Posts

The Unintended Consequences Of ADA Compliance Laws

Introduced in 1990, the Americans with Disabilities Act (ADA) was created to legally protect disabled people from being discriminated against by businesses and organisations.

Since its launch, there have been many amendments to this legislation to ensure that it keeps up with the modern world and provides disabled people with as many rights as possible.

You’d think that these amendments were largely a positive thing, but for some people, they can have devastating consequences.

Though this act is all about making reasonable accommodations for disabled people to help them fully access society, many smaller businesses and those with premises based in older buildings are finding themselves facing an increasing amount of lawsuits and litigations.

These can cost companies tens and even hundreds of thousands of dollars to fight against, and this is without mentioning the potential costs to change things if they lose.

In reality, these costs are simply too much for old and small companies to keep up with. Even locally established businesses are coming under fire, and for some, the constant threat of litigations is too much.

One such company that have crumbled under the pressure of ADA compliance laws is Jason’s Café in Menlo Park, California.

A small business who had operated in the area for 11 years with a large proportion of regular and appreciative customers, the own was forced to close after three lawsuits were filed against him.

These lawsuits reflected on the building his café resided in, despite the fact that the building was built 40 or 50 years ago, before the ADA even existed.

The first lawsuit he received stated that the café’s parking lot wasn’t up to scratch as the painted lines and accompanying access aisles for the disabled parking spaces had faded, making it difficult for them to see. They also alleged that the door to the front of the building was too heavy for disabled people to open.

Before Jason Kwan, the owner, could arrange to remedy these changes, he was given another lawsuit. This one claimed that the bathroom door at the restaurant was too narrow for a wheelchair to get through, and even if a wheelchair user managed it, they would find it difficult to navigate the room in their chair.

Not only were the changes that Kwan felt he had no choice but to comply with extremely expensive for a small business, but he also had to account for the legal costs, which he was liable to pay. After a third lawsuit, he had to admit defeat and close his business for good.

When questioned about why he thinks ADA compliance lawsuits were made against his business, Kwan said that people target businesses in older buildings because it’s a guaranteed win, and easy money for the instigator.

Obviously the Americans with Disabilities Act has to primarily consider the rights of disabled people, but could they have gone too far and ended up unfairly penalising small businesses and those who work in older businesses?

To understand this, we need to look at the Americans with Disabilities Act and what it actually entails.

Essentially, to comply with the ADA, all establishments must provide reasonable accommodations to enable everyone to fully access an environment.

These reasonable accommodations often fall into measures like fitting ramps into the building for wheelchair users, or making sure that furniture is spaced out enough that a blind person can navigate said environment without difficulty.

Unfortunately, this legislation can also lead to people requesting that structural differences should be made to a building in order to accommodate disabled people, regardless of the cost this might cause a business.

This can involve inputting lifts, creating larger bathrooms—as was the request with Jason’s Café—or fitting larger doors to accommodate wheelchair users.

While it would be great for all companies to be able to make these changes, the truth is that it is simply not within the budget of most companies, who would struggle massively with such a large sum of money coming out at once.

As if this wasn’t bad enough, the ADA has also been amended in recent years to target online businesses.

The latest of these amendments was Title ||| in 2018, which Digital Authority Partners explains as something that was put into place to ensure that no digital property discriminates against people with disabilities.

Alongside other legislation protecting disabled people from being discriminated against online, this part of the ADA can be broken down into four different categories.

The first is perceivable, which is all about providing text alternatives for any non-text content, like images and videos. This is so that it can be changed into any format people may desire, including large print, braille, speech, symbols or simpler language.

The second category is operable, which is all about making sure that your website functions are all completely accessible from a keyboard as some disabled people are unable to use a computer mouse.

The third category is readable, which means that all your content should be clearly readable and understandable. This involves avoiding complex, jargon language and that a mechanism is made available for identifying specific definitions of unusual words or phrases.

The fourth and final category is compatibility, which is about maximising compatibility with current and future user agents, including assistive technologies.

If you want to read about these four categories and cover your back when it comes to being ADA compliant online, you can do so over on the dedicated website.

