance issues mushrooming the Compliance Officer now has a team, a department and if not already, how long before compliance becomes a division?
Regardless of size, the first step in compliance for any organisation requires them to identify the areas of compliance that are applicable to them. Rules and regulations are being introduced monthly on a local, regional, national and international level, covering everything from data protection and freedom of information, anti-money laundering to environmental waste control, race relations to health and safety; with ignorance being no defence there is a requirement on the individual businesses to know their responsibilities, and fines for those that wait to be told.
Having identified the areas of compliance the company then needs to understand what they need to do to ensure they comply. It is becoming conceivable that with the sheer volume of compliancy issues that companies who can show a good faith effort in complying will, even when they fall short, reduce the risks of fines; to do so they need to demonstrate that they had every intention of acting within the spirit of the rules and that specific and timely action was being taken in relation to any failings or breaches. This is where the culture of the organisation is key.
With Compliance issues identified and understood the Compliance Officer needs to define and implement policy and disseminate the information throughout the organisation.
It is important for the Compliance Officer that they do not inadvertently become the company's patsy. Senior managers are not averse to ignoring the internal memos they receive advising them of their responsibilities. Compliance Officers need to deliver their messages up and down the corporate food chain and record that their advice and directives have been received and more importantly understood.
The Compliance Officer has to avoid becoming the company scapegoat. This won't happen by itself, a sales team that has a long history of success though a relaxed attitude to selling is not going to willingly adopt new, and what they will see as restrictive, practices without a fight. 'I didn't get the memo', 'I didn't understand it', 'I thought it meant something else', 'I thought these were only guidelines' are likely to be stock replies, along with the one or two old timers that didn't think compliance issues applied to them. It used to be a safe bet to blame IT, blame Compliance is rapidly taking its place. This is where follow-up and disciplinary action by senior management is imperative.
To survive in this challenging environment, the compliance officer needs to have several spanners in the tool kit, buy-in of senior management, a strict reporting process and a good flow of management information. But what else - an excellent means of communication - this is key - the compliance officer needs to connect and communicate with the business - one tool that can bring real results is the online survey and questionnaire.
The online survey can deliver a message internally to the individual; it can be informative like a memo and educational by referencing detailed policy. Importantly it can become a valuable self-registering record that confirms that the information has been properly disseminated and understood.
A single survey question can achieve all these objectives at the same time.
Take an example:-
Are you aware
that section 45 of the Companies (Auditing and Accounting) Act 2003
imposes an obligation on directors of certain companies to prepare
statements on their company's compliance with its relevant
For those Directors that have not read the policy the survey will give an opportunity to view the company's policy online (using an embedded live HTML link). Should Directors answer 'No' the Compliance Officer knows who to target.
The survey also records the manager's response and shifts the responsibility away from the Compliance Officer to the individual manager where the responsibility needs to rest for a company to meet its compliance obligations.
Using an online website such as Survey Galaxy where multiple surveys can be managed, easily modified, updated and re-issued on a periodic basis across an organisation online surveys can be the Compliance Officer's killer application.
Through the regular use of online surveys the Compliance Officer will be in the driving seat, leading and not chasing compliance issues, not only circulating the information on a one to one basis but also monitoring and recording the level of awareness throughout the organisation.
The Compliance Officer's role is a difficult one, like a parent keeping a wayward child on the straight and narrow, most employers, let alone their employees, often do not fully understand the true consequence of their, often innocent, minor discretions. Assigning a Compliance Officer is a start but enabling them to fulfil their remit will be the difference between a company being fully compliant and one that risks suffering the consequences for having let compliance take a back seat.