Compliance programs: 7 elements to consider
June 3, 2015
Establishing a credible and effective compliance program: 7 elements to consider
There are seven elements that should be in every compliance program—however, the extent to which you implement each of these will vary depending on your company’s activities and its “risk profile”:
- Management Buy‑in and Support. Managers need to actively and continuously support the company’s compliance program, and should appoint someone in the company with a direct line to top managers and with the power to run that program—the “compliance officer”.
- Assessing Compliance Risks. What business activities is your company engaged in that could put it at risk of violating the law or of becoming a victim? Figuring out the answer to that question is what we call “risk assessment”, and compliance programs need to focus on those.
- Policies and Procedures. Your company’s policies and procedures should reflect its risk profile, in that they should address how to avoid breaking the law when engaging in business activities with compliance risks—in effect, acting as your company’s “compliance roadmap”.
- Training. Anyone in the company who deals with any risk areas needs to understand how to comply with the law. To get started, the Bureau has a video on compliance on its website.
- Monitoring, Verification and Reporting. It is not enough to simply tell managers and staff what to do; just like in other aspects of your business, you need to check to see if they are doing it. Also, the ability of managers and staff to ask questions and confidentially report concerns to your company’s compliance officer without fear of reprisals is a sign of a credible program.
- Discipline and Incentives. A compliance program needs to set out, in advance of any violation of the law or breach of the program, procedures and potential disciplinary actions for those who break the rules (or make others break the rules) or incentives to help ensure that employees follow the program.
- Is it working? It’s a good practice to evaluate the program regularly to be sure it works and is credible and effective. Evaluations can also be triggered by an event—for example, if a violation has occurred, or you acquire another company, or you move into new lines of business or new markets.
For more information, see the Competition Bureau’s Corporate Compliance Programs bulletin, available on its website.
- Date modified: