11 Strategies To Turn Compliance Into

Partnership
Expert Panel®
Forbes Councils Member
Forbes Human Resources Council
COUNCIL POST| Membership (Fee-Based)
Leadership

Corporate environments around the world have established compliance

programs regarding employee workplace behavior. Unfortunately, a lot of
employees have come to consider these arrangements negatively.

Your team may see compliance as a company being a type of Orwellian "Big
Brother" looking over their shoulders constantly. A business needs to change
this mindset if they want to have a more integrated and productive workplace. 

How can a company shift its compliance function from a hated surveillance
network into a true partnership? These 11 experts from Forbes Human
Resources Council suggest several strategies that businesses can implement to
make their compliance function less intimidating and reestablish trust within
the company's walls.

Members offer advice for HR leaders who are looking to encourage employee
compliance.
 PHOTOS COURTESY OF THE INDIVIDUAL MEMBERS.
PROMOTED

1. Encourage Open Communication

How a compliance function is perceived is directly correlated to the culture

and management style of the leadership. It is important to foster a work
environment consisting of open and honest communication, which fosters
trust and empowers employees. Management training on how to empower
employees is critical to prevent micromanagement, while a policy regarding
whistleblowing/compliance should also be established. - Natalie Heim, Domio

2. Build A Culture Of Commitment

Building a culture of commitment is a journey that begins with inspiring

people with a purpose. The only way to sustain this commitment is to make
leaders’ visible behaviors mirror the company’s core values. Upskilling people
is good, but the only way to guard your culture is by holding leaders
accountable for leading by example and practicing what they preach. - Iyad
Uakoub, Skillz

MORE FOR YOU

As Spotify Becomes The Top Dog In Podcast Directories, Google Lags Behind

Inside Caper AI's $350 Million Sale, Handicapping Sweetgreen's IPO And More: This
Week In Under 30

3. Shift Your Mindset First

The first thing is to shift your mindset from compliance function to

compliance business partner. That means actively seeking to understand the
business and ensuring that compliance solutions are tailored and
communicated in a way that solves these problems. Establishing the
partnership prior to enforcing the rules also helps both parties feel that they're
working together rather than being watched. - Lynee Luque, Envoy

Forbes Human Resources Council is an invitation-only organization for HR

executives across all industries. Do I qualify?

Forbes Leadership
READ MORE
Why Putting Your Values First Will Keep You TrueTo Your
Business’ Mission
4. Bring Employees Into The Conversation

Compliance is a necessary “what,” but organizations need employees to

partner with leadership in demystifying the “why.” A compliance committee
with employee involvement can create internal champions for policies that
keep everyone safe and protected. Bring employees into the conversation to
help co-create solutions and they can help bring others along. - Courtney
Peterson, Sidwell Friends School

5. Actively Listen And Provide Feedback

Effective compliance management involves active listening and providing

feedback to managers and employees that helps them navigate decisions
before they become minefields. Our compliance leaders provide a safe
environment where the exchange of questions and answers does not create an
air of suspicion but rather a collegial and team-based one of making the best
decisions possible. - Dale Moyer, Vyaire Medical

6. Help People Understand The ‘Why’

I think you have to help people understand the "why" behind the policies.
Most compliance documents and statements are permutations (many times
removed) of common-sense practices. If you can help people understand what
the policies are there to do, and why they're important, it goes a long way.
- Elizabeth Roberts, eGenesis, Inc.

7. Explain The Consequences Of Non-Compliance

It’s crucial to build the awareness of consequences that can result from non-
compliance within your workplace. HR has an important role in establishing
an organization’s culture, and a critical part of being transparent with
employees surrounding compliance functions is clearly illustrating the
potential issues that can arise from violating compliance protocols. - Srikanth
Karra, Mphasis.com

8. Share Compliance Needs Differently

While compliance is essential, to become a business partner, it's time to

communicate and share compliance needs differently. Instead of always being
the first thing employees see or read, it should be the next thing. Share what
the employee needs to know as it relates to their own personal interest (in
layman's terms, of course), and then have the in-depth compliance details as a
second click. - Melissa Anzman, bettHR

9. Make It A Shared Responsibility

Make compliance a shared responsibility by creating a cross-functional team

led by HR, finance, legal, security and members from other critical business
functions. While each of the members may have individual deliverables,
creating a team destigmatizes compliance-related tasks, and encourages
collaboration and awareness throughout the organization. - Jennifer
Marszalek, Working Credit NFP

10. Provide Constant Compliance Training

The most effective way for leaders to get employee buy-in to their corporate
compliance plan is by providing initial training during onboarding, as well as
annual follow-up training. Employees are far more likely to follow company
rules and procedures when they’re educated on how to stay compliant than
they are when they’re reprimanded or punished for failing to do so. - John
Feldmann, Insperity
11. Reframe It As A Necessary Checkpoint

