Firstly, a Compliance programme needs to respond to the needs of the company and to be efficient.
Practically, it has to anticipate all the risks the company is facing in order to prevent those risks from affecting the company. Only such a Compliance programme can be efficient.
For a programme to be efficient it needs to contain, at least, the following elements:
- RISK MAP: the activity and the structure of the company needs to be thoroughly analysed. Using this analysis a scale of risks is established from the most probably risk to the least probable one;
- The establishing of the protocol and the decision-making procedures: a form needs to be well structured allowing a member of the company to take decisions and to force third parts. The better structured the decision-making system is, the more difficult it is for a member of the company to break the law;
- The Compliance Officer needs to have access to financial resources which would guarantee his INDEPENDENCE;
- WHISTLEBLOWER (a complaints platform) that needs to be completely confidential but not anonymous;
- DISCIPLINARY SYSTEM: everybody who does not respect the company’s code of conduct, needs to be sanctioned;
- Checking, modifying and updating the model periodically: the code needs periodical checking and updating to the needs of the company;
- The administration of the company needs to appoint a surveillance individual (i.e. Compliance Officer) with AUTOMONOUS powers of initiative and control;
- When the law is broken by a member of the company, the company needs to alert the authorities, to auto-denounce the problem and it needs to colaborate with the authorities.
- Periodically, personnel training sessions need to be organised to raise awareness about its Compliance model, the obligations, responsibilities, the complaints platform etc. Moreover, this training should be given to all suppliers and colaborators of the company.
In a future article, I will analyse and describe in turn each element of a Compliance programme.