We share the summary we crafted of the interesting webinar given by Kristy Grant-Hart (Steele) entitled The Top Ten Biggest Mistakes Made By Compliance Professionals
1. Not updating the risk assessment when a crisis hits or the business changes.
• It’s always important to update the risk assessment in times of crisis, even though it may take some more resources of every type.
• Whenever a new risk rises it’s important to tackle it as soon as possible because even though the authorities might not be checking the compliance program at the time they must certainly will when the crisis ends.
2. Not preparing your persuasion plan to defend compliance efforts in the immediate aftermath of covid-19.
• The economy will suffer a due to Covid-19 so it’s important to defend a compliance program and the actions outline by said program so that even if the revenue of the organization drops the compliance program must stay in place.
• However, it is important to be flexible and to work together with the other parts of the organization in order to find a balance between compliance and the business side of things within the organization.
• It’s important to have knowledge of how previous crisis affected the industry in which the company operates and have the ability to describe said crisis and its consequence’s and make the point of why compliance it’s so important.
• Have an elevator pitch ready of why compliance its important at the moment.
3. Not planning now for potential layoffs.
• You have to take into consideration that when people are no longer part of the organization, they might still have access to confidential information and given the situation (layoff) the might be tempted to use in an unlawful way.
4. Not using the business language.
• Using language that it’s not only understandable for everybody within the company but also having the program that if applied to different countries or regions takes into consideration the difference there could be in language.
5. Not tying activities to business objectives.
• The compliance activities don’t matter unless they contribute to the business objectives.
• If there’s a change in the business objectives for example more online presence (sales, etc..) change the compliance program according to the need arising from said change.
6. Not defending the scope of the compliance departments responsibility.
• The people who work in the organization need to know who integrates the compliance team and the responsibilities of said team.
7. Not inviting cross functional collaboration in major initiatives.
• Having a compliance focus group before launching a major initiative from different areas of the business and if possible different countries to get different inputs.
8.Not telling the story of your program through metrics.
• Starting with and end in mind and if there’s an automation program using said program information to better explain the consequences of the compliance program.
9. Not asking for the right resources: technology, human or financial.
• When asking for resources it’s important to ask for the adequate amount, even if you think that amount is high.
• It’s important to let the organization know of the potential risk if said program is not well funded for example to take into consideration the penalties and to weight the cost of the program to the potential penalties that may arise from the lack of the program or the underfunding of said program.
10. Not ensuring the consistency of your program so it achieves defensibility.
• Setting and standard for the program even though it might be in different countries or even in different business units there has to be a consistency in the program.
Comments