Compliance is essential for most businesses as companies are required to

adhere to external rules. Reframe compliance as a necessary checkpoint to
ensure best practices. Big Brother personas are oppressive and intrusive.
Compliance should be framed as transparent and helpful processes to
maintain regulatory objectives, which guarantee fair markets and protect
employees and investors. - Kelley Steven-Waiss, HERE Technologies

Compliance interview questions with sample answers

Here are some interview questions and sample answers that can help you
when preparing for your compliance interview:

1. What would your compliance program look like in our organization?

Interviewers might want to know the specific ways in which you can implement
and oversee a compliance program. Consider including references for how a
compliance program looked at your previous organization, why it was effective
and why it's important.

Example: "Our compliance program will focus on the current laws and

regulations that we need to follow, so a thorough review of that will show
where we need to focus. In my previous role, we implemented system
controls to ensure we had automated compliance flags and four rounds of
random compliance checks a year. We will also survey employees to ensure
compliance measures don't affect job performance."

2. How have you handled a compliance conflict in the past?

Interviewers may ask how you handled specific conflicts in previous roles to
see how you might handle them with their organization. To answer this
question effectively, describe a specific conflict, how you handled it and what
the result was.
Example: "At my previous organization, we had a very strict compliance
policy. One violation was a warning, and two meant firing. I found one
employee violating our customer data policy during an audit and provided
them with a warning. During the next audit, we found they were still non-
compliant, so I advised their manager to fire them. It isn't always easy, but it's
important to enforce compliance for legal and ethical reasons."

3. What certifications or training have you received in compliance?

Some jobs may require specific training or certifications in different areas, like
financial or legal compliance. An interviewer may ask this question to learn
about the details of any relevant certifications you hold or training you've
completed.

Example: "Yes. Last year, I earned the Certified Compliance &  Ethics

Professional (CCEP) certification. This taught me a lot about the legal and
ethical requirements corporate organizations need to follow and why they're
important. Though not a certification, I attended a six-week training about
medical compliance at my last job to ensure I knew our organization's
processes and policies."
Please note that none of the companies mentioned in this article are affiliated
with Indeed.
Related: Steps To Becoming a Compliance Officer

4. What would be your first steps for a new compliance assignment?

Different from more general questions about your compliance knowledge and
experience, this question can show interviewers the actual actions you might
take when entering a compliance role. In your answer, describe what steps
you might take and why they're important.

Example: "I would first perform a thorough review of our existing compliance

practices and legal needs. This can help us understand if there are any
immediate gaps we might need to fix or if any laws have changed that might
determine our policies. I would then brainstorm possible solutions like system
controls or manual checks that we can implement to ensure compliance."

5. What is a common compliance issue companies like ours face?

Interviewers asking this question hope to learn about your industry knowledge
that you might bring to their company. Reference a common problem you
might have experienced in a previous role and how you think companies can
address it.

Example: "In health care, I think data breaches and ransomware are two
extremely important issues. By investing in technology that can better protect
patient data, many health care facilities might save money in lawsuits and
ensure our information is safe and compliant."

6. What makes you a good compliance officer?

Interviews asking this question want to know both about your personal
qualities and the qualities you think make a good compliance officer. To
answer effectively, share specific skills you have and how they contribute to
your success in the role.

Example: "I think I'm a good compliance officer because I review every detail
thoroughly before determining compliance rules or issuing warnings. It's
important that I understand these minor details and the larger compliance
goals of a company, so I can learn more about why each rule is important. I
also understand the reality of the business, analyze risks and understand how
we can apply laws to our unique processes."

7. How would you handle a company leader who violates compliance

orders?

Interviewers might ask how you can handle specific, high-profile compliance
issues. In your answer, explain how compliance rules apply to everyone and
discuss your method for ensuring that everyone is held accountable.

Example: "It's important that every member of the organization, especially

senior leadership, understands the importance of compliance. Otherwise, it's
difficult to manage. Holding senior management accountable can be a
challenging task, but I would communicate their violation and provide them
with the disciplinary actions that we should take as a result. At my previous
job, I had a situation like this where I involved other executive leaders to help
ensure the one out of compliance understood the effects of their action."
Read More

020
Providing reports about corporate compliance is one of the most important duties that a
compliance officer performs. So let’s review the fundamentals of that task, and begin
with a simple question: what is compliance reporting, exactly? 

The simplest definition is that a compliance report documents how well a company is or
isn’t complying with some regulation that applies to the business. That compliance
report is usually (but not always) written by the compliance officer, and it can go to
several audiences—the board, senior executives, regulators, business partners, and
others. 