For those who don’t, you’re probably looking at what you’ve read and have been left wondering how anyone could be compliant when things are so complicated.

The truth is, so many companies aren’t compliant—and it’s not just smaller companies that are too blame.

Earlier this year, HealthcareWeekly reported that four big healthcare companies including WellPoint Inc and Tenet Healthcare have faced lawsuits due to a failure to abide by online ADA compliance laws.

If these large, corporate companies within a sector supposed to support large proportions of disabled people are struggling, how are smaller businesses expected to cope?

Is it fair that these smaller businesses are pushed to breaking point, with owners left with no choice but to close their services down, when ADA compliance laws have never seen so complicated—and expensive?

Personally, we don’t think so.

While we agree that every effort should be made to make sure that disabled people can access buildings and online websites as much as non-disabled people, we think there also needs to be a level of common sense to understand that larger, structural changes are not always possible.

Of course, every company should do what they can to make their services accessible, and they should absolutely be held responsible if they’re making no effort at all, but is it time that we give those who do try a break?

Let us know what you think and share your thoughts of the consequences of the ADA compliance laws below.

How Should Training A New Employee Look Like

When a new employee is hired, the company has to decide how to train them. There are different ways to do this, and the way that is chosen will depend on the company’s needs and the employee’s abilities.

HIPAA Training

When it comes to training a new employee, one of the most important things to remember is HIPAA Training. HIPAA, or the Health Insurance Portability and Accountability Act, is a federal law that sets standards for the privacy and security of electronic health information.

All employees who have access to patient information must receive HIPAA training. Employees who work in billing, coding, customer service, insurance verification, and any other position that may come into contact with patient information, need to receive training in compliance with HIPAA rules and standards. Protecting the welfare of patients and combating fraud are the main thrusts of HIPAA that these employees must uphold.

With that in mind, the HIPAA training must cover the following topics:

  • What is HIPAA?
  • The Privacy Rule
  • The Security Rule
  • How to protect patient information
  • What to do if you suspect a breach has occurred

The HIPAA training must also be updated regularly to reflect any changes to the law.

State Laws

In addition to HIPAA, there may be state laws that apply to your business. State laws vary, but may include requirements for:

  • Training specific to the type of business
  • Training on particular topics, such as sexual harassment or workplace violence
  • Refresher training at certain intervals
  • Training for managers and supervisors

It is important to research the state laws that apply to your business and make sure that all employees are appropriately trained.

OSHA Training

Employees who work in certain industries may also need to receive OSHA training. OSHA, or the Occupational Safety and Health Administration, is a federal agency that sets safety standards for workplaces.

OSHA training may be required for employees in industries such as construction, manufacturing, and healthcare.

The OSHA training must cover the following topics:

  • The hazards of the job
  • How to protect themselves from those hazards
  • What to do if they are injured on the job

It is important to research the OSHA standards that apply to your business and make sure that all employees are appropriately trained.

On-the-job Training

The most common way to train a new employee is through on-the-job training. This type of training takes place while the new employee is working alongside an experienced employee. Oftentimes, this is the most effective way to train someone because they can learn from their mistakes and get more hands-on experience.

On-the-job training is more expensive for employers, but it can be more beneficial for employees. The employer has the opportunity to observe the employee’s work habits and performance. On-the-job training also allows the employer to train the employee in specific job duties.

When providing on-the-job training, employers should keep the following things in mind: 

  • The employee must be able to perform productive work.
  • The employee must be trained in specific job duties.
  • The employer must comply with the FLSA.
  • The employer should consider the amount of training required and the hours spent in training when determining an employee’s pay rate.

Off-the-job Training

Employers are not required to offer on-the-job training to new employees. However, if they choose to do so, the employer must comply with the Fair Labour Standards Act (FLSA). The FLSA requires that employees be paid for their time. The amount of training required and the hours spent in training are factors that should be considered when determining an employee’s pay rate.

Many employers provide off-the-job training. Off-the-job training is a great way for employers to train new employees. It is less expensive than on-the-job training, and it can be tailored to meet the needs of the business. Off-the-job training can include classes, seminars, or self-study materials.

