A good compliance program is a must, regardless of whether a company does business locally, nationally or internationally. After all, a strong compliance program can keep a company out of trouble and, if it does get in trouble, a demonstrated commitment to compliance can translate into lower fines, deferred prosecution agreements (DPAs) or even non-prosecution agreements (NPAs).

But it’s not enough just to have a compliance program in place. Compliance means more than simply following the rules. It’s important to understand and follow the rules consistently and for the right reasons and to be able to show that you do.

Rules are certainly part of compliance, but the most effective compliance and ethics programs are embedded in a company’s culture, says Rebecca Walker, partner in the law firm Kaplan & Walker LLP. When ethics and values permeate the entire company from the very top, everyone understands their importance.

But creating and maintaining an effective ethics and compliance program requires an understanding of the elements that need to be in place for it to work. “An effective program will have independence, authority, reach and appropriate focus on ethics or values as well as compliance,” says Walker.

Independence

“It’s important to have independence from the business because that’s really the main entity that you’re seeking to ensure compliance from,” says Walker. But she also stresses that compliance must have independence from other functions as well.

“A compliance department needs to be able to communicate and review and investigate. So you want to be able to do that independently of the other functions in the business,” she says. “And having access to the board is very important for ensuring the appropriate level of independence. Being able to get to the board with issues and concerns creates independence and is necessary.”

Authority

A compliance department needs authority to implement a compliance program, but also to get cooperation for supporting activities. “You need to be able to make everyone take the training and get the communications out that need to go out,” says Walker.

Compliance officers also need the authority to ensure that audits are done on the appropriate businesses and need to be able to access documents and people to conduct interviews during an investigation, she says. “That requires a certain level of authority within the organization.”

Reach

An effective compliance department needs reach in order to have access to all of a company’s businesses, functions and geographically diverse elements, explains Walker. These could include parties both inside the organization and outside parties, agents or suppliers.

And of course, reach requires a certain level of resources, she adds, in order to carry out the compliance functions across an entire organization, which may have branches and subsidiaries spread across different cities and countries.

Focus on values

“It’s important for an effective program that there be a focus not just on the letter of the law, but also on ethics and values because that’s what creates the culture that’s necessary for a compliant organization,” says Walker. “Having a workplace where employees feel comfortable asking questions and raising concerns is one of the most important environmental factors with respect to ethics and compliance programs. To get that, you need to have the focus on culture and ethics, beyond just compliance. There has to be a real desire to things appropriately and ethically.”