7 Elements Of A Legally Effective Compliance Program

An effective compliance program has never been more crucial to a company’s success and management of risk.  Compliance programs, comprised of internal policies and procedures created in order to meet standards set by laws and regulations and to assure that a company is following the rules, were once thought to be somewhat of a “low priority” aspect of business (Priority #1: making money, of course). 

However, with increased regulations in various industries leading to greater exposure to lawsuits and government investigations, today it is imperative that a company have an appropriate compliance program in place, and that that program be legally effective, properly implemented, and consistently enforced internally.  

Compliance needs vary by company, and there is rarely a one-size-fits-all solution.  However, 7 key elements exist in virtually all legally effective compliance programs: 

1. Policies & Procedures

It is important to establish written policies, procedures and controls that set out the rules of the road, but your company must also demonstrate that the program is more than just a “paper policy.” In other words, the company must show that it actually practices what it preaches.  A Code of Conduct/Ethics is essential and should clearly describe to employees what is and what is not acceptable behavior.  This is particularly important for companies in certain industries.  For example, for companies involved in government contracting, the Federal Acquisition Regulations legally mandate that contractors involved with more substantial federal contracts establish and maintain a code of business ethics and conduct. 


2. Chief Compliance Officer/Compliance Committee 

Your company should designate a high-ranking Compliance Officer with authority and resources to manage the compliance program on a day-to-day basis.  This person (or group of people/committee) must have direct lines of access to executives and the Board of Directors (if applicable).  This is often someone with legal experience and may work closely with Human Resources professionals.  The work of your Compliance Officer can be supported and supplemented by a Compliance Committee or working group convened to oversee the implementation and management of the program.


3. Education & Training 

Properly training officers, outside directors, employees and business partners regarding the relevant laws, regulations, corporate policies and prohibited conduct is important to ensure everyone is aware and understands the rules. The U.S. Department of Justice has stated its expectations on effectiveness of training is measured by: who the company trains, how the training is conducted, and how often training occurs.  Note that live, in-person training is always preferable

4. Reporting

Every company must have a mechanism in place to capture and store a variety of reportable events or incidents, and channel those concerns to the Compliance Officer/Compliance Committee for handling.  It is important for the reporting employee to have the option to remain anonymous.  This can be offered in a variety of ways, often by engaging a third-party vendor.  Secure, confidential, and timely handling is what is important here. 

5. Monitoring & Auditing 

Perform periodic reviews of the company’s compliance risk and the compliance program, and react quickly to fix any issues.  It is also valuable to perform regular auditing to target specific business components, regions, or market sectors during a particular timeframe in order to uncover and/or evaluate certain risks.

6. Enforcement

All members of the company, from the CEO to interns, must acknowledge and support the compliance program and the standards should be applied uniformly to everyone.  Active commitment to the program is key to ensuring consistent and proper enforcement.  

7. Responding To Issues

Promptly responding and investigating into reported issues is what makes a compliance program effective.  It is not enough to gather information and identify compliance problems through monitoring and auditing if the company isn’t going to actually follow through and fix the problems as they arise. 

In addition to these 7 key elements of a compliance program, there are many other things to consider when creating a compliance program to fit your company.  Business structure, industry, size, and culture are just a few factors that may shape a suitable program for a particular company. 

Understanding how this affects the small business economy is part of our job here at Santomassimo Davis LLP, as we primarily focus in providing expert Outside General Counsel for a variety of law firms and legal issues related to Corporate and Business Law  in New Jersey, New York and Pennsylvania.

Thanks for reading our latest blog talking about topical legal issues facing small businesses. Learn more from our Outside General Counsel Blogs.

© 2022 Santomassimo Davis LLP. All Rights Reserved.