In an address before the SEC's January 26 CCOutreach National Seminar, Carlo V. di Florio, Director, Office of Compliance Inspections and Examinations, described what he considers "the fundamental elements or pillars are for an effective compliance and ethics program."
- Governance. It plays a critically important role in having an effective compliance and ethics program and in ensuring that the program has the necessary independence , standing, and authority to be effective.
- Culture. Culture is a key measure of whether a program is effective or not. It is the first thing that employees tune in to — there is nothing employees notice more than when the leaders in a culture say one thing and do another. So, culture is a critical enabler of effective compliance programs.
- Incentives and rewards. These can either be key enablers of effective compliance and ethics programs or, if poorly structured, they can be leading indicators of where the risk decisions and products reside.
- Risk assessment and a risk-based approach. Just like the SEC, you have limited resources, so you must allocate your resources to their highest and best use. Thus, you must make sure that your key risks are identified and covered adequately and effectively.
- Policies and procedures. Awareness of policies and establishing basic policies are critical. However, tailoring those policies and procedures to your business model, your products, your business network, the conflicts of interest in your business model, and other key tailoring components is very important.
- Communication and training. Similar to policies and procedures, while awareness training is good, it is really training that is roles-based and that lets each critical partner in the compliance program understand their roles and responsibilities that is the most effective.
- Monitoring, testing and reporting. This collective process is critical to maintaining the health of the system, checking the health of the system, identifying possible issues, and making sure that they are addressed effectively.
- Investigations and enforcement. These help ensure that the program is firm, fair, and consistent in its application.
- Issues management process. This process is critical because issues can get ahead of us or behind us without having been adequately addressed. However, a good issues management process that helps us identify issues, escalate them quickly, analyze them critically, and action them timely is fundamental to an effective compliance program.
- On-going improvement process. This is the process that lets us make sure that our compliance program is effective and healthy, that it is keeping pace with the rapidly changing market environment , complexity environment, and product and service environment.
di Florio stressed that each of these concepts should be implemented in a manner that avoids siloing of the programs, duties and responsibilities, and be an integral part of day-to-day running of the the company and longer term strategy.
The full text of di Florio's January 26 address is available at: http://www.sec.gov/news/speech/2010/spch012610cvd.htm