Legal Defensibility and Compliance
These days it’s not good enough to simply comply with the myriad of legislation and regulation that guides industry, you have to be seen to comply. You have to be able to prove that you’ve complied, or at the very least, you tried to comply.
Should the proverbial hit the fan, this last point is perhaps the most important. Being able to prove that you tried to comply, that you had good intentions, has saved the bacon of many companies facing the inquisitors and potentially eye-watering fines. See our previous blog for high profile examples: https://www.sword-achiever.com/news/blog/posts/2018/october/data-privacy-security-the-critical-role-of-effective-policy-management
This is called legal defensibility, which is where an organization proactively builds a case that can withstand legal scrutiny, which demonstrates that it has done everything reasonable to protect itself and its assets in order to build stakeholder value. When conducting investigations, regulators look for the link between your compliance program and the type of conduct you are trying to impact.
Holistic approach reaches further
Preventing legal contraventions is one of the main reasons for creating policies and conducting staff training, and it should form part of an overall operational risk management strategy. Effective policy and procedure management is a shared responsibility across the organization with particular focus on compliance, human resources and legal functions. However, other departments such as internal audit, IT, procurement and finance are also likely to have a significant impact on policies in both design and implementation. When devising organization-wide policies, analysis should be made of how different areas of the business interact with each other, so that shared policies can be agreed and rolled out. This holistic approach is one way to expand the reach and efficacy of compliance and policy management without increasing headcount or budget.
Let the tech do the work
Automated policy management systems go beyond simply editing and distributing polices, they provide irrefutable evidence of attestations and staff comprehension of policies, supporting a highly effective compliance program. As well as defending your corporate actions, an organization-wide policy management solution, with all policies held on a single platform, so they are easy to find, with alerts and prompts so that staff know exactly what they need to do, boosts staff engagement. And when people buy into a process or policy, they are far more likely to uphold that policy, which means less chance of workarounds and the kind of behaviour that could result in a visit from the regulators!
By Jenny Ritson-Smith at 19 Nov 2018, 11:08 AM