Hui Chen, the first (now former) US Department of Justice “compliance consultant," described what she sees as the four critical touchstones of an effective compliance program facing DOJ scrutiny: credibility, measurement, accountability, and continuous improvement.
Ms. Chen said the DOJ recognizes the challenges of compliance: Laws and regulations are more complex, organizations are larger, and it is human nature to cut corners sometimes.
Stepping back, she noted humorously: “Even God could not get two people to be compliant," referring to Adam and Eve.
That said, Ms. Chen identified four factors that she thought carry weight with the DOJ:
1. CREDIBILITY: Give the Compliance Department appropriate stature within the company and have it understand the company’s risk profile.
Credibility relates to “stature,” as used in in DOJ’s compliance checklist released earlier this year that Ms. Chen reportedly had a lead role in creating.
Some questions to ask include, how is Compliance viewed around the company? When Compliance calls for the business to do something it is inevitably a burden, so how does the company counter that and incentivize compliance?
Understanding risk is key to tailoring your program. Does the Compliance team have a good grasp on the company's risk and its appetite for risk so that a credible program can be formed to mitigate that risk?
2. MEASUREMENT: Let data drive your risk assessment and how you deploy compliance measures in a cost-effective, efficient manner.
Measurement is “huge," according to Ms. Chen. DOJ would ask “how are you evaluating and measuring your success?” How do you use data and measurement to focus your efforts in an efficient manner?
3. ACCOUNTABILITY: Hold wrongdoers accountable, including supervisors for failures in oversight or failure to allocate appropriate resources for compliance.
4. CONTINUOUS IMPROVEMENT: Regularly test and reassess your controls and their effectiveness; tune appropriately.
Ms. Chen added, "a good compliance program today would be obsolete in two years tops.”
* * *
Ms. Chen’s talk occurred October 24 on a webcast hosted by Control Risks. Companies are well advised to take into account themes like these and the official guidance from the DOJ in keeping their compliance efforts up to date.