Classroom Training

Another option for training a new employee is through classroom training. This type of training generally takes place in a formal setting, such as a conference room or lecture hall. The new employee will attend lectures and complete exercises that will help them learn the necessary skills for the job.

Online Training

When it comes to employee training, there are a variety of options available to employers. One option is online training, which provides a variety of learning experiences, from interactive videos to simulations. Online training also allows employers to track employee progress and provide feedback. With this type of training, the new employee will complete modules and exercises online, usually at their own pace. This type of training is often used for employees who need to learn specific software or processes.

Leadership Training

One of the most important aspects of training a new employee is leadership training. This type of training helps prepare employees for their new role within the company and teaches them how to be a leader, even if they are not in a management position. Leadership training can cover topics such as communication, problem-solving, and decision-making. It can also help employees learn how to motivate and manage a team.

Compliance Training

Another key part of employee training is compliance training. This type of training ensures that employees are aware of the company’s policies and procedures and understand their obligations under the law. Compliance training may cover topics such as anti-money laundering, data protection, and health and safety. It is important that all employees receive compliance training, not just those who work in specific areas of the business.

Product and System Training

In order to do their job effectively, new employees need to be trained on the company’s products and systems. This type of training can include instruction on how to use the company’s software, how to process orders, or how to handle customer queries. It is important that new employees are given enough time to learn about the company’s products and systems so that they can hit the ground running when they start work.

Orientation

For new employees, orientation is a key part of the onboarding process. The goal of orientation is to get the new employee up to speed on company policies and procedures, as well as their specific job duties. This orientation should include information about the company, its history, products, services, policies, and procedures. Orientation should also include training on safety and emergency procedures. Orientation should also include information on benefits and how to access them. It’s important to remember that orientation should be tailored to the individual employee – not everyone needs the same information.

Supervision

Employees need to be supervised in order to ensure they are following company policies and procedures, as well as performing their job duties correctly. Supervision can also help identify areas where additional training may be needed. Supervisors should provide feedback to employees, both positive and negative, in a constructive way. This can help employees improve their performance over time.

When it comes to training a new employee, it is important to remember that there are many different laws and regulations that may apply. Employees in certain industries may need to receive specific training on topics such as HIPAA, OSHA, or state law. Training a new employee can be a difficult task, but it is important for the company and the employee. It is imperative to research the requirements and make sure that all employees receive the appropriate training.

5 Effective Ways of Handling Compliance for Fintech Companies in 2022

The fintech industry is evolving at an astounding rate. The need for fintech firms to adapt is drastically increasing, as are the number of complications that firms face when trying to stay compliant. A lack of proper compliance can be detrimental to the success of a fintech firm.

Just like any other industry, fintech firms have to comply with certain rules and standards that govern their behaviour. However, the fintech industry is constantly evolving and adapting, thus making compliance a daunting task.

There are, however, certain ways through which fintech firms can mitigate their compliance risk before it becomes a problem. This article will outline the five most effective ways of managing compliance for fintech companies.

Create a compliance plan

Creating a compliance plan will help a fintech firm identify and address potential problem areas. Through a compliance plan, a fintech firm will define what its compliance strategy will be and which policies and procedures need to be upheld in order to stay compliant.

The plan will also identify potential areas that could be problematic and ways through which the fintech firm can mitigate those risks.

A compliance plan should, at a minimum, include business objectives, risk tolerance, policies such as email retention policy, code of ethics, and investigatory and reporting procedures. The plan should also include an overview of regulatory requirements that might affect a fintech firm, as well as cybersecurity requirements.

Coordinate with existing regulatory bodies

Fintech firms should coordinate with other regulatory bodies. Doing so allows fintech firms a better understanding of the rules and regulations that are applicable to them and helps fintech firms anticipate any possible issues before they arise.

The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are some of the main regulatory bodies that regulate fintech firms in the UK. Fintech firms in the US coordinate with the Financial Industry Regulatory Authority (FINRA), Consumer Financial Protection Bureau (CFPB), Securities and Exchange Commission (SEC), and others.

