How to Create High-Impact Compliance Initiatives for Your Company in 2016
Implementing a new compliance initiative is one of the biggest challenges companies and compliance officers face. Many times, employees see new compliance initiatives as a response to something that went wrong. However, in reality, most new compliance initiatives are the result of changing laws, regulations, company contracts and meeting best practices. If you plan to launch a new compliance initiative in 2016, here are some key tips to help ensure it takes root.
Develop a Communications Plan
You can’t effectively implement any type of change management action—including compliance initiatives—without communication. From the very start of your compliance initiative, you should take specific measures that will set the stage for open, honest, and consistent communication that extends through all stages of implementation.
- Be upfront – Disclose from the beginning in clear, concise language why your company is mandating the compliance initiative.
- Set expectations and outline penalties – Clearly identify what is expected of each employee and what the penalties are for non-compliance.
- Add Value - Discuss the value of compliance with the new initiative as it relates to each department/business unit.
- Incentivise - Outline rewards for proper compliance.
These measures will eliminate rumors or doubt surrounding your policy changes and will provide direction on how employees can alter their processes to become compliant. They will also help employees and stakeholders understand the value of the compliancy change as it relates to their individual role within the company.
Get Executive Buy-In
For any of this to take hold, compliance officers must obtain buy-in from the executive team. Exectives are rarely focused on compliance initiatives, so getting their support is not always the easiest task. However, without their support, your initiative could very well become a sitting duck. Executives are responsible for setting the ‘tone at the top’ and must be willing to not only understand and comply with the initiative, but also emphasize its importance to the rest of the company.
Establish Penalties & Rewards
Establising penalties alone will smother innovation. Employees often fear going above and beyond their duties because of the risk it poses. If penalties are balanced with rewards, employees have an incentive to excel. As stated before, both penalties and rewards should be clearly defined and communicated to all departments to ensure employees fully understand what is expected of them. Beyond outlining expectations, compliance officers and management must enforce the policies and follow through with rewarding and penalizing employees if they want staff to take the compliance initiative seriously.
Penalties for non-compliance may include:
- A verbal or written warning
- Manager involvement
- Performance improvement plan (PIP, a formal document outlining what the employee did wrong and what they must do to correct the situation)
Rewards for compliance may include:
- Verbal or written praise
- Company-wide praise
- Issuing a gift card
- Breakfast, lunch or dinner on the company
- A plaque or trophy
- Additional vacation time
- Offering work-from-home privilege
- Giving spot bonuses
Compliance officers—a new initiative is your time to shine. Show executive-level management how valuable your position is to the company by creating a high-impact compliance initiative that staffers understand, respect, and follow. Communication, executive buy-in and religious adoption of a rewards and penalty program will help get you there.
About KRISTEN WILBUR
Kristen Wilbur is a Principal at Schellman, with over 10 years of experience in providing IT attestation and compliance services. Kristen has evaluated risk and controls for Global 1000, Fortune 500, and regional companies during the course of her career with a strong focus in the technology sector. Kristen currently leads the New York City practice at Schellman where she specializes in SOC 1, SOC 2, ISO 27001, and HIPAA reporting. In her portfolio she also oversees large scale engagements that include assessments around FedRAMP, HITRUST, and Privacy. Kristen has a strong passion for giving back and recently helped to establish the corporate social responsibility program at Schellman called SchellmanCARES.