One overriding theme from the Justice Department’s “Evaluation of Corporate Compliance Programs” is that a corporate compliance program must be operationalized. That’s a key factor, writes Tom Fox, but it must also operate with “connected compliance,” the connectivity of compliance throughout an organization.
Connected compliance provides an important mechanism for companies to consider in operationalizing the compliance program. While compliance is obviously a business process, it should also be seen as a continuous process. In that sense, the data from a wide variety of sources should be used to track the types of risk that compliance professionals must manage.
A good start is for management to examine and track third parties. Continuous monitoring of third-party watchlists might seem in this day and age a bit pedestrian, yet many companies do not understand the need for having knowledge of who they are doing business with once the contract is signed. Put simply, due diligence once every two years is a recipe for trouble. Companies should be constantly aware of their third parties’ operations, actions, and limitations. More so, this type of information should not be limited to third parties in the sales business but should also take into account customer exposure.
Connected compliance can help make people, materials, energy, plant, and equipment far more productive; and the repercussions for business processes—be they positive or negative—will be felt throughout the economy. Connected compliance also ensures a compliance solution will be delivered when certain thresholds are met, rather than according to a schedule. New data analytics will lead to previously unattainable efficiency improvements and allow the company to do more business in compliance going forward.
Just as processes have evolved in connected compliance, so do structures. These structural changes mean that compliance will be integrated into diverse functional units of the company, such as manufacturing, logistics and supply chain, sales, and finance. This integration will be implemented throughout the business unit leadership team and via the design of formal processes for connected compliance, with multiple units having certain roles and responsibilities.
It is through connected compliance that all groups within a company will become responsible for compliance. The integration of this data into compliance is still viewed as cutting-edge, although many companies have already structured this data within their own ERP systems.
It is definitely worth senior management consideration. Once a connected compliance process is in place, senior management will be able to view information to make the business more efficient and the company will be able to take on more risk, because the risks will be managed more effectively.