While you are thinking about your organization’s SMART objectives and other key priorities you’ve identified for your ethics and compliance team, consider adding in these recommendations. From assessing your company’s strategic priorities to listening to the data its system produces, these to-dos will help keep your department’s ethics and compliance program in check and save your—and leadership’s—valuable time and resources.
RINSE AND REPEAT
Remember to set time aside to evaluate the foundational components of your program. Is your code current? Are your policies and procedures up to date? Has your training gone stale? Do your investigators need to be retrained on certain types of issues, such as how to protect individuals from retaliation?
You can always refresh your program to enhance the basics, while identifying some efficiencies of process to appropriately manage the new and emerging risks your company faces.
PLAN AHEAD—KNOW WHAT YOU’RE WORKING WITH
As you get ready to refresh your risk assessment, be mindful of new risks and enforcement trends. Consider your company’s strategic priorities. Is your organization expanding into new markets, developing new products or services, or contemplating mergers and acquisitions (M&A) activity? All of these moves could be material to your company’s risk profile.
If your team understands the risks, your company can take actions to mitigate them. If you haven’t yet created an ethics and compliance M&A due diligence and integration checklist, 2022 is the year to start one. Learn how with the Morgan Lewis Global Public Company Academy program, M&A: Expectations and Practicalities of Anti-Corruption Due Diligence Through Ethics & Compliance Integration.
Avoid developing compliance controls that create parallel processes for your business. Instead, tap into existing business and functional tools and operations. Ask questions like:
- How can we leverage an established sales pipeline tool to identify high-risk deals?
- Who is already conducting some sort of due diligence on our third parties, and how can we leverage that current process?
- Is there a current contract review process or playbook that can be updated to include emerging compliance issues and risks?
LISTEN TO YOUR DATA
If it’s not saying much, you have a problem. Expectations of regulators are clear: Effective compliance organizations use data to prevent and detect misconduct. If you haven’t started the analytics journey, you need to get moving.
Start by talking to your finance or internal audit teams to see what they are doing in this space and capitalize on their skillsets. Engage IT to tap into systems data and explore the business intelligence (BI) tools you already have in place (at little or no additional cost). Get the business team on board early so they can understand the why and help with the how.
Additionally, consider developing easily digestible dashboards so management can take ownership of the data and analytics. And don’t forget—give a heads-up to your investigations team so they can be prepared to manage any issues referred to them for investigation.
If you’re strained for resources but still need to manage third-party risk, why not take advantage of the world’s hyper-focus on all things environmental, social, and governance (ESG)? Discuss with senior management the need for holistic systems and processes to accurately report on how you’re managing third parties in the context of ESG. Then consider building a holistic third-party risk management tool from onboarding through the life of your vendors to manage ESG reporting and all your other risks in 2022.
Check out partner Amy E. Schuh’s panel at Compliance Week’s 2022 Conference, discussing how chief compliance officers and compliance professionals can prepare to respond to the US government’s increased use of data analytics.