The Justice Department and various regulatory agencies continue to emphasize the importance of continuous improvement, testing and review as part of robust assessment procedures in an effective compliance program. The Treasury Department’s Office of Foreign Asset Control has specifically stated that a sanctions compliance program should include “a comprehensive, independent, and objective testing or audit function” so that a company can determine “how their program[] [is] performing and should be updated, enhanced, or recalibrated to account for a changing risk assessment or sanctions environment.” The Health and Human Services — Office of Inspector General has made similar statements underscoring the need to conduct compliance audits and testing. An important part of every compliance program focuses beyond the design and operation of the program to the important issue of whether the program is working. In this respect, DOJ and regulatory agencies have noted that CCOs should be striving to develop “continuous” monitoring systems and avoid “snapshots” in time. In order to execute such monitoring, compliance has to maintain broad access to operational data across all key functions in a company. This data must be used to regularly update risk assessments, compliance policies and procedures and financial controls.
In this episode, Michael Volkov takes a broad review of the testing and auditing of ethics and compliance programs.