Flawless Compliance

How to Build an Effective Compliance Strategy

Setting your compliance strategy is the most imporant thing you can do this year. Have you addressed it yet?

Wow, can you believe one month of the year has already come and gone? Didn’t that go by quick? So, my question is, have you addressed your compliance strategy yet this year? If not, it’s about time!

Strategy is one of the most important things you can do for your compliance program, but it’s often overlooked. Reason being, compliance always seems to be an after-thought in the organization—a follower. The astute compliance officer however, will recognize that effective strategic planning is the hallmark of a compliance program that’s proactive, and in control.

There’s a lot of confusion, even at the C-level, over exactly what strategy is. Let’s get that clear now.

Compliance strategy is the framework used to guide the decision making process for the entire program. Strategy is not planning, although it’s closely related. A good strategy is built by asking powerful questions. When your strategy is complete, you’ll be able to answer the following questions:

• What are the current economic trends, and what risks will they introduce? For instance, what new risks will this less-than-flourishing economy bring on the horizon?
• What are the current social trends, and what risks will they introduce? The baby boomers are getting older and retiring, while Generation Y is migrating into the workforce. What sort of risks will they bring with them?
• What are the current government trends, and what risks will they introduce? This is a somewhat obvious one, but what do you think the current administration will do with its continued focus on increased oversight and regulation? How will that affect your compliance efforts in the coming months?
• What are the current technological trends, and what risks will they introduce? The rapid popularity of social media is continuing to introduce new and improved privacy concerns. How do you think that will affect you in the coming year?
• Are we anticipating any changes in our supply chain, and are there any new risks associated with that? A new supplier might bring a new set of compliance standards to deal with. Have you considered this?
• Are we targeting any new customer segments, or perhaps large customers? Will those customers come with any risks?
• What is the corporate strategy, and what risks will it introduce? This is perhaps the most important question you need to ask yourself. Get intimate with your corporate strategy. Your job is to protect them for what they are not considering. Are they moving into government sales? If so, you have a lot of compliance ahead of you! Are they planning to leverage cloud computing? If so, what kinds of risks does that introduce?
  

Answering the right questions for your compliance program will put you in proactive mode, instead of reactive mode. Proactive compliance organizations are more resilient, have the opportunity to install preventive controls instead of adaptive or corrective controls, and significantly reduce the exposure for their parent organization. If you haven’t yet addressed your compliance strategy, take some time today to answer these questions. It’s not too late to start the year off on the right foot, with a good compliance strategy.