Broadly speaking, a compliance report tries to answer three questions:

 Is the organization in compliance with the regulation? 

 Does the company have a reliable process to be in compliance? 
 What else could or should be done to improve compliance?

That’s the overview of compliance reporting, at least. Now let’s consider the details of
how to do compliance reporting well. 

Why Compliance Reporting Is Important

Compliance reporting is important for many reasons.

First, some compliance reports can be required by regulatory obligation. For example,
banks must file certain reports with their industry regulators to demonstrate compliance
with rules governing liquidity risk. A business working under a settlement
for antitrust or FCPA infractions might need to file reports with the Justice Department
about corporate compliance. An inability to generate those reports could invite serious
trouble.

Second, even where a compliance report isn’t required by regulation, compliance

reports can inform your regulatory reporting. For example, in the state of New York,
financial firms need to certify the effectiveness of their cybersecurity programs. That
certification isn’t a compliance report in the strictest sense—but just about every CISO
would want an internally generated report about the firm’s compliance with
cybersecurity regulations before he or she certifies anything.

To put it another way, compliance reports are important because they document the
current state of your company’s compliance posture. 

Spoiler alert: that posture is not perfect. Whether you are documenting compliance with
anti-corruption, privacy, human trafficking, or anything else, inevitably you will find
shortcomings. A compliance report identifies those shortcomings and provides a
roadmap to remediation. 
Third, compliance reports can often be required by customers. For example, a customer
might want to understand your company’s cybersecurity or anti-corruption programs,
before it agrees to do business with you. A compliance report can answer those
questions. (And as the business landscape keeps marching toward a world of high
regulatory and ethical expectations, those demands from customers will only get more
insistent.)

Examples of Compliance Reports

Compliance reports come in all shapes and sizes, on many subjects. Some might have
a designated structure, if they’re driven by specific regulatory requirements. Many,
however, take whatever form and structure makes the most sense for your
organization’s needs; the content of the report is what matters most. 

Examples of a compliance report include:

 A review of due diligence programs or internal accounting controls for FCPA compliance
 A summary of the documentation and testing of security controls for PCI compliance
 A report on policies and procedures necessary for HIPAA or GDPR compliance
 A review of policies and internal controls for AML or Know Your Customer compliance

The Justice Department’s guidelines for effective compliance programs don’t specifically

say, “Thou shalt do compliance reporting.” They do, however, talk about a
company’s ability to see warning signs of compliance risk, “such as audit reports
identifying relevant control failures.”

That implies an ability to study your compliance posture—which is what a compliance

report allows you to do. So whatever compliance obligations your company might have,
an effective compliance program should be able to generate reports on all of them. 

What a Compliance Report Should Include

A compliance report should include four main components:

 A statement regarding the regulation in question.

 A discussion around the scope of the report—that is, precisely what the compliance
officer reviewed, and what he or she didn’t. In many instances, affirming what
was not reviewed is just as important as stating what was.
 A review of the compliance process itself. For example, if reporting about the
effectiveness of third-party due diligence, describe how those procedures are supposed
to work. 
 A summary of the findings of your analysis. How well is the company meeting the stated
compliance obligation, or not? 
A compliance report can, and usually should, also include action items to improve
compliance. In some instances, however, such as a regulatory report with a fixed
structure, that might not be the case. 

What Makes Compliance Reporting

Effective
First, effective compliance reporting makes reports that are useful to the reader.
Remember that many compliance reports go to senior executives or board directors.
While they might understand the concepts for regulatory compliance, they won’t
necessarily know all the lingo or terms of art that compliance officers might use
internally. 

A compliance report should anticipate that reality, and be written in such a way that its
readers can put the report to good use. To that end, all compliance reports should: 

 Use clear language and sentence structure

 Be concise
 Include an executive summary
 List action items or timelines for improvement
 State any necessary action from executives or the board, such as decisions that only
they should make

Second, effective compliance reporting generates reports as quickly as possible. This

quality is more important for the compliance officer making the reports, rather than for
the executive reading the report—but it’s still important. Manual creation of compliance
reports is expensive, painstaking, and more prone to error.   

For example, all useful compliance reports include data. So one place for a compliance
officer to start is to consider which parts of data collection and analysis can be
automated and then fed into a pre-existing compliance report. (Say, a quarterly analysis
of due diligence efforts.)

That also means the compliance officer should consider the design of your compliance
reports, and how much of the report can be pre-formatted so data flows into the report
automatically. 

In the ideal world, many compliance reports can follow predesigned templates, to
capture data based on predetermined metrics. Then you can present those
reports quickly, clearly, and easily. 
The one thing you probably shouldn’t automate: the analysis of weak spots in your
compliance program, and recommendations for improvement. Some things are still
better left to good old human judgment.