How compliance has moved into the headlines and regulators’ crosshairs, and why your board should care (part 2)

The legal department’s starting point for any policy must be developing an understanding of the underlying purpose

At many organizations, introducing new policies and procedures, and educating those affected by them about their importance, can require significant effort. 

Some policies and procedures can be very technical or pertain to a specific legal requirement. This can be particularly true of compliance matters. This specialization may create the perception that the document exists within a very narrow silo at your organization. More challenging, it may create the sense that new territory is being covered and that few resources are available to assist you with developing and implementing the process.

A few strategies can help to strengthen and simplify the policy development and implementation process.

The legal department’s starting point for any policy must be developing an understanding of the underlying purpose or issue that is being addressed. Some policies are developed to respond to organizational issues. Others are intended to satisfy or respond to legal requirements.

Since compliance policies are being driven by legal concerns, the crucial first step is to have a strong understanding of the legal framework that has prompted the new policy. A strong understanding entails more than a straightforward reading of the applicable statute or regulation. There may be a public policy or legislative history that provides context for the new requirement and may even warrant including additional elements in the policy. In addition, the policy may need to include specific or detailed elements. As the in-house lawyer, many colleagues on the business and operational team will expect you and your outside advisors to be the front line of knowledge in this area. 

Drafting and implementing the compliance policy

Before putting pen to paper, consider what resources you have at your disposal. For example, if you are creating a vendor management policy for a newly regulated line of business, you may be able to create efficiencies and internal consistency by considering whether another line of business already has a vendor management policy. If so, the existing document may be a good starting point that you can customize to reflect the unique context for the one you are developing.

Also, you may want to consider whether your organization is active in any trade associations that could provide some resources. Trade associations are unlikely to provide an off-the-shelf solution or template form, but they may offer practical insight to streamline your development process.

Once the framework has been developed, consider how the document generally fits within your organization. This may include cultural, stylistic or other factors. The extent to which you can adapt existing policies can make this a simple step. The underlying document will already reflect the organization’s style. Also consider the stylistic choices and language. While you may draft the policy to respond to a legal issue, it is likely that non-legal colleagues must understand and implement the policy. A policy that whole cloth adopts the legal terminology from a statute or regulation often does not provide the needed clarity and may unintentionally complicate a new operational burden.

Despite all of your work to develop subject-matter expertise on the topic and customize the document to your organization, business and operations must be included in the process once your draft is finalized. It is not uncommon to provide a business partner with a draft version of a policy, only to find out that the new policy carries a significant burden for the business people to implement. This dialogue process is inevitable. That is why it is important to develop a strong legal understanding of a policy’s why and what, because it may afford some adjustment on the how. Development meetings where you discuss the detailed operational requirements and practical effects of the new policy are also often time where you first educate your colleagues on the underlying requirement. 

Depending on who is involved in the meeting and the nature of the new policy, it is often helpful to start the conversation with a high-level overview of the legal requirement and provide context for why the new policy has been created. While some requirements are black and white, this educational process may provide the opportunity to collaborate and adopt a risk-based policy on the grey areas that is less burdensome for your business partner. 

After developing the draft policy with the direct business unit that will be responsible for implementation, you may want to consider whether anyone in your organization has a subject-matter specialization that would provide additional value to the development process. For example, while working with a client on a new policy that included an auditing function, we were pleased to include a member of the company’s audit team to help refine certain elements and provide realistic input on how to accomplish the intended purpose. Had the development process started and ended with legal and the specific business line subject to the new requirement, we would have forsaken the tremendous insight from within the client’s own organization by thinking the policy could only benefit from individuals within our immediate line of sight.

Contributing Author

author image

Kelly Lipinski

Kelly Lipinski is a member in McGlinchey Stafford's Cleveland office. Her practice focuses on compliance and regulatory matters involving the consumer financial industry. She regularly...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.