Essential Elements of an Effective Compliance Program
Oversight
- Board of Trustees Ethics & Compliance Subcommittee
- Designated Compliance Officer with daily responsibility
- Compliance Officer has adequate funding, resources and authority
- Compliance Officer access to the Board; annual reports
- Regularly scheduled Compliance Committee Meetings
- Leadership candidates vetted to assure no ethical misconduct
Policies and Procedures
- Code of Conduct is centerpiece of compliance program
- Policy Library accessible by all employees
- Standardized policy review process
Education and Training
- Employees review & sign Code of Conduct in orientation / annually
- Annual Ethics & Compliance training (employees, trustees, contractors & agents)
- Targeted training of specific high risk issues
- Remedial training assignments
- Assignment tracking; 100% courses completed timely
- Communication of new policies or regulations
Open Lines of Communication
- Employees are educated on how to report potential compliance issues: Publicized, accessible hotline; offering confidentiality and anonymity
- Encouragement to report to immediate supervisor
- Employees encouraged to prospectively consult with legal/risk/compliance
- Complainants are briefed on how to receive updates on investigations
- Promotion of the Non-Retaliation Policy
- Exit interviews with departing employees
- Encouragement to report potential compliance issues & near misses
Enforcement and Discipline
- Compliance requirements are well-publicized
- Fair and consistent across the organization
- Incentives for promotion of a transparent, ethical, compliant culture
Auditing and Monitoring
- Concurrent & retrospective
- Below-target results reported to Compliance Committee
- Below-target results followed-up with
Corrective Action Plan - Employee Engagement Surveys include compliance, ethics & safety concerns
- Auditing & Monitoring plan driven by Risk Assessment results
Response and Prevention
- Potential compliance issues are investigated, documented and resolved
- Subject matter experts are consulted
- Root Cause Analysis (RCA) drives the Corrective Action Plan (CAP)
- CAP designed to reduce/eliminate repeat incidents
- Findings are appropriately reported to regulatory agencies
- New hires are vetted via background screening, OIG/GSA exclusion list, etc.
Risk Assessment
- Targeted assessments conducted in response to specific risks
- Broad, all-encompassing assessments performed every 1-3 years
- Steps taken to modify the program in response to repeat violations