Essential Elements of an Effective Compliance Program


  • Board of Trustees Ethics & Compliance Subcommittee
  • Designated Compliance Officer with daily responsibility
  • Compliance Officer has adequate funding, resources and authority
  • Compliance Officer access to the Board; annual reports
  • Regularly scheduled Compliance Committee Meetings
  • Leadership candidates vetted to assure no ethical misconduct

Policies and Procedures

  • Code of Conduct is centerpiece of compliance program
  • Policy Library accessible by all employees
  • Standardized policy review process

Education and Training

  • Employees review & sign Code of Conduct in orientation / annually
  • Annual Ethics & Compliance training (employees, trustees, contractors & agents)
  • Targeted training of specific high risk issues
  • Remedial training assignments
  • Assignment tracking; 100% courses completed timely
  • Communication of new policies or regulations

Open Lines of Communication

  • Employees are educated on how to report potential compliance issues: Publicized, accessible hotline; offering confidentiality and anonymity
  • Encouragement to report to immediate supervisor
  • Employees encouraged to prospectively consult with legal/risk/compliance
  • Complainants are briefed on how to receive updates on investigations
  • Promotion of the Non-Retaliation Policy 
  • Exit interviews with departing employees
  • Encouragement to report potential compliance issues & near misses

Enforcement and Discipline

  • Compliance requirements are well-publicized
  • Fair and consistent across the organization
  • Incentives for promotion of a transparent, ethical, compliant culture

Auditing and Monitoring

  • Concurrent & retrospective 
  • Below-target results reported to Compliance Committee
  • Below-target results followed-up with
    Corrective Action Plan
  • Employee Engagement Surveys include compliance, ethics & safety concerns
  • Auditing & Monitoring plan driven by Risk Assessment results

Response and Prevention

  • Potential compliance issues are investigated, documented and resolved
  • Subject matter experts are consulted
  • Root Cause Analysis (RCA) drives the Corrective Action Plan (CAP)
  • CAP designed to reduce/eliminate repeat incidents
  • Findings are appropriately reported to regulatory agencies
  • New hires are vetted via background screening, OIG/GSA exclusion list, etc.

Risk Assessment

  • Targeted assessments conducted in response to specific risks
  • Broad, all-encompassing assessments performed every 1-3 years
  • Steps taken to modify the program in response to repeat violations