Professional Documents
Culture Documents
11 Strategies To Turn Compliance Into Partnership
11 Strategies To Turn Compliance Into Partnership
11 Strategies To Turn Compliance Into Partnership
Partnership
Expert Panel®
Forbes Councils Member
Forbes Human Resources Council
COUNCIL POST| Membership (Fee-Based)
Leadership
Your team may see compliance as a company being a type of Orwellian "Big
Brother" looking over their shoulders constantly. A business needs to change
this mindset if they want to have a more integrated and productive workplace.
How can a company shift its compliance function from a hated surveillance
network into a true partnership? These 11 experts from Forbes Human
Resources Council suggest several strategies that businesses can implement to
make their compliance function less intimidating and reestablish trust within
the company's walls.
Members offer advice for HR leaders who are looking to encourage employee
compliance.
PHOTOS COURTESY OF THE INDIVIDUAL MEMBERS.
PROMOTED
As Spotify Becomes The Top Dog In Podcast Directories, Google Lags Behind
Inside Caper AI's $350 Million Sale, Handicapping Sweetgreen's IPO And More: This
Week In Under 30
Forbes Leadership
READ MORE
Why Putting Your Values First Will Keep You TrueTo Your
Business’ Mission
4. Bring Employees Into The Conversation
I think you have to help people understand the "why" behind the policies.
Most compliance documents and statements are permutations (many times
removed) of common-sense practices. If you can help people understand what
the policies are there to do, and why they're important, it goes a long way.
- Elizabeth Roberts, eGenesis, Inc.
It’s crucial to build the awareness of consequences that can result from non-
compliance within your workplace. HR has an important role in establishing
an organization’s culture, and a critical part of being transparent with
employees surrounding compliance functions is clearly illustrating the
potential issues that can arise from violating compliance protocols. - Srikanth
Karra, Mphasis.com
The most effective way for leaders to get employee buy-in to their corporate
compliance plan is by providing initial training during onboarding, as well as
annual follow-up training. Employees are far more likely to follow company
rules and procedures when they’re educated on how to stay compliant than
they are when they’re reprimanded or punished for failing to do so. - John
Feldmann, Insperity
11. Reframe It As A Necessary Checkpoint
Here are some interview questions and sample answers that can help you
when preparing for your compliance interview:
Interviewers might want to know the specific ways in which you can implement
and oversee a compliance program. Consider including references for how a
compliance program looked at your previous organization, why it was effective
and why it's important.
Interviewers may ask how you handled specific conflicts in previous roles to
see how you might handle them with their organization. To answer this
question effectively, describe a specific conflict, how you handled it and what
the result was.
Example: "At my previous organization, we had a very strict compliance
policy. One violation was a warning, and two meant firing. I found one
employee violating our customer data policy during an audit and provided
them with a warning. During the next audit, we found they were still non-
compliant, so I advised their manager to fire them. It isn't always easy, but it's
important to enforce compliance for legal and ethical reasons."
Some jobs may require specific training or certifications in different areas, like
financial or legal compliance. An interviewer may ask this question to learn
about the details of any relevant certifications you hold or training you've
completed.
Different from more general questions about your compliance knowledge and
experience, this question can show interviewers the actual actions you might
take when entering a compliance role. In your answer, describe what steps
you might take and why they're important.
Interviewers asking this question hope to learn about your industry knowledge
that you might bring to their company. Reference a common problem you
might have experienced in a previous role and how you think companies can
address it.
Example: "In health care, I think data breaches and ransomware are two
extremely important issues. By investing in technology that can better protect
patient data, many health care facilities might save money in lawsuits and
ensure our information is safe and compliant."
Interviews asking this question want to know both about your personal
qualities and the qualities you think make a good compliance officer. To
answer effectively, share specific skills you have and how they contribute to
your success in the role.
Example: "I think I'm a good compliance officer because I review every detail
thoroughly before determining compliance rules or issuing warnings. It's
important that I understand these minor details and the larger compliance
goals of a company, so I can learn more about why each rule is important. I
also understand the reality of the business, analyze risks and understand how
we can apply laws to our unique processes."
Interviewers might ask how you can handle specific, high-profile compliance
issues. In your answer, explain how compliance rules apply to everyone and
discuss your method for ensuring that everyone is held accountable.
020
Providing reports about corporate compliance is one of the most important duties that a
compliance officer performs. So let’s review the fundamentals of that task, and begin
with a simple question: what is compliance reporting, exactly?
The simplest definition is that a compliance report documents how well a company is or
isn’t complying with some regulation that applies to the business. That compliance
report is usually (but not always) written by the compliance officer, and it can go to
several audiences—the board, senior executives, regulators, business partners, and
others.
That’s the overview of compliance reporting, at least. Now let’s consider the details of
how to do compliance reporting well.
First, some compliance reports can be required by regulatory obligation. For example,
banks must file certain reports with their industry regulators to demonstrate compliance
with rules governing liquidity risk. A business working under a settlement
for antitrust or FCPA infractions might need to file reports with the Justice Department
about corporate compliance. An inability to generate those reports could invite serious
trouble.
To put it another way, compliance reports are important because they document the
current state of your company’s compliance posture.
Spoiler alert: that posture is not perfect. Whether you are documenting compliance with
anti-corruption, privacy, human trafficking, or anything else, inevitably you will find
shortcomings. A compliance report identifies those shortcomings and provides a
roadmap to remediation.
Third, compliance reports can often be required by customers. For example, a customer
might want to understand your company’s cybersecurity or anti-corruption programs,
before it agrees to do business with you. A compliance report can answer those
questions. (And as the business landscape keeps marching toward a world of high
regulatory and ethical expectations, those demands from customers will only get more
insistent.)
A review of due diligence programs or internal accounting controls for FCPA compliance
A summary of the documentation and testing of security controls for PCI compliance
A report on policies and procedures necessary for HIPAA or GDPR compliance
A review of policies and internal controls for AML or Know Your Customer compliance
A compliance report should anticipate that reality, and be written in such a way that its
readers can put the report to good use. To that end, all compliance reports should:
For example, all useful compliance reports include data. So one place for a compliance
officer to start is to consider which parts of data collection and analysis can be
automated and then fed into a pre-existing compliance report. (Say, a quarterly analysis
of due diligence efforts.)
That also means the compliance officer should consider the design of your compliance
reports, and how much of the report can be pre-formatted so data flows into the report
automatically.
In the ideal world, many compliance reports can follow predesigned templates, to
capture data based on predetermined metrics. Then you can present those
reports quickly, clearly, and easily.
The one thing you probably shouldn’t automate: the analysis of weak spots in your
compliance program, and recommendations for improvement. Some things are still
better left to good old human judgment.