A Step-By-Step

Guide to Elevating Your

Compliance Program
Table of Contents
Introduction............................................................................................................................. 1

STEP 1 | Deciding When to Elevate................................................................. 2

STEP 2 | Create a Plan to Elevate....................................................................... 3

STEP 3 | Determine How You Will Elevate................................................ 4

STEP 4 | Understand Where You Can Go Wrong.............................. 5

Conclusion................................................................................................................................. 6
 Introduction
Ethics and compliance risks have seeped into every corner of the modern business
organization, whether that risk is a business partner offering bribes in another part of the
world or a mid-level manager mishandling confidential data in corporate headquarters.

It’s only logical, therefore, that companies should want a culture of compliance to seep
into every corner of the business as well. For many organizations that means elevating the
profile of compliance within your organization, so that all parties involved — employees,
senior managers, business partners — give ethical behavior the priority it deserves.

The challenge for compliance officers? Leading people to appreciate the compliance
program, rather than resorting to threats in order to gain respect for the program.

After all, senior management (including compliance officers) can set any policy they want.
If you want people to follow those policies, however, they need to take ethics and compliance
seriously; they need to take the compliance officer seriously. Which means elevating your
compliance program through a variety of approaches, from simple messaging to outright
enforcement. This eBook is your guide to strategically deciding when, how, and where you
should begin elevating compliance within your organization.

It’s only logical that companies should want

a culture of compliance to seep into every corner
of the business.

1 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

 STEP 1
Deciding When to Elevate
Moments of big change for your organization are an ideal time to boost the compliance function’s profile. For example,
consider when a new CEO or corporate owner takes control of a business: most of the workforce and business partners
expect changes to accompany those events. It’s a perfect natural moment to elevate the importance and prominence
of the compliance function. Compliance officers need to identify natural moments and take full advantage of them.

Expansion into high-risk markets Initiation of Merger or Joint Venture

Expansion into high-risk markets is an ideal time to elevate the
compliance program. With business units directly responsible
for the new markets and executives responsible for supervising
new subsidiaries, the compliance officer can, in essence, say:
“We are facing new risks from these products and services,
sold in these regions, so we need to pay more attention to
compliance procedures.” Compliance officers can also use this
as an opportunity to remind other employees that new markets
aren’t the only risks the company faces.
Arrival of New CCO
The arrival of a new Chief Compliance Officer (CCO) can itself
be a great opportunity to usher in changes. For example, when
arriving at the organization, try to arrange that your CEO
introduces you to the company (via email, a company meeting,
or some similar means). The symbolism of an introduction like
that is simple, but effective. The message can be something
positive, such as billing you as someone there to help lead the
company to better standards of conduct, better oversight of
business partners, or some other example of higher performance.
The arrival of a new corporate partner through a joint venture or
merger is another natural moment to elevate compliance. Your
employees and business partners will be expecting change.
Significant External Event
Compliance officers would also be remiss if they didn’t seize on
notable events outside of the company’s walls: a competitor
sanctioned for poor data security; a senior executive somewhere
facing criminal charges for bribery; a new regulatory regime sure to
affect your company’s business practices. Compliance officers can
always use those moments as reason to improve training, change
procedure, or simply insist on better behavior from employees — all
to stay ahead of whatever enforcement risk is swirling in your part
of the business world.
Current Regulatory Climate
Moreover, for the last two years the Justice Department has
consistently moved toward fewer sanctions for corporate
misconduct if the company in question can show that it has put
a strong compliance program in place. That’s yet another natural
opportunity to argue for a stronger program with a higher profile.

2 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

 STEP 2
Create a Plan to Elevate
Secure Authority
Before trying to elevate compliance, compliance officers first need to secure the authority to
do so. From a practical perspective, you need to know whether the compliance function has
enough independence and authority to make changes itself. More broadly, senior executives
need to support your efforts so other parts of the enterprise will know this is a company
effort to be embraced, not just a compliance officer’s pet project to be endured or ignored.

Allocate Resources
Ideally, those senior executives will then go beyond moral support and allocate the financial
resources you need to undertake the task at hand. Elevating the compliance culture requires
budget — for messaging, training, technology, travel, or even simple administrative support.
Once you have a sense of how much authority you have and what resources are at your
disposal, you can assemble a plan to elevate your program.

Manage Expectations
Be realistic with your plan. Few things can do more damage to an executive’s reputation
than to announce sweeping, grand plans all at once. You might risk other parts of the
business rebelling against what they see as an intrusion; or (worse) you might fail to deliver
those sweeping, grand plans and lose credibility.

Take the Long View

Elevating the compliance program is much more of a marathon than it is a sprint. Even
the most supportive CEOs and largest budgets won’t allow for an overnight cultural
change. So plan with short- and long-term objectives in mind. Tackling shorter range goals
that yield a concrete win sooner will help your overall cause, especially when trying to get
additional resources as you execute more of your plan.

