Who is the government inciting to report issues of corruption, fraud, and non-compliance? YOUR EMPLOYEES: incenting them to be the whistleblower reporting on wrongdoing in the organization directly to the government. This has grown to be an issue with board and executive concern with the Dodd-Frank Act whistleblower provisions. This legislation entices employees to report violations, such as bribery, corruption, fraud, insider trading, and more to the government. Employees who blow the ‘whistle’ and provide information which leads to a successful enforcement action receive 10 to 30 percent of the monetary sanctions over $1 million. In an era of increased scrutiny and judgments for non-compliance, this is a significant concern that keeps executives, the board, legal, and compliance professionals awake at night.
Compliance must be an active part of culture and processes to prevent and detect issues before they are reported to government. Compliance processes must be monitored, maintained and nurtured. The organization cannot afford ad hoc approaches to compliance. In the era of the corporate bounty hunter, established processes must be in place to prevent non-compliance from happening. And when it does happen, the ability to demonstrate established compliance and monitoring processes can significantly reduce the penalties imposed upon the organization. The challenge is establishing compliance activities that move the organization from an ad hoc reactive mode to one that actively manages, monitors, detects and prevents risk. This requires the organization to implement technology to manage compliance.
There are two primary models to manage a compliance program aimed at mitigating the risk of the corporate bounty hunter: One approach is build-your-own, ad hoc and ultimately labor-intensive and produces significant manual processes and piles of documents. A more economical approach focuses on software designed to manage these complex and diverse needs. The former approach is prone to failure because of the mountains of documents and scattered information where things slip through the cracks. The latter approach that leverages technology enables compliance processes to be:
- Efficient: Compliance technology lowers cost, reduces redundancy and improves human capital efficiencies by delivering accountability and reporting that is burdensome in manual and document centric approaches.
- Effective: Compliance technology delivers consistent and accurate information about the state of compliance initiatives, to assess exposure. Information is more accurate, current and readily available.
- Agile: Compliance technology improves decision-making and business performance through increased insight and business intelligence so the business can achieve objectives while avoiding loss.
Technology facilitates organizations to manage and monitor compliance by enabling and automating activities, information, processes and reporting. DoubleCheck Software provides the components of technology to manage risk in the era of the corporate bounty hunter. These are:
- Compliance risk identification, assessment and control: Organizations need to understand where they are exposed to risk of non-compliance and implement the appropriate controls to mitigate and monitor risk. Technology allows for the ongoing assessment of the risk and control environment through assessments and reporting so the organization knows where it exposed.
- Policy management and communication: The foundation of protecting the organization from wrongdoing that could be reported to the government is established in strong policies that are adhered to in the organization. Technology enables a policy management platform to create, approve, communicate, manage, and maintain corporate policies and procedures. This includes the ability to publish policies, track communication and training, attestation, and test understanding of policies.
- Investigations and issue management: Bad things happen to the best of organizations. It is important that the organization leverages technology to capture issues and complaints and then investigate them. Technology enables the management of investigations, issues, incidents, events, or cases by providing a platform for accountability, workflow, documentation, and task management. The organization should leverage technology for internal issue reporting to capture and respond to incidents before an employee goes to the government.
- Benchmarking, metrics, and dashboarding: Accountability is central to a strong compliance program aimed at mitigating the risk in the era of the corporate bounty hunter. Accountability on risk, controls, policies, issues, and investigations needs to be clearly tracked. Technology allows for the establishment of compliance metrics to be monitored and overall trending of compliance indicators over time.
- Due diligence: The organization needs to ensure that it is doing business with ethical entities. This includes its own employees as well as its business and vendor relationships. Technology enables an organization to manage the documentation and workflow of the due diligence process to ensure that proper background checks are in place. It also enables the ability to communicate surveys, assessments, and policies to individuals across the business and its relationships to ensure that everyone knows what is right and wrong.
- Compliance forms and processes: Compliance forms can be utilized to request approval to proceed on a certain course of action, to seek approval in areas that need to be tracked as they could land the organization in hot water, or simply provide information about actions being taken. Technology enables the automation and management of forms that would be encumbered in paper trails otherwise. A central repository of requests, approvals and denials provide both an audit trail and reporting system, and configurations to define escalation policies, conditional logic, and workflow allow for efficient monitoring and compliance reporting.
The best defense to the era of compliance with the corporate bounty hunter is an active offense. Organizations must be prepared to show they have a strong compliance program in place to mitigate or avoid compliance issues. In today’s complex business environment, incidents do happen — the organization defends itself by demonstrating it has implemented appropriate compliance measures. Preventive measures must work alongside detective measures to monitor compliance, and the organization must respond quickly and efficiently. DoubleCheck Software is here to enable your organization to protect itself in the era of the corporate bounty hunter.