Coordinating with regulators allows fintech firms to:

  • Demonstrate a sense of responsibility
  • Gain a deeper understanding of the rules and regulations
  • Receive guidance on what regulators expect of them
  • Receive an update on regulatory changes
  • Allow regulators to better understand what fintech firms do
  • Ensure compliance with regulations and mitigate risks

Identify potential compliance risks

Identifying and preparing for potential regulatory risks is one of the most effective ways of managing compliance.

Risk management helps fintech firms identify and address potential risks. These risks can be related to reputation, regulations, or technology.

Reputational risks are a risk that an organisation’s reputation could be harmed by the actions of its employees, management, or third parties. Technology risks are risks that arise from the use of technology.

Risks can be also related to regulation. Regulatory risks are risks that arise from failure to comply with laws, regulations, license requirements, or codes of conduct.

Use technology to mitigate the risks

Technology has made it easier for fintech firms to stay compliant. With the help of technology, fintech firms can automate various processes, which will not only mitigate the risks of non-compliance but also help fintech firms reduce costs.

For example, automating processes such as data archiving (with the help of a third-party service provider) will free up a lot of time for the fintech firm’s employees, which would, in turn, allow them to focus on more strategic and revenue-generating activities. Not only can automation help save valuable time, but it also mitigates the risk of human errors related to data retention policies and eDiscovery requests.

Technology can also help detect errors or anomalies in the data. Fintech firms are data-driven organisations, and any discrepancies or irregularities in the data can adversely impact the business. Therefore, using data validation tools can help a fintech firm mitigate the risks.

Educate employees

Besides implementing the right technology, fintech firms should ensure that their employees have the necessary knowledge, training, and access to technology. This can be done by creating a compliance manual, which outlines the firm’s compliance policy and procedures.

A fintech firm can also train its employees on topics such as anti-money laundering (AML), anti-bribery, and fraud prevention.

Employee education is particularly important in firms operating in highly regulated markets.

Fintech firms can use technology to help employees gain the necessary knowledge. For example, they can implement a knowledge management (KM) system. This can be useful for onboarding new employees and allowing them to learn more about the company.

Conclusion

Compliance is an integral part of the fintech industry. Compliance issues can prove to be detrimental to a fintech firm’s success. If a firm fails to comply with regulatory requirements, it may face increased regulatory scrutiny or fines.

Regulations are constantly evolving, with new regulatory requirements coming all the time. The fintech industry is therefore facing new challenges and must adapt to these changes.

Author Alex Morgan

Author, Alex Morgan

7 Things Your Business Should Do Now To Avoid Non-Compliance Issues

Non-compliance issues! No matter what stage your business is in, you will need to work on your business. However, you will also want to spend time on other essential things. The US corporate compliance world is fraught with regulatory threats.

You should be aware that many industries will have different forms of compliance that are specific to them. However, by the end of this post, you will learn some essential things that you must do to avoid issues surrounding non-compliance that are relevant to most businesses.

Compliance With Business Regulations Is Important

With the increasing number of regulations, business owners have to be more careful about what they do. They have to make sure that they follow the standards and laws of the particular country they are taking their company in. A growing number of businesses require compliance with a legal framework to conduct their operations. In general, these companies need to comply with the local rules and regulations of any given country. Anyone operating any business size cannot ignore the importance of complying with business regulations.

Most countries have set up laws and regulations for businesses and other entities. These abide by specific practices and codes. Compliance with these laws ensures the smooth running of particular procedures and activities. The US Chamber of Commerce has stated that companies must comply with the law. If companies and entrepreneurs know their limitations and those of their competitors, they will play fair in the market and make sure that they succeed. There are many cases where companies are penalised if they do not comply with the law. Therefore, the cost of compliance management can be significantly reduced when you factor in the penalties associated with non-compliance. Not only can non-compliance negatively impact you financially, but in some cases, it can even affect your brand. Are there any ways you can ensure your company complies with the various regulations that exist? Fortunately, there are many things that you can do, some more complex than others, but all of them are in your best interest.

Identify The Regulations That Affect Your Business

Regulations are essential because they provide clarity and transparency in the market. They also protect consumers from harmful actions and give their business an edge by providing a competitive advantage. With this in mind, your first step should be to investigate which regulations apply to your industry specifically. While many apply to businesses as a whole, some will be niche-specific. For example, a financial company may be required to comply with regulations surrounding the amount of money they can lend to a specific demographic (to avoid negative outcomes, etc.).

