From Corporate Counsel — Ryan McConnell and Meagan Baker write about New Year’s resolutions for compliance officers but essentially outline a risk-based compliance program. Readers of this blog recognize the risks of misclassification of workers as independent contractors instead of employees and the increase it the risk in 2015 with the implementation of the Affordable Care Act (ACA). McConnell and Baker provide a great process for developing a risk based program which begins with starting a program. For their first resolution, they write:
“1. Develop a Risk-Based Compliance Program
Sometimes we use the phrase “risk-based program” gratuitously, like “world’s best hamburger,” without much thought given to its meaning. A risk-based program is one that uses the results of an effective risk assessment process to allocate resources to the highest risk.
But a risk assessment is not an internal investigation-esque exercise focused on historical information. A risk assessment focuses on risk evaluation that looks forward and attempts to project the most significant risks facing the organization. This effort may focus on trying to score these risks using a methodology that ranks the impact and the likelihood of the potential risks.
A simple example: Driving is a risk that those who don’t use public transportation undertake daily. Driving has several risks—the risk of an accident, the risk of getting a speeding ticket, the risk that your transportation breaks down, etc. Which risk is most likely to occur depends on the driver, the condition of the vehicle and the regulatory environment. And there are several ways to mitigate these risks with controls—to address the risk of a vehicle breaking down, maybe you set up a schedule for routine maintenance. For speeding, it may be driving within the speed limit or with a radar detector (provided those are legal in your area, but this may increase the risk of an accident).
A risk assessment focuses on a risk, the causes of the risk and their probability and impact, and identifies efforts to mitigate the risk. Whether the risk is corruption or money laundering, the process is the same: evaluate the causes and controls, then develop program enhancements….”
Read the full story at 5 New Year’s Resolutions for Compliance Officers