Make your compliance programme efficient in 10 steps
For a long time, the mantra of the compliance practitioner has been ‘do more with less’, as laws evolve and the needs of the business shift. Some days it can be hard enough just to put out all of the compliance fires that arise, let alone have time to spend on looking at ways to maintain, update and finetune processes and policies. But, in the long run, creating programme efficiencies can free up more hours in the day. The following are ten ways to create efficiencies in your compliance programme.
1. Conduct a compliance risk assessment
Compliance risk assessments should be carried out at least once every three years, to find any holes in the programme and determine where resources should be allocated. Given the limited resources and budget of many compliance teams, it makes sense for this risk assessment to be conducted internally. Following a guide such as the United States Department of Justice’s guidance on the Foreign Corrupt Practices Act or the ISO 19600/37001 standard makes this process easier by allowing the defensibility of the programme to be tested without reinventing the wheel.
The results of the assessment will determine the current state of the compliance programme and provide a starting point for making improvements.
2. Revise your risk framework
A risk matrix or scoring scheme is the general framework used to score various factors (such as country, role and government interactions) to see how risky a third party, engagement or deal could be. It is likely that your company’s risk appetite, use of third parties, business operations and/or compliance budget has changed since the risk framework or matrix was created. Your tools to assess risks should also be adjusted so that your 2020 approach isn’t based on your 2014 business.
3. Look at outsourcing tasks
Compliance folks at all levels are being asked to do more these days, particularly given the slowdown in the economy and resulting cuts to the workforce. As their lists of tasks grow, it can become necessary to take on more administrative tasks to keep their compliance programmes running.
While it can work temporarily to bridge gaps, it is inefficient to have skilled compliance resources spending their time on mundane tasks. Adding administrative tasks to their workload can also lead to burnout and stagnation of the compliance programme because there is no time to devote to in-depth projects.
By outsourcing these tasks, however, skilled compliance resources can focus on more critical tasks rather than simply keeping a programme afloat.
4. Revisit the questionnaires used during onboarding of third parties
The questionnaires sent to third parties should constantly be reviewed and updated. There are likely to be questions in there that you already know the answers to, or questions that you aren’t sure why you ever asked in the first place.
Everyone appreciates a short questionnaire; both those answering the questionnaires and those reviewing the answers.
5. Find out if you can piggyback off things the business is already doing
In many ways, you can enlist other departments to conduct some compliance tasks. You could introduce training at existing sales meetings or local office meetings, look at what finance is doing when a third party is reviewed, or talk to procurement about the due diligence checks they do during their processes – even if you knew these processes years ago, they could have changed.
Is there only one person in your department that knows how to conduct and review a sanctions or watchlist search? Are investigations about potential misconduct handled by only one or two people? It makes sense to share these skills across the team, so if there is a big spike in activity or someone leaves the rest of the team can pick up the slack.
7. Look at technology and how it can be leveraged to do more for you
Most companies have some technology in place to:
- conduct training
- onboard third parties
- conduct watchlist screenings
- review and manage hotline reports.
While the basic functionality of these tools is certainly understood, there may be untapped functionality that would save time and money. This technology could be as simple as automated alerts when new activity occurs or reminders when a renewal or anniversary is due, or could be as advanced as providing more insights and reporting.
Reach out to technology providers and ask for more training and updates on new features. If the technology seems to be stagnant, look for new technology that could have more potential for you at a lower cost.
8. Make your communications shorter and more timely
Everyone appreciates an email that they don’t have to scroll through or read multiple times to understand. When there is something to say about a change in compliance, keep your message short and sweet.
If there is a new policy or procedure, people will just want to know the answers to the following questions:
- How does this impact me?
- What changed?
- When do the changes take effect?
- If I have questions, whom can I ask?
- Do I have to do anything?
Providing answers to these questions in succinct language will increase the odds that people absorb the information and read future emails.
9. Talk to the business about what they do and don’t like about compliance process and systems
While compliance and legal teams have ideas about how processes should work to be effective and defensive, the teams that are responsible for putting the processes into practice could have insight into how things could be done better. This isn’t to say that they know best on how to steer the programme, but they may have unique insights on how to arrive at the same goal more efficiently.
Reach out to these teams and ask them for their feedback. This could be done via a townhall meeting, focus-group discussions, or an anonymous online survey.
10. Clean up your data
It can be astonishing to discover how much effort is devoted to updating data on resellers, distributors, suppliers, vendors and contractors that are no longer working with your company.
When it is time to renew a third party, conduct training, update a contract or view ongoing monitoring hits, you want to be sure that you’re only looking at active relationships. It is therefore important to clean up your data and remove defunct third parties.
There are certainly other ways to create efficiencies within a compliance programme, but the above list can generate discussion on how crucial parts of the programme can be done better, quicker and cheaper.
The current global economic conditions mean that the way companies do business is changing. Compliance professionals should use this time to revisit their goals and see if they can be achieved in a more efficient manner.