How to Create an Effective Compliance Program
What you need to get started building an effective compliance program in your company.
- Elements an Effective Compliance Program
- Getting Started With Your Compliance Program
With a fluid environment of laws and regulations to stay on top of, addressing compliance requirements makes good business sense.
According to the Association of Corporate Counsel it’s “become a necessity to protect any highly regulated organization.” Companies that don’t comply can face civil and criminal penalties and watch their brand’s reputation shatter.
But it can seem daunting to figure out how to build an effective compliance program from the ground up.
You need to create dozens of policies, procedures, processes, and systems to address compliance requirements, from prevention to detection to correction of any compliance issues or fraudulent or illegal behavior. You also need to get everyone on the same page about the benefits of a compliance program, clearly communicate expectations, provide staff training, and assess what’s working and what’s not.
While it can feel overwhelming, it’s certainly doable. How? By focusing on the key elements and following the steps for how to create a compliance program, outlined below.
Sign up to get more resources and best practices right in your inbox.
You will receive our next newsletter in your inbox soon.
Elements an Effective Compliance Program
Compliance programs are not one-size-fits-all. Although you can follow the guidelines on how to create a compliance program and what to include, you’ll need to develop a plan that meets your company’s specific needs.
When it comes to building a compliance program, there’s no need to recreate the wheel.
The Affordable Care Act outlines seven key elements of an effective compliance program.
- Establish and adopt written policies, procedures, and standards of conduct. Having clear written policies and procedures in place that describe compliance expectations fosters uniformity within your company.
- Create program oversight. Determine who will oversee, monitor, and enforce the compliance program and serve as your go-to company “watchdog” with questions and concerns.
- Provide staff training and education. Employees at every level need to understand your compliance program expectations and standards to be able to comply with them. Implement a training program that clearly communicates your company’s program requirements, with an annual refresher course that reminds employees of your code of conduct and incorporates any changes.
- Establish two-way communication at all levels. Set forth the expectation that employees should proactively communicate in a timely manner, whether that means asking compliance questions, reporting issues, or addressing ethical concerns. Include a way for employees to anonymously report compliance issues or fraudulent or illegal behavior without fear of retaliation.
- Implement a monitoring and auditing system. You’ll need to measure the effectiveness of your corporate compliance program and identify risks. To accomplish this, develop a system of both internal and external monitoring, including formal audits.
- Enforce consistent discipline. Develop a plan to enforce standards of conduct in a timely manner, outlining appropriate disciplinary measures for employees who fail to comply with program requirements.
- Take corrective action. When you identify vulnerabilities or violations through monitoring and auditing, take timely, consistent action to correct the issue.
Keep in mind that this list is designed specifically for healthcare facilities. However, it serves as a solid guideline for any industry, touching on the key components of an effective compliance program.
Getting Started With Your Compliance Program
Now that you know the seven key elements of an effective compliance program, you can dig deeper and learn how to build one.
0. Get internal alignment
Before you even get started in building a compliance program, it’s important to get everyone on board. This involves identifying the appropriate stakeholders, internal subject matter experts, and authorities to make sure you’ve got leadership buy-in from the start.
They should understand why a compliance program is important and what specifically needs to happen. They also need to be on the same page when it comes to the program’s primary goal.
According to a survey by the Society of Corporate Compliance and Ethics, results showed that compliance and ethics officers differ from management or board in what they view as the primary objective of the compliance program. To succeed, everyone needs to agree on what the program should accomplish.
At this point, you should identify a person or committee to oversee and lead your corporate compliance program from the very beginning, as suggested in the second key element in the above list.
The appointment of a compliance officer doesn’t need to be someone in the C-suite. It can be anyone who will be responsible for, and given the authority to oversee, the compliance program. You might even be assigned the task of developing a compliance program.
Regardless of whom is leading the effort, the compliance program should have a clear mandate, clear authority to operate (to prevent any turf wars), and a clear mission/goal. Otherwise, the program is doomed to be ineffective.
1. Gather all your policies and procedures into one location
As a good starting point, conduct a policy audit to take inventory of what you’ve already created. This helps establish a baseline for what needs to happen next, as suggested in the first key element in the above list.
For example, compiling existing policies can expose how out-of-date, out-of-touch, or out-of-reach your existing policies might be. Or it can uncover a void, showing where you’ll need to write a new policy or procedure that doesn’t currently exist, but should.
In some cases, the policies and procedures might all be corralled in one employee handbook. In other cases, they’ll need to be compiled from across the organization as different departments have different sets of operating procedures.
A policy management software like PowerDMS can help simplify how you manage and store your policies and procedures in one central, online repository.
Regardless, it’s important to assemble them in one location from which they’ll be managed to make oversight easier.
2. Review the policies and establish a plan
Once you’ve compiled everything, you’ll need to review the policies and procedures to ensure they’re all in line with current regulations, compliance program goals, and leadership expectations.
By reviewing what already exists, you’ll be more easily able to identify duplicate and competing policies or procedures that need to be addressed.
After identifying outdated policies and procedures and determining what specific content needs updating, establish a plan for doing that work. Who will make those updates, who needs to approve them, and in what order?
The number of policies that need updating will determine the project’s size and timing.
3. Communicate, communicate, communicate
If you want your compliance program to succeed, then clear, open, and consistent communication is key, as suggested in the fourth key element in the above list.
From the very beginning, all employees need to understand the importance and benefits of the program; otherwise, it’s just another set of rules to follow. If they understand the “why” and it’s clear what the company expects from them, they’ll be more on board with the changes than if it’s unclear and random.
A critical aspect of the program focuses not only on how this will be communicated in the beginning but also how any changes and updated policies will be communicated down the road.
If you use policy management software like PowerDMS, your employees can quickly and easily access your company’s most current documents.
4. Establish compliance training
It’s not enough to simply update the policies. Employees need to both understand the policies and how they apply to their day-to-day work. That’s where training comes into play, as suggested in the third key element in the above list.
You’ll need to educate employees on expectations.
A good rule of thumb? Train to your policies.
Talk to the specific elements and sections of your policies and give scenarios and on-the-job applications for how this applies to real-world situations employees might encounter.
5. Ongoing monitoring and review
For the compliance program to succeed, it should not only monitor how well employees are complying, but also incorporate regular policy reviews and updates, as suggested in the fifth key element in the above list.
Think of this as future-proofing your program – establishing a monitor-and-review process from the beginning ensures the program stays relevant and does the most good.
According to Risk Management Magazine, this review process should be done yearly, at a minimum, with organizations viewing these documents as “living, breathing management tools.”
If nothing happens when an employee fails to comply, then the compliance program is useless.
The solution? Build accountability into the program up front, including clear disciplinary guidelines and protocols that are actively and consistently enforced.
In addition, you’ll need to document the employees’ acknowledgment of and training related to the compliance program.
That way, if they don’t comply, you can prove they’ve been given all the resources and training to do what’s expected and they’ve also been given the opportunity to correct their actions.
Keeping tabs on all this is easy with PowerDMS. It allows you to electronically track data for each employee. Plus, it tracks and gives you a company-wide overview of all of the policies, signatures, and training each employee has completed.
While creating an effective compliance program can seem like a daunting task, you can get the ball rolling. By incorporating the seven key elements – and following the steps above – you can lay a solid foundation for a corporate compliance program that meets your organization’s specific needs.