We share the summary we crafted of the interesting webinar given by Kristy Grant-Hart (Steel), entitled the Top 10 Critical Lessons from the DOJ's 2020 Update
1. Today's best practices are becoming expectations already
· The prosecutors are expecting the best practices, it's a very high bar and needs a lot of metrics.
· You need to bring a lot of microlearning meaning you need to give 2 to 4- or 10-minute sessions and reinforce them throughout the year.
· Even if these best practices are impossible to implement at the moment you have to set them as goals to implement them in the future.
2. You need access to data
· Compliance personnel need to have sufficient direct and indirect access to relevant sources of data to allow timely and effective monitoring and or testing policies.
· It's also not only about data but about actionable data.
3. Keep up to date o Benchmarking and prosecutorial actions
· You have to look at other companies risks assessments in order to update your own risk assessment.
· Also, you have to be informed of what is happening in other companies that is getting them in trouble so that you can update your own risk assessment.
4. You need good technology for your policy management.
· Your need to publish your policies in a searchable database as well as measure and track employee access to those databases.
· You need purpose-built software in order to get the necessary data.
5. Document the decision-making process.
· It's necessary to document why the company has decided to implement the compliance program the way it has.
· Write down how the program has evolved.
· It’s necessary to have the decision-making process documented.
6. Engage in ongoing third- party lifecycle risk management.
· You need and ongoing lifecycle risk assessment program of third parties not only at the beginning of the relationship.
· You need continuing automated monitoring of third parties.
7. Make sure you have a continuing education budget.
· Now companies need to have the adequate resources to keep training personnel in the future as well as the compliances officers.
· Have budget for certifications for compliance officers.
8. You need a plan for pre-acquisition and post-acquisition integration of the compliance program
· You need to do compliance due diligence.
· Also, it’s important to do a compliance integration program for the acquired company, meaning that the company acquired needs to fall into the existing compliance program.
· The compliance officer has to be a part of the M&A process, meaning that the officer has to evaluate what are they doing and what will need to be done.
9. You need a culture survey (or its equivalent)
· This is because prosecutors are now asking if employees have knowledge of the hotline and if so if they are comfortable using it.
· If it’s hard to do a complete culture service you can do a focus group, this because it’s important to have proof that you were indeed traying to make sure that employees had the knowledge of the hotline and that the use of said hotline was incentivized.
· Also, these surveys help to measure de trust or distrust of said hotline and in case that there is distrust it gives the opportunity to change the culture in regard to said hotline.
10. Update, Update, UPDATE!
· With time best practices change technologies change so it’s important to update the compliance program to be in check with the best practices and to use the technologies available.
· This also means to look outside of your company to see where the trends are going and to get ideas and implement them into your own compliance program.
For more information about this topic, contact us at 55 2155 5739 or write to compliance@apmabogados.com.mx
Commentaires