Compliance & Ethics Program Best Practices Resource GUide
You can hover over the circles below to view best practices for Compliance and Ethics Programs.
While no Compliance and Ethics program is the same, these best practices provide general guidance on creating and maintaining a right-sized, industry-tailored Compliance and Ethics program. If you need assistance to accomplish any of these best practices, please feel free to reach out to the BBNC Compliance Department at compliance.bbnc.net.
Policies & written standards
Policies & Procedures
Standards, procedures and written controls help to prevent and detect unethical conduct.
BEST PRACTICES
- Create one central, cross-functional repository for policies, procedures, guidelines, etc.
- Communicate new and revised policies to applicable parties (employees, independent contractors, vendors, etc.)
- Implement and distribute a policy development process
- Share the BBNC Code of Ethics and Business Conduct
Program Structure
PROGRAM STRUCTURE
A Compliance and Ethics Program Structure creates various levels of oversight by knowledgeable individuals to ensure that applicable policies and written standards of control are followed.
BEST PRACTICES
- Define the scope of your industry-specific, risk-based compliance program
- Document your Compliance & Ethics Program strategic plan and obtain leadership approval
- Identify dedicated compliance personnel or personnel who accomplish Compliance & Ethics Program functions (Compliance Liaison Policy)
- Create a compliance and ethics budget
Education, Training & Communication
EDUCATION, TRAINING & COMMUNICATION
Education on relevant laws, regulations, and policies so that expected conduct in the workplace reduces the probability of unethical conduct.
BEST PRACTICES
Training:
- Offer training in multiple formats (electronic, live, interactive)
- Track training completion
- Measure employee satisfaction with training
- Document the effectiveness of training (i.e., is there a reduction in risk because people are trained)
Education (Content):
-
- Complete Annual Compliance & Ethics Training
- Identify and complete industry-specific training (mandated by industry, regulations or legislation)
- Identify and complete training that supports employee development and aligns with strategic goals
- Provide training on new and revised policies, as requested or needed
Communication:
- Communicate compliance events (policies, training, initiatives, industry changes)
- Offer communication in multiple formats (email, website, intranet, newsletter)
Culture of Integrity
CULTURE OF INTEGRITY
Duty to ensure that senior leadership models and rewards high ethical behavior by delegating authority, hiring, and promoting others with a proven record of high character.
BEST PRACTICES
- Send Executive and Senior Leadership to the Annual Leadership & Compliance Conference
- Promote a Speak Up, Speak Out culture
- Reinforce the importance of compliance and ethics and obtain leadership support
- Define specific compliance and ethics expectations
- Assess employee perception of culture using culture surveys
- Work with key stakeholders to remediate cultural issues
Monitoring, Auditing & Reporting
MONITORING, AUDITING & REPORTING
Continuous and routine review of business activity allows issues to be identified early on and remedied quickly. Open lines of communication increase early detection of issues and help identify areas or topics that require additional monitoring or education.
BEST PRACTICES
Monitoring:
- Conduct wellness checks (via telephone, video call, or live) to promote a culture of integrity and appreciate employees who demonstrate ethical behavior
- Maintain a database of applicable laws and regulations and track changes, as needed
- If red flags appear, report the issue using the established reporting mechanism
Auditing:
- Collaborate with the Internal Audit function to ensure that the compliance program meets industry standards
Reporting:
- Maintain an anonymous hotline for employees to report misconduct
- Create multiple channels for employees to report misconduct
- Communicate the importance of speaking up and protections (i.e., no retaliation, anonymous reporting) for employees who report misconduct
- Solicit employee feedback regarding reporting mechanisms
Incentives & Discipline
INCENTIVES & DISCIPLINE
Create and maintain a corporate culture where all incidents, allegations, reports and suspicions of potential misconduct and violations of law, regulations, and written standards are properly reported, triaged, investigated, and resolved by appropriately qualified and trained investigators.
BEST PRACTICES
- Empower supervisors to consider compliance behavior in performance reviews
- Incentivize ethical behavior with recognition, awards, and prizes (i.e., via Spotlight on Compliance Week)
- Create and distribute discipline policy/guidelines
- Create a disciplinary database to ensure consistent behavior
Internal Investigations
INTERNAL INVESTIGATIONS
Expectations are met through effective checks and balances and taking consistent and appropriate disciplinary measures to discourage unethical conduct while also rewarding those who demonstrate ethical behavior.
BEST PRACTICES
- Adhere to the Internal Reports & Investigations Policy
- Create and distribute subsidiary internal investigation guidelines/policy to all employees
- Create a central repository for identified reports of misconduct
- Designate a single point of contact to process (assign, escalate, monitor, and close-out) employee reports of misconduct
- Select trained, qualified, and experienced personnel to conduct internal investigations
Evaluate
Evaluate
Proactive measures in response to inefficient practices, Compliance & Ethics Program elements, and unethical conduct prevents similar issues from occurring in the future and maintain a posture of continuous improvement.
