Disconnectedness compliance comes from the fact there is not one system which connects the disparate strands of the compliance discipline. In the view of Thomas Sehested, GAN Integrity founder and its former Chief Executive Officer connected compliance “enables a CCO and all those people in the organization working with compliance, to have one central place, a one system of record for everything they do.” This can be their whistleblowing hotline, case management, training of their employees or training of their vendors policy. It is literally connecting them all so they are running from one central location and these disparate systems can be monitored from one central location. He put it as, “really like getting everything under one roof.” I was struck by that metaphor, “getting everything under one roof”, as one of the struggles many compliance officers have is that the information they need is literally siloed across different functions of the company. Information can be contained in the sales function, where there may be employee expense data, information on marketing expenses or charitable donations may be in the sales organization but it could be spread among other corporate functions as well.
All of this is what the DOJ has articulated as operationalizing compliance. It first garnered attention in the February 2017 release of the original Evaluation of Corporate Compliance Programs. Since that time, compliance practitioners have steadily worked to move their compliance programs forward onto the front lines of their business units. Connected compliance is one way to do so but it clearly requires a human element to not only interpret data but to impart the appropriate or required compliance solution. Operationalizing compliance means that you cannot have an annual or even quarterly update on what’s going on in the program. It must be operationalized in such a way that you are sharing information not only with the regional business units of floating up to the corporate compliance folks, but also sharing information back and forth with the other business units, procurement, finance and reacting in real time.
Three key takeaways:
- Connected compliance moves you towards continuous monitoring.
- Compliance under one roof.
- Never forget the human element.