UK Training Industry Press Releases

A Practical Guide to Make Compliance Easy

Why is compliance so important now? Compliance is a fact of life for all companies, large or small, whether for voluntary reasons (i.e. to deliberately maintain compliance to quality standards as a means of competitive differentiation) or for mandatory reasons (such as government regulations).

There are risk-relevant laws and regulations for every industry, and all firms face potential fraud issues and other threats-especially those posed by doing business globally^[1].

This is where the Learning & Development Team comes in. They will conduct the relevant training for the entire company, as well as track and generate reports to find gaps (if any) and address them right away.

After 9/11, and the corporate meltdowns at Enron, WorldCom and Parmalat, governments the world over enacted new laws concerning corporate governance, financial reporting, data protection, terrorism prevention and consumer protection.^[2]

As a result, companies must devote increasing attention to navigating a shifting and increasingly complex compliance environment brought about by existing or emerging financial, environmental, personnel, privacy, safety or corporate governance regulations.

EVER-INCREASING POTENTIAL FINES

An egregious compliance oversight can be very expensive - failure to comply with specific

standards can potentially lead to loss of business, or civil and even criminal penalties.

For example, financial institutions violating economic sanctions programs under the U.S.A.‘s International Emergency Economic Powers Enhancement Act (IEEPEA) can find themselves liable for fines of US$250,000 for each offending transaction^[3]; while under the UK's Corporate Manslaughter and Corporate Homicide Act, an organization's failure to maintain compliance with health and safety legislation may lead to criminal penalties.^[4]

THE EFFECT OF GLOBALIZATION

As companies have stepped up their use of outsourcing, licensing and other special arrangements to extend their enterprises, they increase their risks of, among other things, contractual non-performance or noncompliance, deteriorating service levels in outsourcing arrangements, intellectual property violations, misreporting of revenues, and breaches of discount, rebate or warranty polices.^[5]

The growing networks of providers that underpin many products and services these days have served to raise pressure on core companies to ensure compliance with quality, testing and accountability standards-lest they want to risk costly recalls, government inquisitions, litigation or product lawsuits.^[6]

EXPLODING EXPENSES

Global firms need to be cognizant of potential vulnerability to local regulatory issues, in addition to increasingly aggressive global enforcement of corruption.

Given the complicated legal obligations, potentially onerous penalties for failure, enterprise risk implications and rising regulatory, shareholder and public expectations, the potential costs and benefits^[7] many boards of directors are now actively involved in defining governance goals and overseeing risk.^[8]

IT AND COMPLIANCE

Technology is often less effective at spotting real problems than human intelligence.^[9]

Human judgment, however, is not perfect and can be affected by biases^[10] - as well as a lack of proper knowledge.

This is why authors of compliance programs and guidelines place such strong emphasis on education. For instance, the Compliance Program Guidelines issued by the US Department of State^[11] specifically mandate, among other things, training^[12] and internal monitoring-things an LMS can handle very well.

LMS FOR COMPLIANCE CHECKLIST

When an organization decides to employ an LMS in a compliance role, it must first ascertain, among other things: what obligations the organization is subject to and what is needed to ensure compliance, what levels of risk can the organization handle, how the new LMS will conform to the organization's relevant information security, privacy and other related policies[13] and obtain some form of buy-in from top management.[14]

Here are 7 important considerations that you must have on your LMS for Compliance Checklist:

• Content is vital to the success of the system but what truly distinguishes good from outstanding compliance-related content is how the latter prompts learners to consider items or areas they may have otherwise overlooked.
• Accessibility goes beyond system access; it encompasses user friendliness and usability.
• Assessments - there must be some quality control and monitoring mechanisms in place to make sure the right individuals have both reviewed the necessary materials and attained appropriate understanding and mastery of the required knowledge.
• Flexibility - ability to quickly and painlessly add or update content is critical.
• Integration - the LMS must be able to play nicely with a host of other systems that may be necessary in the overall compliance program.
• Reporting - All LMSs support some level of reporting. However, the reporting requirements to meet compliance needs and regulations are very different and more stringent.
• Security is a critical but often overlooked aspect in the process of reviewing an LMS for compliance purposes.

