Your compliance program:
What the new guidance from the Department of Justice could mean to you
Revised guidance issued by the DOJ aims to sharpen prosecutors’ understanding of what works — and what doesn’t — when evaluating a company’s
compliance program design, effectiveness, and application.
The bar has been raised — there are a number of steps that your organisation can take now.
If you had to explain
your resourcing and
structural choices
today, would you be
able to backup your
rationale? Could
you demonstrate
that your program
has evolved with
the risk?
Compliance program excellence
Third party risk management
Clarifies that risk management of third
parties should be performed
throughout the lifespan of the
relationship, not just during the
onboarding process.
Data-driven, effective compliance program and controls
Highlights that compliance and control personnel should have
continuous direct or indirect access to relevant sources of
operational data and information across functions to allow for
timely and effective monitoring and/or testing of policies, controls,
and transactions. Impediments that limit data access should be
addressed.
Resource empowerment and effectiveness
Mentions the importance of being purposeful about
focusing compliance resources on the highest risk
areas to own as a central compliance function, and how
compliance can support the business who functions as
a first line of defense for most compliance risks.
- Program governance and resources
- Risk assessment
- Policies and procedures
- Compliance controls
- Communication and training
- Enforcement, discipline, and incentives
- Investigations and response
- Monitoring and auditing
Is your compliance program...
Well designed?
Adequately resourced and empowered to function
effectively?
Working in practice?
Elements of a compliance program
Are you proud of
how your program
has evolved?
“
”
Key components to start thinking about now
ABAC
code of conduct/
conduct risk
conflicts of interest
Antitrust and
competition
law
Lobbying
and political
activities
Data
privacy
and security
Information
security
Trade
compliance
An effective compliance program guided by a robust framework protects and preserves the integrity of your business.
Contact us:
Marketing, promotions,
advertising
Sourcing and
manufacturing
practices
Workplace
safety/
OSHA
Workplace
behavior
Labor and
employment
law
Environment,
health and
safety
compliance
Records
management
Securities law
compliance
Pharma-
covigilance
Product
counterfeiting
CSR
Product
quality and
safety
Integration
compliance
Anti-money
laundering
Compliance risks are typically owned by the business and the
compliance function - Corporate Compliance Group (CCG)
maintains oversight on certain risks. The illustrative wheel on the
left depicts the risks for which CCG has different levels of
ownership and/or oversight. The key below outlines expectations
for each ownership level.
Note: The risks may be further updated based on the ERM work being performed
Global
security
Ownership level Expectation
Direct ownership
• CCG owns/ defines policies and procedures
• CCG defines controls, which may be implemented
centrally or at a regional/ business unit level
• CCG defines and monitors metrics
Shared ownership/
significant oversight
• Risk owner defines policies and procedures in
collaboration with CCG
• Risk owner defines controls, CCG tests design
and effectiveness of the controls on a periodic basis
• CCG agrees with risk owners on metrics to be
reported on a defined cadence (monthly)
Moderate oversight
• CCG agrees with risk owners on metrics to be
reported on a defined cadence (at least quarterly)
Minimal oversight
• Only significant issues/ regulatory inquiries are
escalated
• Limited metrics may be reported on a defined
cadence (annually)
Significant
litigations
Accounting and
financial
reporting
© 2020 PricewaterhouseCoopers Consulting (Singapore) Pte Ltd. All rights reserved. PwC refers to PricewaterhouseCoopers Consulting (Singapore) Pte Ltd, and may sometimes refer to the PwC network.
Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
Michael Peer
Partner
michael.pee[email protected]
Dmitry Kosarev
Director
dmitry.kosar[email protected]
Daniel Fu
Director
daniel.j.fu@pwc.com
