Anti-Corruption & Compliance Blog

As discussed in Part 1 and Part 2 of this series, the seven core principles of an effective integrity compliance program apply to businesses of any size, but there is no one-size-fits-all model to compliance. What is appropriate for a multi-national business with thousands of employees speaking numerous languages in various locations will almost certainly not be right for a domestic business employing less than 200, much less a local business employing 25. Yet, it is critical for small and medium size businesses to have compliance programs in place and embedded into their culture. The following ideas are ways to adapt a compliance program to fit the size and risk profile of the business:

• Can your business afford a full-time, independent compliance officer? Many simply cannot, but that does not mean that a compliance program or oversight of the program is out of reach. Such a business can incorporate compliance oversight into an existing role. But that existing role should not be one that also has responsibility for operations and/or bid offers or acceptance. Wearing both of these hats creates real or perceived conflicts of interest. Another consideration is recusal: if a financial officer also acts as head of compliance, then there must be a clearly defined alternative if a violation arises within that finance group. Not every company can afford to hire a dedicated compliance professional, but every company must set the tone from the top of management and clearly allocate the responsibility for oversight, review, and adaption of the program.
• Does your business have the resources to commit to a training program with all the bells and whistles? Deluxe (but complicated and expensive) web training tools and off-campus training days may not be within the budget, but every company must assure integrity compliance training of all employees. In a smaller company that may mean semi-annual compliance training meetings; having each employee sign a certification that she or he has read the Code of Conduct and related policies; and/or management certifications that they have conducted departmental compliance training.
• How can a business of 20 employees, all of whom know and work closely with each other, implement a confidential and anonymous reporting scheme? When the officer responsible for compliance personally knows each employee, then an “anonymous” hotline is suddenly not so anonymous. Of course, that does not mean such a small business can merely omit a proper reporting function, but reporting will likely need to be adapted to fit the needs of the business. One possible alternative may be a simple drop box for anonymous reports. The core principle remains intact, but the means to accomplish it looks different.
• What if your business does not or cannot commit a portion of the incentive compensation plan to compliance? That is not the only way to incentivize employees around integrity. You can plan an “Integrity Week” where the Code of Conduct is stressed and small rewards are provided for answering questions related to the policies or providing the best answers to hypotheticals. Internal promotion decisions can include an integrity review of employees up for promotion. The specific incentive will be appropriate to the business but must instill the importance of integrity within the culture.

These are only a few ideas and each program will look different depending on the context of that business. A multi-national enterprise may need to provide a web-platform in multiple languages with all the bells and whistles to allow employees spread across multiple continents to effectively report potential violations. A smaller local business may need only a publicly available drop box. Although these specifics will be different, all companies, no matter the size, should take the appropriate steps to instill a culture of integrity and an effective compliance program within the heart of the organization.