The Network GRC Blog

Delivering a Five-Star Compliance Policy Program

March 01 2013

by Clark Bosley, EVP of Global Sales & Business Development, The Network, Inc.

Delivering a Five-Star Compliance Policy Program

Corporate compliance policies – in form and function – can be a source of consistent, correct employee behavior, and help set the guidelines that your organization must follow to be successful. While that’s a given, it isn’t always an easy task. Yesterday I had the privilege of hosting an event and moderating a panel of compliance executives on that very topic. Leading the discussion was Lisa Hill, the former business leader in charge of corporate policies at Visa, who presented some insights on the essentials of a five-star compliance policy program.

According to Lisa (who is now the principle of her own firm, Policyscape Consulting), meta-policy (that is, a policy that defines all your compliance policies in purpose and principle) remains one of the highest priorities for organizations wishing to implement an enterprise-wide policy program. When it comes to meta-policies and policy lifecycle, one thing often overlooked is the need to “inspect what you expect” and maintain a diligent attitude to changes in your business environment that should be reflected in your policies.

The discussion among these leaders carried a number of common themes. They face challenges in making their policies readily accessible and making sure the right people can get to the right policy when they need to, especially hourly employees who aren’t always afforded the time needed to be trained on policies. And it’s often difficult to deliver policies and training in the places (especially in global organizations) that need it most. On the positive side, a good dose of tone at the top has lead to a greater emphasis on training and the view that training is an important part of the business.

There are other pain points as well, like the time-consuming and expensive exercise involved with regulatory change management and how multiculturalism impacts the distribution of policies and training. A social media policy presents its own set of challenges and pushes hard on existing boundaries. Constantly changing technology mandates that social media policies should be reviewed every six months.

Everyone agreed that a strong and relevant Code of Conduct is an essential part of an effective compliance policy plan. Also, middle management (the “message-from-the-middle”) must deliver clear, concise, consistent communication to the troops to simplify the way compliance policies are implemented.

Across the board, communication and training are what set the wheels in motion to a better ethical culture and an organization that stays in compliance, and these compliance leaders are beginning to see tremendous benefits from applying technology to help with integration, visibility, global reach and availability of their policies.