Compliance Programs in 2017: Stop Guessing, Start Doing
A changing political climate produces a lot of news stories. As with any incoming presidency, legal experts forecast the future of federal laws and regulations under a different administration, and agencies make staffing changes to prepare for 2017. Sure, forecasting can help us plan. But we shouldn’t miss out on action items we can incorporate in our compliance programs and workplace right now. Here are two topics to keep in mind.
Be Proactive with Risks
Companies need to be proactive in tackling issues that impact their workplace. Waiting to see if the FCPA will be repealed, if New York will pass its data security regulation, or whether the EEOC has the resources to pursue sexual orientation discrimination claims does not prevent bribery from happening abroad, cybersecurity hacks, or discrimination and bias in the workplace. Waiting to see if any problems arise is known as being “reactive.”
Data security provides a good example of the dangers of a reactive approach. If companies merely waited to respond to a cyberattack (because the law didn’t require training or a federal agency had no power to prosecute), they’re still opening themselves up to a host of problems. A phishing scheme, for example, can damage critical infrastructure and tank business deals in addition to scaring the public and employees. Illicit schemes that operate above the law tend to be indifferent about compliance.
Risk-based management is the most common solution experts offer. For example, the US National Institute of Standards and Technology (NIST) provides a risk-based approach to data security where companies audit their systems to identify vulnerabilities, correct any vulnerabilities, and constantly monitor all systems for further risk. Similarly, the US Department of Justice (DOJ) expects thorough due diligence and constant monitoring amidst red flags or other high-risk indicators of bribery. Companies must be proactive in identifying risks and doing their part to monitor and correct them when implementing their compliance programs.
Compliance is More Than Just the Law
One could argue that with less stringent laws, regulations, or enforcement capabilities, there’s less to “comply” with. However, this attitude falls squarely within the check-the-box compliance, a fail-safe way to torpedo companies’ compliance programs, which increasingly involves ethics and culture.
Check-the-box attitudes do not account for the real harm that discrimination and unethical conduct can wreak on employees. For example, an employee could be sexually harassed by their supervisor but not say anything out of fear of retaliation, as was the experience of multiple National Park Service employees who the agency failed to protect. Suffering silently in the workplace is unfortunately common, and merely providing an employee hotline is not enough. No matter the legal liability associated with sexual harassment or race discrimination, employees are emotionally and psychologically harmed by being treated differently based on immutable characteristics, and employers have an ethical duty to prevent such conduct.
A lot of companies and blogs throw around “compliance culture” without taking the time to figure out what it means. It’s a powerful tool when applied correctly and thoughtfully, contributing to compliance with external laws, but also a promotion of ethical behavior validated by employee perceptions and company policy. Building a compliance culture can help employees to do the right thing–such as reporting sexual harassment and unethical practices–or just feeling good about working. To be sure, it won’t happen overnight and requires significant work within compliance programs. But we owe it to employees, employers, and society to make the workplace better. To learn more, check out the webinar Compliance Culture: What It Is, and How To Build It.
LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.