Big Brains In Compliance is the newest show on the Compliance Podcast Network featuring Tom Fox, the Voice of Compliance, and Stephen Martin, Partner at StoneTurn. In this week’s show, Tom chats with Stephen about the Six Elements framework Stephen helped develop. They discuss why it’s important and how companies can use it to construct a comprehensive compliance program that satisfies government requirements and drives an ethical culture.

The Six Elements

Typically business leaders would either find compliance programs too legalistic, so they would tune out, or believe that they would never run afoul of the guidelines, so they didn’t need to care. Stephen says they created the Six Elements framework for CEOs and companies to have an easily digestible, practical guide to create an effective compliance program for their companies. It helps them to benchmark their existing programs, recognize the gaps, and make enhancements. 

“[The Department of Justice] has become much more sophisticated in evaluating the effectiveness of your compliance program,” Stephen points out. The Six Elements allow companies to have a continuous cycle of monitoring and improvement in the key areas of compliance: risk assessment; governance and structure; policies, procedures, controls; training and education; oversight and reporting; and response and enhancements. “It gives you a very nice work plan of how to enhance,” Stephen says, “and it’s something that both helps you as a company but also you can then show to government regulators if you are ever asked about the effectiveness of your compliance program.”

Risk Assessment and Monitoring

Tom comments on the DOJ’s recent statement that you should do your risk assessment whenever your risks change. Stephen adds that the two areas of compliance that companies struggle with the most are effective risk assessment and oversight and monitoring. He shares how his company helps clients build a proactive risk monitoring protocol: this allows them to monitor their risk internally on an ongoing basis. He and Tom talk about the importance of Data Analytics in oversight and monitoring. It’s the number one question compliance officers ask, Stephen says. They all want to use data but they don’t know how. His company again takes a proactive approach by helping clients create dashboards to aggregate the data already present in the organization. This allows them to monitor key issues.


“How do you help a CCO… to help bring institutional justice and fairness leading to trust and a better culture to an organization?” Tom asks Stephen. Most compliance programs don’t focus on the ethics or culture side, Stephen admits. However, building an ethical culture and giving your employees the tools to speak freely, does more to protect your company than a compliance program in the long run. “Ethical leadership is the best compliance program that you could put in place,” Stephen argues.


Stephen Martin on LinkedIn