A Look at What’s Happened in 2014 and What Compliance Challenges Are Still to Come
September 2, 2014 Corporate Compliance Insights
Less than three-quarters of the way through 2014 and we have already seen a slew of regulatory changes and increased audit demands. First, we saw the Supreme Court significantly extend whistleblower provisions to include private companies. Then, we saw Walmart hit with $439 million in compliance enhancements and investigation costs due to its recent FCPA probe.
Needless to say, compliance officers have been dealt a tough hand – something that’s not expected to lighten up throughout the remaining months of 2014. Here are five challenges compliance officers can expect to face throughout the remainder of this year:
1. Compliance Officers’ Limited Oversight of Cybersecurity
One of the most pressing issues for compliance officers today — and for CEOs, Boards and regulators, for that matter — is cybersecurity, an area where very few compliance officers have any oversight. In fact, according to the Kroll 2014 Anti-Bribery and Corruption Benchmarking Report, 75 percent of compliance officers have no oversight of cybersecurity in their organizations.
The reality is that most compliance and security concerns fall under the IT department’s purview. While previously compliance officers and IT directors were able to simply coexist but rarely collaborate, this approach to cybersecurity will no longer prove effective. Compliance officers must forge a partnership with the IT team so they can earn a say in the security elements related to compliance.
This brings another challenge for compliance officers, and that is becoming well versed in the various IT and cybersecurity issues impacting their organization. Because most companies won’t have a separate team or even single employee dedicated to cybersecurity, it’s important that compliance officers develop a strong enough understanding of the IT and security issues impacting their organization’s ability to remain compliant.
2. The Changing Code of Conduct
Too often, a new code of conduct is rolled out without any training or support to drive retention – a major mistake on the company’s part. A code of conduct and its associated training program set the tone for all other policies. If employees are unaware of what’s in the code or that it even exists, don’t expect them to uphold its standards.
The old code of conduct was written in legalese – eight-point font with 23-letter words. Today’s code of conduct is becoming a piece of brand collateral, an extension of the voice of the company. The tone should be approachable so that every employee can clearly understand the message without having to search for a dictionary. It’s also an opportunity for the CEO to send a message to employees, letting them know the company values ethics and compliance, and that it will follow only the path of highest integrity to higher profits.
Even if an organization has one of the most well-written codes of conduct, if there are not any supplemental materials or training, chances are good that employees won’t bother to turn the page. See our fifth point for advice on how to integrate technology into your training and awareness programs – it applies to your code of conduct, too!
3. Corruption and Bribery Prevention – Don’t Become the Next Walmart
After watching Walmart’s compliance enhancements and litigation costs reach $439 million in early 2014—a number that’s rising by the day—it has become obvious just how important it is for companies to have the proper corruption and bribery prevention programs in place. Finally, after incurring millions in costs, Walmart is realizing this too, and is finally reforming its compliance practices.
Every day companies – Walmart being one example – learn the hard way that without a comprehensive and consistently enforced anti-bribery program in place, the consequences can be devastating. Whether the company has a few employees in one location or thousands across the globe, it’s necessary to have a comprehensive anti-bribery training program.
A program needs to inform employees of what is considered a bribe in each region they’ll be doing business in, as well as what the associated risks are by putting these red flags in your FCPA policies and anti-bribery training. Listing them isn’t enough. Companies need to take it a step further by providing them with scenarios that illustrate how well-intentioned business transactions can quickly cross the line into illegal bribes when working in foreign territories. This will help them to understand how the law applies to them and each situation they encounter.
4. Preparing for SOX Extended Whistleblower Provisions
As a result of the recent Supreme Court ruling, whistleblower protections outlined in the Sarbanes-Oxley Act (SOX) will now apply to roughly six million private companies – a drastic increase from the 5,000 public companies that were originally bound by SOX.
Going forward, employers of every size and type must look at their ethics and compliance programs with a fresh set of eyes. From having to bolster their codes of conduct and anti-retaliation policies to rehabbing their ethics training programs, private companies face time and budget constraints in addition to compliance burdens in trying to meet these new regulations. While this process can seem overwhelming at first, establishing a realistic and executable plan right from the start can mitigate the stress and long hours spent overhauling every aspect of the company’s compliance policy.
5. Integrating Technology into Training Programs
Having grown up with the Internet and social media, today’s workers have a high need for social interaction and engagement – meaning that the format of a company’s compliance training program needs to incorporate these elements. With the continued growth of tablets and mobile platforms, interactive content has become the norm. A combination of videos, infographics, games – even simple swiping gestures – has become expected by today’s tech-savvy workforce. No more text-based PowerPoint slides. Instead, scenario-based training, interactive games and online videos hold the key to enticing a new generation of workers not only to complete training, but also to retain it. Today’s younger generations learn through the combination of relatable scenes and characters with voices, not through reading a 200-page compliance policy.
Not only do these methods make the training process more fun and engaging for employees, but more importantly, they optimize retention. Afterward, employees are able to identify violations, understand the impact to the company and take the appropriate action. Taking a “show, don’t tell” approach to compliance training hits closer to home for employees, no matter what stage of their career they’re in.