How to Develop an Ethics & Compliance Program


The large-scale corporate scandals that have captured the nation’s imagination and headlines typically feature big-name companies, from Enron Corp. and Tyco International Ltd. to The Boeing Company and Arthur Andersen.

But in today’s skeptical marketplace, even small and mid-sized businesses must guard against the financial and ethical snares that trapped and, in some cases, destroyed these giants.

Have you heard of Park Plaza Medicine Clinic of Houston, L&H Administrators of Las Vegas or Integrated Health Services of Denver? Probably not, because these companies are now out of business because of compliance violations.

Many small and mid-sized firms argue that they don’t have the budget or staff to develop, implement and enforce full-scale ethics and compliance policies. This may be true. However, by following a few simple steps, even the smallest company can effectively create and communicate policies to ensure the integrity of its business and its employees.

To develop a solid compliance program, small businesses can follow a simple checklist.

1. Develop open lines of communication. For a compliance program to be effective, the most important element is that employees feel comfortable asking questions and reporting possible violations.

  • Establish an open-door policy for the compliance official or committee and the highest level of on-site management to receive employee reports.

  • Guarantee that there will be no retaliation against employees who make good-faith reports of misconduct.

  • Provide an anonymous suggestion box, which may induce some employees to report problems.

2. Identify the risks. Management must first ferret out risks that the company faces, so the right factors can be monitored, audited and evaluated. A wide range of potential risks should be considered, including:

  • Environmental risks (clean air and water, hazardous waste disposal, transportation of hazardous materials, etc.)

  • Health and safety

  • Money laundering, especially when involved with foreign entities

3. Establish standards and procedures. Some fundamental standards and procedures should be included in any organization’s compliance program. For example, every business should:

  • Adhere to a record retention policy.

  • Perform background screening of potential employees.

  • Develop forms to address recurring issues, so that incidents are recorded fully and consistently.

4. Designate a compliance official or committee. Every compliance program must be overseen by an individual or committee that has ultimate accountability. These duties might include:

  • Overseeing and monitoring the implementation of the compliance program.

  • Establishing methods to improve quality of service and reduce vulnerability to fraud and abuse.

  • Revising the compliance program periodically in light of changes in the company or the regulatory environment.

  • Training employees in compliance.

  • Ensuring the company does not do business with prohibited people.

  • Investigating allegations of impropriety and overseeing corrective action.

5. Conduct appropriate training and education. Every employee in the organization must receive both initial and periodic training to ensure they fully understand the company’s compliance policies.

  • When the program is first implemented, the highest level of management should address all employees to explain the purpose and substance of the program.

  • Periodic refresher meetings should be held to reinforce key points.

  • Written compliance materials should be kept in a place accessible to all employees.

  • Modifications and updates must be circulated in writing to all employees and explained in meetings.

  • The organization should have a bulletin board on which compliance updates are posted.

  • Sign-offs for attendance at meetings and for receipt of written updates should be required and maintained in the compliance manual.

6. Respond to detected offenses. When employees violate the company’s policies, action must be swift and decisive.

  • No report of a suspected violation can be ignored.

  • Each allegation must be fully investigated and documented. Investigations can be tailored to the level of the allegation.

  • Corrective action must be taken, and any corrective action must be documented and communicated to all employees.

  • If a violation calls for self-reporting to the government, the company must immediately refer the matter to legal counsel.

7. Enforce disciplinary standards through well-publicized guidelines. Don’t just tell employees about the policies. Provide a detailed explanation of the consequences for breaches in conduct.

  • Ensure that compliance officials, managers and employees are comfortable discussing ethical matters openly.

  • Clearly spell out sanctions in advance, ranging from a reprimand to probation, suspension or firing.

  • Outline when referrals to criminal justice agencies will be made.

  • Ensure the disciplinary system retains the flexibility to take into account both mitigating and aggravating circumstances.

  • Provide positive reinforcement as well as discipline.

  • Measure success for the company, as well as benefits for employees who follow the firm’s compliance policies.

The benefits of developing clear ethics and compliance policies are immeasurable. Managers can have peace of mind knowing that every employee has a detailed understanding of the impact of their actions on the business. Plus, the business will establish itself as a moral environment concerned about its impact on society. The company’s stakeholders, from employees to customers, will have a positive feeling about the firm and confidence in its operations.