On the other hand, payment processing companies may need to implement specific policies to protect customer data in case of a data breach. Lastly, there are the general regulations that all businesses must follow, such as employment regulations, hiring practices, and so on. Once you are aware of the rules specific to your business, you can begin to implement them as best as possible.

Educate Your HR Department (Employment Regulation)

In the United States, workers are guaranteed certain rights and benefits by law. These benefits include protection from discrimination, fair compensation for work, and a safe workplace. An employee needs to be provided with a written contract in the US before accepting a job offer. This contract explains what tasks they will require in their new position and any other terms that you might include in their employment agreement. Compliance is important because it provides protection from discrimination and ensures that employees are being compensated fairly for their work. You can go some way to avoiding employment non-compliance by keeping your HR department updated on the latest laws and hiring best practices.

Develop A Practical Method For Achieving And Maintaining Compliance

The success of a practical compliance program depends on a company-wide ownership effort. To achieve compliance, people from all levels of the organisation should work together. Train employees to make good compliance decisions and reward those who go the extra mile to ensure compliance. Ensure you are familiar with what is happening on the front line, not just what you hear. People don’t always do what they say they’re doing, so what they’re saying isn’t actually happening. As a result, you might be in for a nasty surprise when something goes wrong.

Submit Reports On Time

Whatever reports are relevant to your business must be submitted on time. Prompt submission is an easy point to accomplish but one that is often overlooked. Many companies make the mistake of leaving these reports to the last minute, but this could result in errors and possible repercussions.

Stay Up-To-Date On Changes In Compliance

Businesses tend to forget about current rules, especially smaller operations with fewer employees. However, it is in your best interests to remain abreast of the latest changes in law. The easiest thing to do is to assign someone within your organisation as a dedicated compliance officer whose job is to ensure you stay within the law at all times.

Maintain Good Relations With Your Regulatory Agency

Everyone has a job to do, and you will make no friends by constantly haranguing those whose job it is to ensure compliance. While you don’t need to become best friends, maintaining good relations is in your best interest. You can do this by submitting reports on time, allowing easy access to inspectors, and continuing an open line of communication.

Improve Your Program Through Continuous Improvement

It is the job of regulatory agencies to ensure you comply with regulations, but it is your job to be proactive in their implementation. This is another job you can assign to your compliance officer, but you as a business owner must also retain some level of responsibility.

No matter what industry your business is in or what industry your business is going into, you should always take the time to learn about whatever rules and regulations may apply to your industry. Stay up to date, learn about which rules are specific to your industry, and be as facilitating as possible to the agencies in charge of their enforcement.

Global Trade Law Firm Expands West Coast Presence

Global trade is the exchange of capital, goods, and services across international borders or territories because there is a need or want of goods or services. In most countries, such trade represents a significant share of gross domestic product.

Customs and international trade law firm Sandler, Travis & Rosenberg, P.A., announced today the addition of Juan Moreno as Director, Trade Compliance. He will be based in the San Diego area.

Mr. Juan Moreno

Mr. Juan Moreno

“Juan is an ideal fit for the ST&R team,” said Lenny Feldman, a member of the firm’s Operating Committee. “He has decades of pragmatic trade compliance experience in a wide variety of core areas that are crucial for our clients, particularly as they are working to both improve compliance efforts and strengthen their bottom lines amid today’s shifting global trade environment.

Juan has helped a lot of companies develop controls and tools to address just these types of issues.”

Juan Moreno advises importers, exporters, trade associations, and multinational corporations in the United States and Mexico on a wide variety of regulatory and international trade subjects. He has been especially active on USMCA compliance, helping companies transition operations from NAFTA to USMCA rules, and he is well-versed in Mexico’s IMMEX and PITEX programs.

He also engages and guides companies on strategies for legally lowering MFN, Section 301, and other duties, including by taking advantage of classification, origin, valuation, and other customs strategies as well as free trade agreements, preferential trade programs, and other tools.

