Simply having a compliance program is no longer enough in today’s legal and regulatory climate. In the eyes of regulators, “check the box” or “paper” compliance programs are as good as not having one at all.
Organizations now face the more difficult task of achieving a culture of compliance. Without a culture of compliance, regulators will be reluctant to grant an organization any credit or leniency if things go awry – e.g., if wrongdoing by a bad actor comes to light that should have been prevented by compliance training. More fundamentally, however, if a company cannot establish a culture of compliance, it will not be able to rely on its compliance program to mitigate risk, both by deterring wrongdoing and encouraging prompt disclosure when wrongdoing occurs.
Originally published in the Buffalo Law Journal on February 6, 2018.
Please see full publication below for more information.