This is a guest post written by Ramsey Kazem, East Coast Vice President at Spark Compliance Consulting.
Somewhere in the world, it happens every day. There is a catastrophe, and the managers call Compliance in a furious state. As they explain a situation having nothing to do with compliance’s remit, they yell, “Why didn’t you stop this?!? Isn’t compliance your job!?”
Yes, compliance is the job of the compliance department. But question number one always needs to be compliance with what, exactly? If everyone is not clear about the remit of the compliance department, chaos can ensue, with management assuming that compliance with all laws and regulations is the responsibility of the compliance function. How do we avoid this? By spelling out the responsibilities and duties of the compliance function in a Compliance Program Charter. A Compliance Program Charter is a foundational document that defines the program’s scope, purpose, and responsibilities.
Compliance Charter: Setting the Compliance Program Up for Success
The importance of a Compliance Program Charter should not be understated. It serves as an effective tool that articulates to the company what the Compliance Program is and, more importantly in some cases, what it is not. This clarity of purpose sets the Compliance Program up for success for three reasons. First, a Compliance Program Charter defines the program’s purpose, objectives, and lays out the responsibilities for the compliance team in designing and implementing the program. The Charter defines when the compliance team is expected to lead, when they should collaborate, and when they should support other functions.
Second, a Compliance Program Charter ensures that the Board of Directors, Senior Leadership, and other functional areas within the company are on the same page regarding the scope and responsibilities of the Compliance Program. Too often the lines of responsibility for the Compliance Program are undefined or blurred. This leads to confusion and misunderstanding as to which risk areas are managed by the compliance function and where resources should be deployed.
Moreover, in the absence of a Charter, others in the company may view compliance as the default function for all things that look and feel like compliance. This is a recipe for disaster as compliance will be saddled with issues and risk areas it is ill-equipped to manage. A Compliance Program Charter safeguards against this outcome as it forces a meeting of the minds between leadership, compliance, and/or other functions as to where the Compliance Program begins and ends.
Third, a Compliance Program Charter defines the authority with which the Compliance Program and team are empowered. This is essential to the success of the program as the compliance function needs authority to meet its responsibilities. Moreover, defined authority protects the Compliance Program from other functions with an interest in issues and processes for which compliance is accountable.
Key Elements of a Compliance Program Charter
As with most things in compliance, there is no one-size-fits-all solution for creating a Compliance Program Charter. However, the following are some key elements a Compliance Charter should address:
Company Commitment to Compliance. The Compliance Program Charter should include a statement articulating the Company’s commitment to compliance and ethical business conduct.
Mission and Objectives. One of the more critical elements of the Compliance Program Charter is a discussion of its mission and objectives. For example, the company should explain how the Compliance Program will further its commitment to compliance, support the company’s values, and improve the company culture.
The Charter should also articulate the specific objectives the program is tasked to achieve. In so doing, the Charter should clearly define the responsibilities and authority of the compliance function.
Identification of Risk Areas. The Charter should clearly define the scope of the program by identifying the specific risk areas for which it is responsible. This should include both regulatory risks (e.g., bribery and corruption, data privacy, trade sanctions, etc.) and non-regulatory risks (e.g., third-party due diligence, internal reporting and investigations, etc.) Notably, it is not uncommon for compliance to have shared responsibilities over risk areas or working relationships with other functions to leverage resources or meet common goals. In such instances, the Charter must articulate these nuances by noting when a responsibility is shared with, in support of, or in collaboration with other functions.
Program Structure. Another key element of a Compliance Program Charter is defining the program structure. The Charter should identify the leadership team responsible for the day-to-day management of the program. For each position within the team, the Charter should include a summary of its respective responsibilities and, where necessary, reporting lines (within the team).
Team Membership and Meetings. The Compliance Program Charter should also identify the members of the Compliance team. Instead of identifying the members by name, a best practice is to refer to the team member’s role/function within the department. The Charter should also allow for the appointment of temporary members when specialized skills or expertise are required for discrete tasks, projects, or team objectives. Lastly, the Charter should establish a cadence for team meetings.
Reporting. The Compliance Program Charter should confirm the role, stature, and independence of the Compliance Program within the company by defining clear reporting lines. The compliance function should have a direct reporting line to the Board of Directors (or a designated committee thereof) and Senior Leadership. The Charter should also establish the cadence for these reporting responsibilities and define the topics and content to be included in the report to each audience.
After creating a Compliance Program Charter, it is important to regularly review and update it as the program’s role and responsibilities change. In addition, the initial Charter and all subsequent updates should be review and approved by
Senior Leadership and the Board of Directors.
While often overlooked, creating a Compliance Program Charter is a critical ingredient to the overall success of a Compliance Program. The document defines the program’s scope, purpose, and responsibilities and ensures a common understanding throughout the company of where the Compliance Program begins and ends. Moreover, a Compliance Program Charter ensures the compliance function’s responsibility aligns with its authority.