A member of the international trade community since 1994, most recently Juan Moreno served for 14 years as director of trade compliance for a San Diego-based customs law firm. He worked for many years as a customs compliance manager, first with a leading customs broker and then with a company closely involved with operating maquiladoras in Mexico.

He has trained professionals all over the United States and Mexico on compliance issues and is a sought-after speaker on a wide range of international trade matters.

Juan Moreno can be contacted at (415) 490-1402 or [email protected].

Compliance Centers of Excellence

What is a Compliance Center of Excellence?

While there is no definition of a CCoE, there are several definitions of a Center of Excellence (COE), which I have drawn from for this article.

In a OneSpan article, entitled “Centers of Excellence (Why Create One)”, Jodi Schechter interviewed Mark Kafka, who defined a Center of Excellence as “a discipline within an organisation. The concept of a Center of Excellence is to build out key processes and expertise across the enterprise. It is typically based on a technology, a critical process or an application – to help the organisation adopt that process and become efficient at it.”

From this, you can see it is a team that promotes compliance collaboration within an organisation. It utilises best practices around compliance to drive greater business efficiencies, more profitability and customer-valued results. Drawing from Mark Vaughn’s Navint white paper, entitled “Financial Services: Compliance Center of Excellence”, another way to consider a CCoE is that it is a coordinated team with resources that have a range of interrelated skills and responsibilities, in a collaborative working forum, designed to share knowledge, promote best compliance practices and drive successful business results.

A CCoE should have areas, which the Horizon Group identified in its blog post “What is a Center of Excellence”. First it should offer support to the compliance function’s customer, company employees, third parties and other impacted by the corporate compliance function. It should provide support for those impacted by compliance in an organisation by being a subject matter expert (SME) in the compliance arena. There should be guidance from the CCoE in compliance standards, methodologies and the CCoE should act as a compliance knowledge repository. A CCoE should provide shared learning, including compliance training and certifications, skill assessments, team building and formalised roles which are all ways to encourage shared learning. A CCoE should provide measurements, which demonstrate it is delivering the valued results that justified their creation through the use of output metrics. Finally, in the area of governance, a CCoE should allocate limited resources across all their possible uses, ensuring organisations invest in the most valuable projects and create economies of scale for their service offerings.

From this general description, I see two overarching themes for a CCoE. It should obviously begin with a regulatory backbone, through compliance SMEs supporting the company. It must also deliver demonstrable and tangible results to the business. It would have a clear mission focused on the business and the compliance requirements that must be addressed for each organisation.

However, this should then morph into a more business process approach, as a CCoE would become a team of specialists who work together to develop and promote compliance best practices. While initially it may be focused on providing compliance guidance to a company, it would then move to deliver business services, or operationalise compliance throughout an organisation. Vaughn notes this could include, “areas such as human capital management, project management, quality assurance, regulatory compliance, business analysis, continuous process improvement, and enterprise performance management.

A successful CCoE will aid a company to “understand and set priorities, create a roadmap, standardise approaches and support processes that improve the underlying structures of compliance over time.”

Whichever form it takes, the CCoE model should include SMEs, together with other resources that become an integral part of the compliance function, supporting the business in an advisory capacity and delivering discrete services. A successful CCoE will aid a company to “understand and set priorities, create a roadmap, standardise approaches and support processes that improve the underlying structures of compliance over time.” Indeed Kafka was quoted that a CCoE “establishes a best in class operation AND it’s a scalable and repeatable process. It becomes the organisational standard. In doing so, intel from channels of operation that have already adopted practices reduces the learning curve for those new to the organisation. Documented processes can be easily rolled out to new channels.”

As with the compliance function in total, it should work with the business unit to design, create and implement a compliance solution that can be pushed out to more fully operationalise compliance. Vaughn noted that the CCoE team would “work to develop a roadmap based on careful planning and analysis, including understanding how, through scenario planning efforts, the organisation will pivot one direction or another, to initially address regulatory compliance and improve it over time.”

It would allow compliance to be more integrated in planning and strategy discussions to stay tuned to the ever-changing risk profile of a company. Moreover, through this interdisciplinary approach, it would bring compliance knowhow to help the business folks understand that compliance is, in reality, a business process and as a business process, it can easily be incorporated into business unit operating procedures going forward.

