What five important factors should an effective compliance program have?

We operate in a highly regulated industry and an increasingly challenging business environment. In 2003, the Office of Inspector General (OIG), Department of Health and Human Services, developed the OIG Compliance Program Guidance for Pharmaceutical Manufacturers. According to the OIG, "it is imperative for pharmaceutical manufacturers to establish and maintain effective compliance programs. These programs should foster a culture of compliance that begins at the executive level and permeates throughout the organization." The OIG's guidance includes seven widely recognized and fundamental elements to an effective compliance program. We have gone a step further by identifying an additional three tenets to complete Amgen's Elements of an Effective Compliance Program. The OIG's seven elements, combined with the additional three tenets identified by Amgen, are the foundation for our Worldwide Compliance & Business Ethics Program.

Core Elements of an Effective Compliance Program

1. Written policies and procedures
2. Designated compliance officer and compliance committee
3. Effective training and education
4. Effective lines of communication
5. Internal monitoring and auditing
6. Enforcement of standards through well-publicized disciplinary guidelines
7. Prompt response to detected problems through corrective actions

Additional Tenets Identified by Amgen

1. Compliance metrics reviewed by Compliance Committee to assess program effectiveness
2. Compliance leadership is part of executive performance reviews
3. Prompt, balanced and effective decisions regarding compliance activities may require Compliance Committee involvement

The amount of regulations which all organisations need to meet grows each month.  In 2018 alone more than 2,000 Acts and Regulations were passed in Australia.

An effective compliance program is part of the solution which ensures that organisations satisfy their governance responsibilities and remain compliant with all relevant laws.

An effective compliance program includes the development, implementation, and adherence to standardised operational compliance policies, procedures, standards of conduct, safeguards and written guidelines that outlines an organisation’s expectations of its employees.

The program should be well-structured, organised and consistent across the organisation.  Areas of responsibility should be well defined to ensure accountability.  All staff should be made aware of their compliance obligations through appropriate training and procedures, with the goal being to reduce compliance breaches.

Management Commitment

Central to a successful compliance program is the commitment of managerial and executive staff, without which, an organisation will fail to achieve an effective program of compliance.  Managers and the executive should communicate their commitment to compliance by being involved in the provision of resources and allocation of staff to enable the development and successful implementation of the program.  Adequate training to employees should be provided that clearly indicates the organisation’s commitment to a compliance culture; and outlines the roles and responsibilities of employees in order to encourage reporting of breaches.   Compliance activity should be monitored by those in a position of responsibility.

Continuous Risk Assessment

A successful compliance program will have processes in place that will continuously assess the risk of breaches and the impact of that risk on operations.   Risks can be grouped into high, medium and low risk categories, allowing the organisation to prioritise areas of focus.  Part of a risk assessment involves developing strategies to mitigate those risks.  Putting processes, procedures and guidelines in place and having clearly defined roles and responsibilities for staff will aid in risk mitigation.

Written Compliance Program

Having a clearly written, concise, up to date and complete compliance program is essential to the program’s success.  The program should include policies, procedures and guidelines that are easy to follow by all employees.  It should be accessible to all staff and include information regarding the reporting process.

Compliance Auditing and Self-Assessment

When conducting an audit of your organisation’s compliance it is essential to first identify the responsible staff members for each compliance subject area that will be reporting back for the audit.  It is essential to create an adequate system for tracking reporting back from staff, which includes providing those staff members with defined time frames for reporting.  A successful audit will include interviews with relevant staff on questions that have been developed to reflect the organisation’s compliance obligations.  The audit should aim to identify any gaps and inconsistencies in operations that can be drafted into an audit report.   Recommendations should be made based on the results of the audit, with corrective action being taken within a time frame relative to the risk of the gaps or inconsistencies identified.

Compliance Monitoring

A key component to an effective compliance program is ongoing monitoring of all relevant legal obligations.  Organisations should nominate at least 1 individual to have the responsibility for ensuring that the organisation is notified of relevant legislative changes and that steps are taken to ensure that the relevant parts of the organisation take action to ensure compliance with those changes.

Program for Handling & Reporting Compliance Problems & Breaches and Implementing Corrective Actions

A supportive and proactive compliance culture will give employees the confidence to step forward and speak up when there is a possibility of a breach and is one of the best defences an organisation has in minimising risk.

It is important that staff are made aware that there is no risk of reprisal to that employee for reporting possible breaches in good faith.  The provision of information regarding the reporting process can be supported through widely distributed posters and regular emails or newsletters.

Some compliance breaches require external notification to relevant bodies such as the police or government officials.  A successful compliance program needs to provide clear guidelines that indicate the steps to be taken when an external notification becomes necessary, including the time frames for notification.

A thorough risk assessment and investigation needs to be undertaken, and in order to prevent further breaches, new processes and procedures should be put in place to further mitigate any risk.

For further information about how Law Compliance can make legislative compliance easy, contact the team:

Phone: 1300 862 667

Email:

What important factors should be part of an effective compliance program?

What are the 7 elements of an effective compliance program?

What is the most important element of a compliance program?

What does an effective compliance program include?