Jean-Paul Sartre famously said that, “Hell is other people.” For many compliance officers, hell is dealing with other people known as third-parties, and the companies they own.
Third-party management is a perennial headache. Recently at the Compliance Week conference, on-the-ground polling found that third-party management was the greatest challenge facing compliance officers today. Tracking metrics around third-party management is critical to seeing trends in your company, and being able to respond to movements in the business quickly.
In this blog, we’re going to explore metrics relating to third-party management. This is Part 5 of our series. If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen. We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, and training, which can be found HERE.
Too Much Information (for a change!)
Perhaps more than any other area of the seven elements of an effective compliance program, third-party metrics are usually the easiest to collect. Most large companies have some sort of online or technology-based system that can gather data. Even small companies managing third-parties on an Excel sheet can sort by column to find out how many third-parties they have in a certain country.
Because of this wealth of data, choosing the right metrics relating to third-parties is critical. Having numbers for numbers’ sake is not useful. You must carefully answer the most fundamental question when choosing third-party-related metrics…Read More
Why you should keep your eye on the job board, even if you’re not looking…
“I do,” say the lovers in front of friends and family. “I now pronounce you husband and wife,” says the officiant, followed by cheering and clapping. Marriage ceremonies happen in public. For a marriage to be legally binding, nearly every jurisdiction requires that the ceremony is witnessed and then written down in public records. Why? Because commitments made in public are much stronger than those made privately. Social science research has borne this out time and again.
To help your employees be more compliant and ethical, construct opportunities for people to pro-actively and publicly commit to compliance. Here are three ways to allow your employees to make their commitment to compliance loudly and proudly.
Raise your hand
When we’re asked questions by a teacher, we raise our hand to show that we agree or are in alignment with the answer. When Americans pledge allegiance to the flag or sing the National Anthem, they place their hands over their heart. Raising your hand or making an affirmative movement sends a signal to our mind that we agree with the speaker. Movement of this sort physically manifests our intention to say “yes.”
When you’re performing live training, ask the group to raise their hand if they’re willing to commit to being compliant and ethical. When you’re presenting to the leadership team, ask who intends to use the slides to cascade information on a new policy to their team. Find ways to ask people to pro-actively raise their hand for compliance and business ethics. The results will speak for themselves.
Write it out…Read More
Why you must INVEST in business language
Compliance officers, it is time to rejoice, reflect and re-educate. We should rejoice because the U.S. Department of Justice just issued a guidance document that unequivocally supports our role, especially in places where we’ve had trouble making a case with specificity (e.g., resources). We should reflect on our programs because there are seriously high expectations for risk assessments, program evaluations, planning and tracking metrics, and integration with other functions. And we should re-educate our leaders about the criticality of the independence of our function, requirements to fund it correctly, and to provide access to the Board and/or Audit Committee.
The Evaluation of Corporate Compliance Programs Guidance Document (“Guidance”) is structured into questions that a prosecutor will ask to evaluate the effectiveness of the company’s compliance program – both before an incident occurs and after an incident is known. These questions give answers – they show what the DOJ thinks is important in an effective compliance program. Here are 10 critical musts that compliance officers need to know from the new DOJ’s Guidance.
1. Compliance MUST be Properly Resourced
There can be no doubt that a major factor in the evaluation of a compliance program is this: Is the compliance department properly resourced? The word “resource” appears 21 times in the 18-page document. The compliance program must be properly resourced with staff and budget. Twice the Guidance states that the compliance function must have the resources to be able to “audit, document, analyze and act.” Importantly, one of the questions prosecutors are to ask is, “Have there been times when requests for resources by compliance and control functions have been denied, and, if so, on what grounds?” It is critical that you explain the DOJ’s approach to resourcing the compliance department to your board of directors and C-Suite. They need to know how thoroughly that resourcing will be analyzed if there were a prosecution. Speaking of the Board…
2. Compliance MUST have Independent Access to the Board of Directors or Audit Committee
The Guidance leaves no wiggle room for this: Compliance MUST have independent access to the board of directors or audit committee. …Read More
How to deliver terrible news…
Hi there! SCCE Vice President Adam Turtletaub and I sat down in Berlin last month to talk about how company websites affect the reputation of their company when it comes to compliance. Specifically, we talked about:
What does the website say about the compliance program?
Is it painting the right picture of your program?
Do you have the disclosures necessary under the UK and California human trafficking and modern slavery laws?
Is the code of conduct up? Is there a CEO letter?
Your employees, venture capital firms, and even prospective employees may be looking, so pay attention
Whistle-blower hotlines: Can the outside world find them to report?
Listen in to learn more about how your compliance program can raise its web game!
We went through some of the highlights of the Spark Score research and best practices for ensuring your program looks as good on the outside as it is on the inside. Curious about your Spark Score? Get yours for free here!Read More
When you REALLY shouldn’t do it yourself…
“Wisdom…. comes not from age, but from education and learning.” – Anton Chekov.
Today we’re going to explore metrics relating to training. This is Part 4 of our series. If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen. We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, and monitoring and auditing, which can be found HERE.
Generally speaking, metrics relating to training can be broken down into two groups: metrics that measure the quantity, and metrics that measure quality. Both are useful for different reasons.
Metrics that measure quantity measure a number. For instance, many companies track the number of people who took training, or the number of training sessions given in a quarter or year. Quantity metrics may also be given in percentage. For example, many companies track the percentage of employees who complete mandatory training. Quantity metrics allow the company to know the breadth of training delivery. They also allow the company to know if mandatory training is being completed, and how many people, or percentage of the employee base, have opted to attend optional training sessions.
The metrics that measure quality measure effectiveness…Read More