Earlier this year, the U.S. Department of Justice issued guidance relative to the factors it deems critical in assessing the effectiveness of a compliance program. The guidance is not limited to situations involving the FCPA. It is equally applicable to other violations of U.S. law. Though the information provided in the guidance was not necessarily new, the succinct yet comprehensive presentation was extremely helpful and certainly welcomed.
One of the factors that the Justice Department cited was responsibility for the integration of policies and procedures:
Responsibility for Integration – Who has been responsible for integrating policies and procedures? With whom have they consulted (e.g., officers, business segments)? How have they been rolled out (e.g., do compliance personnel assess whether employees understand the policies)?
Integration is much like implementation. Both represent steps taken to actually put in place and actively enforce policies and procedures. However, reference to “integration” represents a critical component of implementation. It suggests the need for policies and procedures to made a vital part of the regular operations of an entity. Input and, as much as possible, acceptance needs to be sought from the various components of an entity. Ongoing monitoring is always required. Adjustments may need to be made to ensure that policies and procedures are practical and not unwieldy in nature.
The import of working with others in designing and implementing a compliance program cannot be overstated. Compliance officials should avoid tunnel vision. They need to seek out others in an entity’s organization for advice and to enlist their support in working through the range of issues that may arise in implementing the policies and procedures. In every respect, it should be a team effort throughout the entity in ensuring that the policies and procedures are both effective and efficient.
To be truly effective, the manner in which policies and procedures are implemented must be efficient in their use and application. They should not be unduly burdensome. They also should be clear and easily understood. It must be kept in mind that human nature is such that the policies and procedures will, in time, be disregarded if they are complicated or unclear. By working in an integrated manner within an entity, many practical problems with implementation are more likely to be resolved satisfactorily.
The one concluding consideration relative to the need for integration in implementing policies and procedures is the role of senior management. Compliance officials are often perceived as imposing unwelcome complications in the day-to-day activities of an organization. Gaining access to or input from different components of an entity may be difficult without the active and ongoing support of senior management. In short, the right “tone at the top” is always essential to the successful implementation and integration of compliance policies and procedures.