Compliance and Ethics Management are entering our organizations more and more, whether we like it or not. Consequently, many companies have appointed compliance officers, in addition to the Data Protection Officer (DPO) that the Philippine Data Privacy Act through the Philippine Privacy Commission (NPC) requires companies to appoint.
At some point in their career, every compliance officer/DPOs will have to scout for new compliance technology. A modern compliance program has many different moving parts, meaning that it is crucial that you find technological solutions that can adapt to the complexity of your program. However, this is more easily said than done.
The six components of buying compliance technology
The guide addresses six critical components of a compliance program and explains what to look for in order to automate aspects of these functions:
- Code of Conduct and Policy Management;
- Risk Assessment;
- Training Program;
- Case Management;
- Gifts and Entertainment; and
- Third Party Due Diligence.
Code of Conduct and Policy Management
Many companies already have a Code of Conduct in place, but a policy management tool can help to ensure the Code of Conduct isn’t misconstrued and that policies don’t contradict each other. Learn how the right tool can facilitate collecting employee signatures and automate notifications, relieving compliance officers of the annoying task of having to chase employees.
Risk assessment
A corporate compliance program must typically address a wide range of risks, including anticorruption, data privacy protection, cyber security, fair competition and money-laundering risks, among others. A good technological solution can greatly streamline risk management, allowing for customized questionnaires and presenting the results in an easy-to-understand dashboard.
Training
Training is a crucial part of any compliance program, as evidenced by the NPC’s emphasis on the topic when it evaluates programs. As such, it is important that the technological solution you choose is able to facilitate a strong training program, capable of offering relevant training to each employee based on their risk exposure.
Case management
Many laws and regulations now require companies to allow anonymous reporting of suspicious activity. A solid compliance program integrates whistle-blowing reporting into a larger system of case management. Compliance officers should be able to see all allegations and investigations, coming from any source across the whole enterprise, in one place.
Gifts and entertainment
Improper spending on gifts and entertainment (G&E) is a huge compliance risk. An effective program needs to monitor and detect G&E activity outside permitted norms. A good tool should track the money, or capture data from reimbursement forms filed afterward, and alert compliance officers of questionable payments.
Third-party due diligence
Due diligence is a core feature of any modern compliance program. Many of the tasks, such as screening companies and persons against watch-lists and negative media reports, are repetitive and tedious, making them excellent targets for automation. A good solution will be able to show you a “full picture profile” overview of each third party.
What to look for in compliance technology
Today, many compliance departments rely on multiple different vendors that do not integrate with each other, leaving compliance officers without a good overview of their efforts and losing track of critical data. Bearing this in mind, a well-integrated compliance software solution should empower compliance professionals and, ultimately, take your compliance program to the next level.
Given the fact that I have been active in Compliance Management for quite some time and having been exposed to compliance technology offered by quite a few companies around the world, I am glad to inform you that we can provide guidance in the selection process of effective and not too expensive automation software.
You can contact me at Schumacher@eitsc.com.