A CCoE can become a very powerful tool for the compliance function in an organisation. Compliance is properly seen as business process. If you integrate the compliance framework of controls, incentives, continuous information and its feedback into your company’s business process, it will not only make your organisation more efficient but at the end of the day more profitable.

Design of a Compliance Centers of Excellence

Next, I want to expand out into how a Chief Compliance Officer (CCO) or compliance practitioner would design a CCoE) for compliance and then conclude with how you might fit it into your organisation.

About the best representation of a CCoE comes from Mark Vaughn, author of the Navint white paper, entitled “Financial Services: Compliance Center of Excellence”.

Through this diagram, Vaughn lays out a way for you to think through your CCoE. He believes a CCoE will be successful, in large part, because of the personnel you assign to it in a variety of areas. These areas include advanced levels of compliance knowledge and compliance competencies and would include training and certifications. Moreover, your CCoE staff must be “capable of working in a consensus-based organisation and committed to knowledge sharing, developing and leveraging various standards and methodologies and be able to communicate new approaches and leading practices to the organisation.”

This circle clearly represents many concepts that every CCO and compliance practitioner will be quite familiar with from their own experience. Under Risk and Controls environment, it would include the three steps of the risk management process and then add on remediation management. It would also include risk data information, data protection and data privacy components that you would need to test. Finally, if there was a breach, it would facilitate both investigation and root cause analysis.

Policy and Process moves beyond simply compliance policies and procedures to include compliance as a business process; delineating roles and responsibilities. There would be a focus on both reporting requirements and governance. Further, the CCoE would develop metrics and independent testing for verification and feedback.

For Solution Design, there would be focus on the overall compliance regime requirements to provide a functional solution design. This area would provide the support architecture needed to create the infrastructure and roadmap for compliance moving forward. After deployment of new solutions, this area would also provide continued support.

Under Go-Live Support, there is roll out, deployment and ongoing support activities from the CCoE to the business units. This helps to facilitate knowledge transfer and further the operationalisation of compliance down to the business unit level. This area would also include certifications, examination and audit support. Finally, it would also facilitate ongoing compliance communication.

In the Requirement Analysis quadrant, there would be a group focusing on your internal control and rule-making lifecycle. It could provide legal analysis of anti-bribery and anti-corruption requirements across the globe; providing consistent definitions which would assist the employee base. You could also include industry bench-marking in this group. Lastly, the Training and Education grouping would help to develop the compliance training materials for both internal stakeholders and external business relationships such as agents, distributors, vendor, joint venture partners or others similarly situated. This group could also work with your corporate Human Resources (HR) function to communicate company expectations around ethics and compliance throughout the lifecycle of the employment process. It would use social media for ongoing communications on compliance and develop best practices in this area as well.

What would success for a CCoE look like? Here Vaughn has some criteria. A successful CCoE would help to build a tighter and frictionless alignment between the business and infrastructure units — especially compliance, risk, reporting and technology. It could move more quickly and more forcefully to improve the adoption of and adherence to compliance requirements from a wide variety of regulators literally across the globe. It could then pair this with end user solutions supporting compliance reporting with better design, planning, training and fit to purpose tools.

A CCoE would take the lead in developing the strategies and business priorities to meet regulatory compliance initiatives and would work to achieve overall business agility by increasing the success of processes and technology through ongoing improvements. Next it would increase the success of designing and deploying the compliance solutions and technology required to meet compliance requirements; thereby delivering more value, less cost and less time.

Vaughn ends by noting that in developing and delivering the compliance needs of any global, multinational organisation requires an integrated approach, which requires an interconnected organisation aligned to support a common set of goals and objectives; most directly to more fully operationalise your compliance regime. Deploying a CCoE requires the broad participation of the company and the commitment of senior leadership to drive the organisational transformation. This transformation requires a clear vision of the people, process and technology required, properly aligned to support policy, strategy and governance. Applying the principles of a CCoE will provide organisations with the strategic platform they need to more fully operationalise compliance across the ever-widening scope of anti-corruption requirements across the globe.