7 Keys to a Successful Compliance Management Strategy

Many companies are so focused on developing products and running their business that they ignore the growing need for a compliance management strategy.

According to the Verizon 2012 Data Breach Investigation Report, 92% of data breaches were discovered by third parties. This statistic tells me that most businesses only focus on compliance management when customers or partners tell them about a breach that has already occurred, or even worse, they see themselves on the news. By that time, however, it is already too late.

According to the same report, 97% of those attacks were easily avoidable. But if you’ve ever had to prepare for a compliance inspection, you know how easily it turns into a frantic scramble. So let me repeat: 97% of those attacks were easily avoidable. It’s not rocket science, it’s just sound business. Compliance directives encourage companies to act responsibly towards their customers, employees and business partners; to consider their environment and shareholders.

Consequences of a Compliance Violation

Remember the reason your customers, business partners and employees hand over their personal information and/or confidential business data to your organization. It’s because they trust you.

If their data is stolen because you don’t have the proper security measurements in place, then it’s you who must face the potential consequences. These consequences include hefty fines and penalties. And don’t forget the legal costs, the loss of reputation and the loss of your stakeholders’ trust and loyalty. Ultimately, you may face the possibility of losing your business. So, while the upfront costs of compliance might seem too much for your business at first, consider the ultimate costs if you don’t comply.

Requirements of an Effective Compliance Program

There are a number of compliance and legal issues of which you need to be aware (e.g, Foreign Trade Act, Payment Card Industry Data Security Standard (PCI DSS), SOX, Data Privacy, IT Compliance, Competition Protection Act, etc.). Although it appears to require a lot of work to create an effective compliance program, it doesn’t cost a fortune. You just need to keep the following seven points in mind as you build your compliance strategy.

1. Establish a tone from the top that supports compliance. Management participation is a crucial aspect of a compliance program. A strong commitment from upper management is necessary for your organization to effectively develop and implement a working compliance program.

2. Evaluate compliance directives and risks based on the products, services, markets and countries with which you organization interacts. Before starting a program, it is necessary to conduct a compliance risk inventory and assessment. This way, you can examine the risks your business could potentially face. Ask yourself questions like, “What troubles hit other companies in my industry?”  “Where did my company almost fail?”

3. Study industry standards. Examine best practices as well as public comments and discussions about the compliance directives and risks you have already identified. You don’t have to start from scratch because most compliance directives are widely discussed and are available to the public.

4. Authorize external sources like consultants, lawyers, regulators, insurance companies or service providers. Use external sources like those just mentioned as a resource for guidance and for answering compliance questions. You can also use them for transferring the risk or part of the responsibility to a third party.

5. Train employees. Compliance training is essential not only to maximize employee compliance with laws and rules but to also minimize the risk of fines, litigation and adverse publicity due to non-compliance.

6. Involve compliance staff (e.g. compliance manager, security officers, data protection officers and legal) in the development process of new products and services to fully address the risks associated with these products and offerings.

7. Ensure the effectiveness of the program. Support an effective compliance audit function that identifies new or changing compliance issues. The audit should have the frequency and intensity commensurate with the organization’s complexity and size.

Keystone: By acting diligently and creating complete transparency within your organization or business, you invariably discover and resolve many hidden risks, saving you and your organization from easily avoidable losses.

Daniela Hagen is the compliance director at cleverbridge.

Partner Content

Hincapie Sportswear Finds Omnichannel Success in the Cloud - Netsuite
For more and more companies, a cloud-based unified data solution is the way to make this happen. Custom cycling apparel maker Hincapie Sportswear has leveraged this capability to gain greater visibility into revenue streams, turning opportunities into sales more quickly while gaining overall operating efficiency. Download this ecommerce special report from Multichannel Merchant to more.
The Gift of Wow: Preparing your store for the holiday season - Netsuite
Being prepared for the holiday rush used to mean stocking shelves and making sure your associates were ready for the long hours. But the digital revolution has changed everything, most importantly, customer expectations. Retailers with a physical store presence should be asking themselves—what am I doing to wow the customer?
3 Critical Components to Achieving the Perfect Order - NetSuite
Explore the 3 critical components to delivering the perfect order.
Streamlining Unified Commerce Complexity - NetSuite
Explore how consolidating multiple systems through a cloud-based commerce platform provides a seamless experience for both you, and your customer.