In early February this year, the fraud section of the U.S. Department of Justice (DoJ) released a new document with specific guidelines on how they will evaluate corporate compliance programs in organizations going forward. The DoJ clearly specifies in the document that they will look at corporate compliance programs in their entirety and not just at the reporting or investigations part.
With a spate of new regulations coming up, organizations are striving to improve their compliance program. Many are moving up the compliance maturity curve and keeping pace with the rapid regulatory developments happening around them. However, multiple reporting requirements, myriad reporting authorities and structures, and stricter regulations continue to challenge compliance teams, putting pressure on them to develop effective and better ways to address an ever more complex regulatory and business environment. In a recent MetricStream webinar titled “Streamlining Compliance Case Management: Challenges and Best Practices,” Eric Morehead, Principal Consultant, Morehead Compliance Consulting, LLC, provided valuable insights into the challenges organizations face when managing and investigating ethics and compliance cases, how to improve the efficiency of case management programs, and how to track the effectiveness of compliance programs by leveraging technology.
One of the biggest compliance challenges organizations face is in investigating non-compliance cases. Multiple questions arise: What is being reported, to whom, and where? What reports can you provide to your board of directors and regulators and can they be benchmarked based on industry standards?
First – What is being reported? It’s important to adopt a fine-focus approach toward tracking trends such as common sort of issues that get reported on various reporting mechanisms. Cases get reported to various parts of an organization such as helplines, HR, audit, or the board members, depending on the organizational hierarchy. When these cases are aggregated and sent to the compliance office, there is often some disconnect. However, by identifying a common set of issues or trends from the available statistics, organizations can effectively find a solution.
Second – Where is it being reported? Organizations must have ways to abrogate the cases that have come via different channels. This helps them remove duplicate cases.
Third- What report can you provide to the board of directors? In many cases, there is a strong disconnect between what gets reported to the systems and what the board of directors ultimately gets to read. This gap could lead to problems, especially when an organization has to provide reporting and investigation details to regulators. The key is to put serious consideration into what is being reported to the board of directors, and report the good work that has happened or being done within the compliance space. Ask hard questions about the information that gets reported to the board of directors so that the organization can get better information first.
Fourth- Stacking up with competitors and peer organizations. Ask yourself – “Do you have a story to tell”? Both regulators and the board of directors will judge you based on the technology and
processes you use to handle your data. Regulators will ask you tough questions regarding your compliance programs and your investigations. Will you be able to meet those expectations?
Growing regulatory demands and expanding awareness about compliance are driving the enhancement of compliance case management capabilities. Organizations are recognizing this shift, and to remain relevant they need to make the right technological investment. Ultimately, mature case management systems can transform compliance programs.
For updates on our other upcoming webinars, click here.