A company that measures compliance effectively can prevent reputational damage, protect the bottom line, and potentially avoid costly fines and enforcement actions – all by arming itself with the right compliance program performance metrics. But in a data-driven world, it is easy to get overwhelmed by the sheer volume of numbers at our fingertips. We are regularly inundated with metrics, so determining what really matters ends up being equal parts art and science.
As compliance becomes compulsory in our rapidly evolving and regulated business landscape, how do you measure your organization’s compliance effectiveness? Read on to learn more about how to make your data do the heavy lifting for you and your compliance initiatives.
The U.S. Department of Justice (DOJ) Criminal Division updated their Evaluation of Corporate Compliance Programs guidelines in June 2020 – and the update emphasizes that compliance teams need to know whether their program is working.
The DOJ’s Corporate Compliance Programs guidance includes three questions that prosecutors should ask when investigating a company:
Keep these three questions top of mind to not only set your compliance initiatives up for success, but to prevent any costly legal consequences. In particular, compliance officers at companies that are under a monitorship or corporate resolution should pay close attention to the first question, as the DOJ revealed in 2022 that they will require CCOs and CEOs to certify that their program is well-designed at the close of the monitorship.
The DOJ’s updated guidance also includes two sentences that deserve special attention:
Not only does this guidance emphasize the importance of your internal policies and procedures, but it also calls out compliance program performance metrics – specifically, which policies are garnering employee engagement. If employees are engaging with your policies, but you don’t have the data to prove it, as far as the DOJ is concerned, your compliance efforts fall short and may be subject to further scrutiny. Measuring your organization’s compliance effectiveness is more than checking off boxes in an extensive list of guidelines; it is about taking the time to make sure that your compliance program is structured to measure what matters most.
Compliance metrics come from many potential sources – culture surveys, risk assessments, disclosures, and your helpline, to name a few. With the right compliance management tools, you can view a substantial amount of that vital data in centralized dashboards. But without a strategy or knowing which compliance program performance metrics you’re trying to measure, the raw data can be overwhelming.
Start by identifying your compliance KPIs.
What are compliance KPIs?
Key performance indicators – aka KPIs – are the data points or metrics that indicate how well your team or organization is performing at key initiatives. Compliance KPIs can measure employee engagement and awareness of your compliance program, how well your organization complies with local, national, and global regulations, and ethical decision-making throughout the workforce.
How do you measure compliance KPIs?
Your compliance tech platforms – for example, your hotline, disclosure manager, policy manager, and compliance portal – should each provide you with rich data, and ideally each of these platforms connects to the others in one holistic dashboard. The most sophisticated compliance measurement platforms incorporate HR data and other inputs to provide a complete picture of risk across the organization.