One of the most difficult things about establishing an effective anti-corruption compliance program is getting the operations units of a company to take interest.
Paper programs alone are insufficient. The Wal-Mart case and others tell us this. Instead, employees throughout a company must fully embrace compliance functions. And the business units are essential to putting compliance procedures into practice.
Here are three concrete things that an FCPA compliance officer can do to get the company’s operations teams better engaged:
1. Prioritize communication: The more often a compliance officer communicates with operations units, the easier it will be to gain buy-in for compliance requirements. To do this, compliance officers can attend regular meetings with company leadership committees, chief operating officer staff, and other management personnel. They can visit business sites, meet with employees, and discuss compliance strategies. They can reach out and seek feedback. When operations has input, it is more likely to be committed. As with anything, establishing personal relationships, trust, and open lines of communication is half the battle.
Being present not only allows the compliance officer to build support but it allows him or her to detect new risk areas and sources of concern. It positions the compliance officer to obtain feedback on the strengths and weaknesses of the program. He or she can be on top of new directions of the business that might demand new compliance strategies.
Interestingly enough, PwC’s State of Compliance: 2012 Study suggests that compliance programs could use more of this approach.
In the study, only a third of respondents said sales and marketing representatives serve on their compliance committees. Only 22 percent said the supply chain is represented. More than one third had no representatives from operations at all. Instead, compliance committees are more often populated with people from legal, human resources, internal audit and finance.
As PwC’s Bobby Kipp, one of the co-authors of the report, explains, ‘Including marketing and sales and supply chain leaders in the composition of compliance committees can help ensure that the business bakes in, rather than bolts on, compliance into their teams’ everyday actions.’ Sally Bernstein, another co-author, adds, ‘Compliance committees need to be dynamic and connected with the risk profile of the organization. The members of the committee should expand or change based on the biggest risks. This allows the committee to get appropriate insight into the challenges or actions required.’
2. Involve operations in program design: Compliance officers can work with sales teams to determine reasonable cut-off levels for a gifts policy. They can work with human resources to determine how to build background checks for corruption red flags into hiring processes and seamlessly implement training after employees come on board. They can work with internal audit to design periodic compliance reviews of a program’s effectiveness.
3. Give operations responsibility for third party due diligence: If business units are choosing third parties to support the company’s business, they are also well positioned to assess and monitor those third parties for compliance. This is what companies like Tyco have successfully done. Giving them responsibility will likely cause them to steer clear of riskier third parties. They are also more likely to decline the use of a third party if they do not have a significant need to hire it. Note that this approach will require the compliance office, internal audit, legal, or another department to conduct regular spot checks to ensure operations are doing what they are supposed to be doing.