In January 2019, Google was fined €50 million, or nearly $56.8 million, by Commission Nationale de l’Informatique et des Libertés (CNIL), France’s data protection regulator. According to CNIL, Google had violated the General Data Protection Regulation (GDPR) introduced into the European Union in May 2018, concerning the protection of user data and users’ ability to opt-out of sharing their data.
This case underscores the need for a global compliance program within companies, particularly ones that operate in multiple locations and countries around the world. While programs may meet individual local requirements, it can be more difficult to ensure that every aspect of your organization — and every employee — is aware of and aligned with global compliance standards. After all, you need to account for different local laws, languages, company infrastructure, management, and other discrepancies. It’s essential to have a centralized system, but you must also act in accordance with local rules as well.
How do you create a global compliance program? These guidelines can help you get started.
Code of conduct, resources, and written policies
Outline your policies concerning compliance in a code of conduct, clearly laying out the rules and expectations for employees, as well as consequences and courses of action that will be taken should employees fail to meet these guidelines. Additionally, offer resources for individuals to anonymously report noncompliant behavior or file complaints against coworkers in cases such as sexual harassment and others.
This policy should be accessible to all employees and should be embedded in corporate culture. Rather than placing it in a soon-to-be-forgotten company handbook, actively distribute the policy and send frequent updates and reminders. You might also post it in a conspicuous physical location, such as the kitchen, and make it available online via the company intranet or another easily accessible digital location.
Use a top-down approach when instilling compliance in your company culture. Leadership should model appropriate behavior for other employees, and in order to do so, senior managers and executives must understand the importance of a global compliance program and structure; this will help them establish a foundation for the rest of the staff to follow suit.
A chief compliance officer
Many organizations have a chief compliance officer or chief integrity officer, a c-level executive who governs the compliance activities of the company. If you do institute this position, make sure the officer has an appropriate level of autonomy, given the nature of her role, and that you’ve taken measures to ensure impartiality.
Identify potential problem areas before they actually become full-fledged problems. This will help you stay ahead of the storm — should a storm be brewing. Senior management, your board, legal counsel, and other advisors or stakeholders should sit down and assess your organization’s weak spots or areas of concern in terms of compliance. You might evaluate potential threats in certain locations, regarding customers and products, business partnerships, and other targets.
Staying aware of the news and headlines
This involves being aware of current issues and headlines — as we can see from the Google/GDPR case above — and taking into account the biggest risks involved with your company. For example, if your organization is part of the tech industry, you should be aware of data security laws and other user protections. It’s important to perform a risk assessment before something catastrophic occurs, rather than try to pick up the pieces — which can end up being costly in terms of both your business’s reputation and the sheer amount of money you might end up paying to resolve the issue — later.
Being aware of local laws and guidelines
Part of being globally compliant means understanding the laws in all areas in which your business operates — not just the central office. That means paying attention to the local laws, as well as the cultures with which you conduct business, to better understand what’s at stake.
Avis, a New Jersey-based car rental company, has 10,000 locations across 175 countries. The company holds meetings with representatives from different countries that last a week, and these employees bring their discussions back to their local offices to ensure that their colleagues are acting in accordance with the global program guidelines.
Ongoing assessment and analysis.
Creating a global compliance program is not enough. Senior management must continue to review and update their programs as necessary. The business world is constantly changing, and organizations must stay abreast of trends and evolving landscapes.
As part of monitoring and updating their programs, leaders should ask for input from employees via surveys and other measures to help them understand the kinds of issues that are most prevalent in different locations and how they can better address them.
Compliance starts with awareness. Your employees must understand the behavior that is expected of them, as well as the consequences for violating your company’s rules and expectations. Training should be conducted routinely, not just as part of the onboarding process, so employees receive a refresher on a regular basis.
Training can not only help them recognize what qualifies as noncompliant behavior but allow them to appreciate and share the values their employer is trying to instill in the culture.
One key feature a quality training program should emphasize is integrity; otherwise, a company risks “checking boxes,” or conducting a program where employees are not truly absorbing and understanding the material they’re learning. When integrity is instilled in the corporate culture, employees want to do the right thing — not just because they have to.
Interactive Services’s Integrity Ethics and Compliance Training program emphasizes integrity while offering features such as:
- Fully customizable content, including programs available in 22 languages
- Local content for key areas such as anti-bribery and corruption (ABC) for the United States, the United Kingdom, and Brazil
- Artwork, examples, and scenarios for a multi-national audience
- Local images
- Simple navigation for a large, global audience
- Translations by real people, not machines
- Content verified by local legal experts
- Global support offices across multiple times zones
- Dedicated account managers