Building an effective compliance program goes beyond having a compliance manual or code of ethics, although these are obviously vital components. An effective compliance program is best thought of as a process. Circular in nature, it has a distinct beginning, but no end. Each time through the cycle, imperfections are uncovered, compliance risks exposed, policies and procedures revised and your company becomes that much closer to compliance perfection (illusive though that may be).
The process of building an effective compliance program is straightforward:
Step 1: Assess your company’s compliance risks.
Step 2: Develop policies and procedures to mitigate those risks.
Step 3: Determine the adequacy and effectiveness of your policies and procedures.
Step 4: Update your risk assessment to account for all newly exposed risks.
Step 5: Revise your policies and procedures to mitigate these new risks.
Step 6: Repeat. Repeat. Repeat.