1  2 

Designing the Compliance Program

Creating an effective compliance program involves multiple steps. The first phase is to understand the environment in which the organization operates, including the legal and regulatory requirements that govern the organization’s compliance obligations.

The Organizational Context
No organization functions in a vacuum. An organization is the creation and reflection of history, personalities, need, and opportunity. Organizations are subject to the cyclonic forces of law and regulation, as well as to external and internal stakeholder expectations. An effective organization compliance program needs to understand and manage within these dynamics.

The Risk Environment
Each organization has its own unique legal, regulatory, operational, and reputational risks. The organization’s strategic objectives, its risk tolerance, and its ability to manage risk will help determine the need for a compliance program and the scope of that program.

Organizational History
Each organization has its own particular history. Was it created by a merger, an acquisition, a divestiture, or a consolidation of different organizations? Was it the brainchild of an inspired leader or of a faceless investment entity? Was it created a hundred years ago or yesterday? Was it born of need, greed, or happenstance? These conditions will determine the organization’s values, ethics, image, brand, and public reputation, which contribute to the need for and extent of a compliance program.

Organizational Structure
A key variable in creating the compliance program is the organization’s structure. Is it decentralized or centralized? What is the decision-making structure? Are operations concentrated in one country or geographic region, or are they dispersed internationally? How is the organization staffed: does it have full-time or part-time employees, independent contractors, or temporary employees?  Is it Web-based? What functions of the organization are outsourced? What person(s) in the organization is currently responsible for the audit, legal, risk management, compliance, human resources, and internal controls functions? Each of these factors will help to determine the scope and nature of the compliance program.

Key Players and Stakeholders
Who are the principal decision makers in the organization, and what are their attitudes, experience, skills, and knowledge with respect to compliance and a compliance program? What are the views of the board of directors, senior management, risk management, legal and accounting staff, human resources, and internal control staff? One comment that is often made by senior mangers or board members has been, “Why do we need a compliance program when compliance should be everyone’s business?” What is the attitude of the general employee base? What has been the history of the organization’s relationship with its regulars, the media, non-governmental organizations (NGOs), customers, and suppliers?

The Organization’s Values and Culture
The organization’s values and culture will have a significant impact on the development of an effective compliance program. A major contributory factor to this success will be the extent to which the organization’s board of directors and senior management

• Support and endorse compliance and ethics
• Are willing to provide the necessary resources and commitment of time and effort to the compliance initiative
• Publicly reinforce the ethos of the organization 

1  2