You have returned to the top of the page and may restart browsing.
Skip Main Navigation
You have skipped the global top navigation and may now begin browsing the page.
  1. Home
  2. Departments
  3. Office of Compliance
  4. Essential Elements of an Effective Compliance Program

Essential Elements of an Effective Compliance Program

Oversight

  • Board of Trustees Ethics & Compliance Subcommittee
  • Designated Compliance Officer with daily responsibility
  • Compliance Officer has adequate funding, resources and authority
  • Compliance Officer access to the Board; annual reports
  • Regularly scheduled Compliance Committee Meetings
  • Leadership candidates vetted to assure no ethical misconduct

Policies and Procedures

  • Code of Conduct is centerpiece of compliance program
  • Policy Library accessible by all employees
  • Standardized policy review process

Education and Training

  • Employees review & sign Code of Conduct in orientation / annually
  • Annual Ethics & Compliance training (employees, trustees, contractors & agents)
  • Targeted training of specific high risk issues
  • Remedial training assignments
  • Assignment tracking; 100% courses completed timely
  • Communication of new policies or regulations

Open Lines of Communication

  • Employees are educated on how to report potential compliance issues: Publicized, accessible hotline; offering confidentiality and anonymity
  • Encouragement to report to immediate supervisor
  • Employees encouraged to prospectively consult with legal/risk/compliance
  • Complainants are briefed on how to receive updates on investigations
  • Promotion of the Non-Retaliation Policy 
  • Exit interviews with departing employees
  • Encouragement to report potential compliance issues & near misses

Enforcement and Discipline

  • Compliance requirements are well-publicized
  • Fair and consistent across the organization
  • Incentives for promotion of a transparent, ethical, compliant culture

Auditing and Monitoring

  • Concurrent & retrospective 
  • Below-target results reported to Compliance Committee
  • Below-target results followed-up with
    Corrective Action Plan
  • Employee Engagement Surveys include compliance, ethics & safety concerns
  • Auditing & Monitoring plan driven by Risk Assessment results

Response and Prevention

  • Potential compliance issues are investigated, documented and resolved
  • Subject matter experts are consulted
  • Root Cause Analysis (RCA) drives the Corrective Action Plan (CAP)
  • CAP designed to reduce/eliminate repeat incidents
  • Findings are appropriately reported to regulatory agencies
  • New hires are vetted via background screening, OIG/GSA exclusion list, etc.

Risk Assessment

  • Targeted assessments conducted in response to specific risks
  • Broad, all-encompassing assessments performed every 1-3 years
  • Steps taken to modify the program in response to repeat violations