BEST PRACTICES
- Collaborate with Risk function to monitor mitigation steps
- Identify metrics for an effective Compliance & Ethics Program and report metrics to leadership
- Track Compliance & Ethics Program activity
- Benchmark Compliance & Ethics Program against similarly sized and situated industry peers
Compliance Department Compliance and Ethics Program Best Practices Resource Guide
Policies & Procedures
Policies & Procedures
Standards, procedures and written controls help to prevent and detect unethical conduct.
Best Practices
- Create one central, cross-functional repository for policies, procedures, guidelines, etc.
- Communicate new and revised policies to applicable parties (employees, independent contractors, vendors, etc.)
- Implement and distribute a policy development process
- Share the BBNC Code of Ethics and Business Conduct
Program Structure
Program Structure
A Compliance and Ethics Program Structure creates various levels of oversight by knowledgeable individuals to ensure that applicable policies and written standards of control are followed.
Best Practices
- Define the scope of your industry-specific, risk-based compliance program
- Document your compliance program strategic plan and obtain leadership approval
- Identify dedicated compliance personnel or personnel who accomplish compliance program functions
- Create a compliance budget
Education, Training & Communication
Education, Training & Communication
Education on relevant laws, regulations, and policies so that expected conduct in the workplace reduces the probability of unethical conduct.
Best Practices
Training:
- Offer training in multiple formats (electronic, live, interactive)
- Track training completion
- Measure employee satisfaction with training
- Document the effectiveness of training (i.e., is there a reduction in risk because people are trained?
Education (Content):
- Complete Annual Compliance Training
- Identify and complete industry-specific training (mandated by industry, regulations or legislation)
- Identify and complete training that supports employee development and aligns with strategic goals
- Provide training on new and revised policies, as requested or needed.
Communication:
- Communicate compliance events (policies, training, initiatives, industry changes)
- Offer communication in multiple formats (email, website, intranet, newsletter)
Culture of Integrity
Culture of Integrity
Duty to ensure that senior leadership models and rewards high ethical behavior by delegating authority, hiring, and promoting others with a proven record of high character.
Best Practices
- Promote a Speak Up, Speak Out culture
- Reinforce the importance of compliance and ethics and obtain leadership support
- Define specific compliance and ethics expectations
- Assess employee perception of culture using culture surveys
- Work with key stakeholders to remediate cultural issues
Monitoring, Auditing & Reporting
Monitoring, Auditing & Reporting
Continuous and routine review of business activity allows issues to be identified early on and remedied quickly. Open lines of communication increase early detection of issues and help identify areas or topics that require additional monitoring or education.
Best Practices
Monitoring:
- Conduct wellness checks (via telephone, video call, or live) to promote a culture of integrity and appreciate employees who demonstrate ethical behavior
- Maintain a database of applicable laws and regulations and track changes, as needed
- If red flags appear, report the issue using the established reporting mechanism.
Auditing:
- Collaborate with the Internal Audit function to ensure that the compliance program meets industry standards
Reporting:
- Maintain an anonymous hotline for employees to report misconduct
- Create multiple channels for employees to report misconduct
- Communicate the importance of speaking up and protections (i.e., no retaliation, anonymous reporting) for employees who report misconduct
- Solicit employee feedback regarding reporting mechanisms.
Incentives & Discipline
Incentives & Discipline
Expectations are met through effective checks and balances and taking consistent and appropriate disciplinary measures to discourage unethical conduct while also rewarding those who demonstrate ethical behavior.
Best Practices
- Empower supervisors to consider compliance behavior in performance reviews
- Incentivize ethical behavior with recognition, awards, and prizes (i.e., via Spotlight on Compliance Week)
- Create and distribute discipline policy/guidelines
- Create a disciplinary database to ensure consistent behavior.
Internal Investigations
Internal Investigations
Expectations are met through effective checks and balances and taking consistent and appropriate disciplinary measures to discourage unethical conduct while also rewarding those who demonstrate ethical behavior.
Best Practices
- Create and distribute internal investigation guidelines/policy to all employees
- Define the process to intake and triage employee reports of misconduct
- Create a central repository for identified reports of misconduct
- Designate a single point of contact to process (assign, escalate, monitor, and close-out) employee reports of misconduct
- Select trained, qualified, and experienced personnel to conduct internal investigations.
Evaluate
Evaluate
Expectations are met through effective checks and balances and taking consistent and appropriate disciplinary measures to discourage unethical conduct while also rewarding those who demonstrate ethical behavior.
Best Practices
- Collaborate with Risk function to monitor mitigation steps
- Identify metrics for an effective compliance program and report metrics to leadership
- Track compliance program activity
- Benchmark compliance program against similarly sized and situated industry peers