3 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

 STEP 3
Determine How You Will Elevate
Develop a Messaging Plan
One early step (if not the first step) is to develop a comprehensive
messaging plan. The good news is most employees want to do
the right thing. The challenge is getting them to consider what
that truly means as they rush about their daily tasks. Compliance
officers can best elevate the importance of the program with
messages that lead rather than threaten. It’s more about, “We
want to help you do the right thing,” rather than, “We’ll catch you
and punish you if you violate a policy.”
Drive Impact
Develop new compliance policies that will have impact, such as
requiring approvals for payments to third parties. Ask: where in
your organization would adding new approval procedures have
the most impact? Would making the procurement process more
centralized solve a lot of issues? What about trying to incentivize
ethical behavior?
Compliance policies can also include subtle (or not subtle) nudges
to fix their importance in employees’ and third parties’ minds. For
example, social science researchers have long known that moving
an “I will obey these policies” certification clause from the end of
a policy manual to the beginning correlates to better behavior.
4 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM
Consistently Discipline
Regardless of training and certifications, however, clear and
consistent discipline for infractions will still be crucial to convey
the importance of ethics and compliance. Everyone must
understand that the compliance program does not simply exist
on paper; and that consequences do follow for those who don’t
take their compliance obligations seriously.
Make it Easy
Don’t underestimate the power of making compliant behavior
user-friendly. That is, if employees can fulfill their compliance
functions easily, they’re more likely to do it. Only when they
perceive compliance tasks as obstacles to their “real jobs” do
employees seek a way to avoid that work. The right technology
can go a long way in helping you achieve a frictionless experience
for employees.
One example of the point: automating due diligence on third
parties as much as possible. This efficiency can free employees
from time-consuming, often menial, tasks so they can focus on
duties more central to their jobs. Or, look for ways to simplify
training obligations, by tailoring the material to their jobs and the
high-priority risks they face. These steps will make people feel like
the compliance function values their time, which in turn will make
them more willing to cooperate.
 STEP 4
Understand Where You Can Go Wrong
Not Having a Vision
It’s not an impossible mountain to climb, but raising compliance’s profile across the
enterprise is a mountain nonetheless. Don’t sabotage your efforts by ignoring the
important initial steps of shoring up executive support and lining up resources before
you act. Don’t oversell what you can deliver to executives or support will dry up quickly.
Have an overall vision of what you want to achieve, mapped in a logical and realistic
sequence. Start with smaller objectives to give you proof of concept and build momentum
as you tackle the larger problems.

Changes Lack Impact (Or Add Burden)

Another pitfall: crafting policies that don’t actually cause procedures to change. There’s no
point in writing up paper policies that change how you’re describing the way things should
be done, but don’t result in concrete changes. It wastes time, and creates an impression that
new policies don’t drive meaningful impact.

You also don’t want procedures that add to employees’ burdens rather than alleviate them.
Yes, sometimes new regulatory efforts make additional procedures unavoidable. As a rule,
however, simplify compliance with policies and procedures, while talking about core ethical
values. That’s what elevates ethics and compliance throughout the enterprise.

Failing to Align
Above all else, remember that employees are your allies in the fight against corruption and
policy failures. It’s in their best interest to help the company succeed. Avoiding damage,
whether that’s defined as actual financial sanctions or reputational harm, helps the company
achieve success. Aligning with employees rather than working against them can be a pivotal
perspective shift.

5 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

 Conclusion
There is, of course, a fair and fundamental question executives might ask: Why bother
elevating compliance at all? What’s the point of a more prominent compliance function?

Circle back to what was said at the beginning of this eBook: ethics and compliance risks
have seeped into every corner of the modern business organization. That trend isn’t being
driven by any specific regulatory or legislative push, where cynics might hope that a turn of
political climate would make all these compliance duties vanish.

Rather, ethics and compliance risks are spreading due to a host of much larger factors —
everything from social media, to evolving consumer tastes, to digital transformation of
one business process after another. Corporate misconduct is more complicated and more
transparent than ever before, at the same time.

Large organizations must get better at getting all their critical parts (employees and
third parties alike) moving in the same direction. That’s what strong ethics and compliance
does: it brings about desired conduct in the first place, to reduce time and money spent
remediating misconduct later. The more elevated and prominent the compliance function
is, the better your company can function, grow, and scale.

The more elevated and prominent the

compliance function is, the better your company
can function, grow, and scale.

6 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

Author

Matt Kelly
Editor and CEO, Radical Compliance

Matt Kelly is editor and CEO of RadicalCompliance.com, a blog and newsletter that follows corporate
governance, risk, and compliance issues at large organizations; and that includes the Compliance Jobs
Report, a weekly update on compliance professionals moving around the industry. He also speaks on
compliance, governance, and risk topics frequently.

Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance
in inaugural class of 2008; and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011
(no. 91) and 2013 (no. 77). In 2018 he won a Reader’s Choice award from JD Supra as one of the Top 10
authors on corporate compliance.

Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006
through 2015. He lives in Boston, Massachusetts, and can be reached at mkelly@RadicalCompliance.com
or on Twitter at @compliancememe.

7 | GUIDE TO ELEVATING YOUR COMPLIANCE PROGRAM

Elevate your program
with GAN Connect.
GAN Integrity is a one-stop-shop for all of your compliance
needs. With six robust modules (Risk, Policy, Training,
Due Diligence, Requests, and Investigations) GAN can
power your program with ease. Book a demo today to see
a customized walkthrough by a compliance expert.

BOOK A DEMO

www.ganintegrity.com
© 2019 GAN Integrity Inc.