Read the full version of this white paper at  www.netdimensions.com/wp-lmscompliance

, and get more details about these 7 must-have items on your checklist for an LMS-supported compliance program. The paper also includes further discussion around assessments and security, as well as a number of case studies.

^[1] Henry Ristuccia "Key Categories of Risk: Deconstruct the Landscape," http://www.deloitte.com/view/en_US/us/Insights/hot-topics/your-turn-risk/article/d0136eba1b4b6210VgnVCM200000bb42f00aRCRD.htm

^[2] Computer Associates White Paper, "Best Practices: Meeting Compliance Challenges," June 2005

^[3] The size of such potential sanctions is growing dramatically as well. Prior to the IEEPEA, the maximum statutory civil penalties had been the lesser of US$11,000, adjusted to US$50,000 in 2006, or the amount of the transaction at issue.

See: R. Richard Newcomb and David W. Mills, "New OFAC Economic Sanctions Enforcement Guidelines," http://www.dlapiper.com/new-ofac-economic-sanctions-enforcement-guidelines/

^[4] The Act provides that an organization is guilty of corporate manslaughter if an organizational or gross

management failing causes a person's death. See: Kevin Elliott, "Corporate Manslaughter Law: Practical Legal Advice on What You Should Do to Be Prepared for this Legislation," Employers' Law, December 13, 2007

^[5] Dave Zechnich and Chris Lee, "Contract risk and compliance for all economic seasons," Financial Executive Magazine, September 2009

^[6] This was a major issue behind Toyota's recent problems with sticky accelerator pedals on some of its cars. See for example: Joe Mckendrick, "Toyota's Pedal Troubles: Result of Too Much or Not Enough Lean Manufacturing?," www.smartplanet.com, February 1, 2010; Ann All, "Did Lean Manufacturing Contribute to Toyota Recall?," www.itbusinessedge.com, January 29, 2010

^[7] For example, under proposals put forth by the U.S. Sentencing Commission in 2010, corporations facing

criminal prosecution could face reduced penalties if they have corporate compliance programs designed to combat white collar crime. See: Gary Fields, "Plan Would Soften White-Collar Fines,", Wall Street Journal, January 29, 2010

^[8] "Bank Governance - Preparing for Greater Security and Oversight' February 10,2010, www.deloitte.com

^[9] Compliance and Integrity Risk: Getting M&A Pricing Right," www.deloitte.com, February 25, 2010

^[10] For a discussion on this point, see: Shelley Barrows, Vikram Mahidhar and Ajit Kambil, "Judgment Sustained,"http://www.deloitte.com/view/en_US/us/Insights/Browse-by-Content-Type/deloitte-review/article/96f4dd1e63ff5210VgnVCM100000ba42f00aRCRD.htm

^[11] Bureau of Political Military Affairs Directorate of Defense Trade Controls Office of Defense Trade Controls

Compliance, ‘Compliance Program Guidelines' http://www.pmddtc.state.gov/compliance/documents/compliance_programs.pdf

^[12] Explanation of company training program on U. S. export control laws and regulations and processes to ensure education, training, and provision of guidance to all employees involved in exports (including those in departments such as Traffic, Marketing, Contracts, Security, Legal, Public Relations, Engineering, Executive Office)"

[13] Henry Ristuccia "Key Categories of Risk: Deconstruct the Landscape," http://www.deloitte.com/view/en_US/us/Insights/hot-topics/your-turn-risk/article/d0136eba1b4b6210VgnVCM200000bb42f00aRCRD.htm

[14] See for example: "Compliance Program Guidelines," Bureau of Political Military Affairs Directorate of Defense Trade Controls Office of Defense Trade Controls Compliance, http://www.pmddtc.state.gov/compliance/documents/compliance_programs.pdf