Compliance Programs in 2017: Stop Guessing, Start Doing 15:11, December 2, 2016

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

Compliance Programs in 2017: Stop Guessing, Start Doing

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

A changing political climate produces a lot of news stories. As with any incoming presidency, legal experts forecast the future of federal laws and regulations under a different administration, and agencies make staffing changes to prepare for 2017. Sure, forecasting can help us plan. But we shouldn’t miss out on action items we can incorporate in our compliance programs and workplace right now. Here are two topics to keep in mind.

Be Proactive with Risks

Companies need to be proactive in tackling issues that impact their workplace. Waiting to see if the FCPA will be repealed, if New York will pass its data security regulation, or whether the EEOC has the resources to pursue sexual orientation discrimination claims does not prevent bribery from happening abroad, cybersecurity hacks, or discrimination and bias in the workplace. Waiting to see if any problems arise is known as being “reactive.”

Data security provides a good example of the dangers of a reactive approach. If companies merely waited to respond to a cyberattack (because the law didn’t require training or a federal agency had no power to prosecute), they’re still opening themselves up to a host of problems. A phishing scheme, for example, can damage critical infrastructure and tank business deals in addition to scaring the public and employees. Illicit schemes that operate above the law tend to be indifferent about compliance.

Risk-Based Approach

Risk-based management is the most common solution experts offer. For example, the US National Institute of Standards and Technology (NIST) provides a risk-based approach to data security where companies audit their systems to identify vulnerabilities, correct any vulnerabilities, and constantly monitor all systems for further risk. Similarly, the US Department of Justice (DOJ) expects thorough due diligence and constant monitoring amidst red flags or other high-risk indicators of bribery. Companies must be proactive in identifying risks and doing their part to monitor and correct them when implementing their compliance programs.

Compliance is More Than Just the Law

One could argue that with less stringent laws, regulations, or enforcement capabilities, there’s less to “comply” with. However, this attitude falls squarely within the check-the-box compliance, a fail-safe way to torpedo companies’ compliance programs, which increasingly involves ethics and culture.

Check-the-box attitudes do not account for the real harm that discrimination and unethical conduct can wreak on employees. For example, an employee could be sexually harassed by their supervisor but not say anything out of fear of retaliation, as was the experience of multiple National Park Service employees who the agency failed to protect. Suffering silently in the workplace is unfortunately common, and merely providing an employee hotline is not enough. No matter the legal liability associated with sexual harassment or race discrimination, employees are emotionally and psychologically harmed by being treated differently based on immutable characteristics, and employers have an ethical duty to prevent such conduct.

Compliance Culture

A lot of companies and blogs throw around “compliance culture” without taking the time to figure out what it means. It’s a powerful tool when applied correctly and thoughtfully, contributing to compliance with external laws, but also a promotion of ethical behavior validated by employee perceptions and company policy. Building a compliance culture can help employees to do the right thing–such as reporting sexual harassment and unethical practices–or just feeling good about working. To be sure, it won’t happen overnight and requires significant work within compliance programs. But we owe it to employees, employers, and society to make the workplace better. To learn more, check out the webinar Compliance Culture: What It Is, and How To Build It

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

You might also be interested in...

  • Five States Introduce New Data Security LawsMarch 7, 2017 Five States Introduce New Data Security Laws Five states have introduced new data security laws that either moved forward in the legislative process or failed in 2017. They all require organizations to implement stronger data security efforts when handling personal information, a regulatory boon for a company’s practical efforts to […] Posted in data security
  • Don’t “WannaCry”? Take Charge & Raise Cybersecurity AwarenessJune 1, 2017 Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools […] Posted in data security
Douglas Kelly
Douglas Kelly is EverFi's lead legal editor. He writes on corporate compliance and culture, analyzing new case law, legislation and regulations affecting US companies. Before joining EverFi, he litigated federal and state employment cases and wrote about legal trends. He earned his JD from Berkeley Law and BBA from Emory University.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper


Compliance Course Catalog
  |   Download Catalog