The Society of Corporate Compliance and Ethics (SCCE) and the New York Stock Exchange (NYSE) Governance Services recently released the results of the 2014 Compliance and Ethics Program Environment Survey. While this is not a healthcare-exclusive study, 31% of respondents were from a healthcare or social assistance organization, making healthcare the largest industry represented.

67% of organizations assign both overall and day-to-day operational responsibility for the compliance and ethics function.

This statistic is significant because the US Federal Sentencing Guidelines have specific requirements for organizations where the person responsible for the overall operation of the compliance and ethics program and the person responsible for the day-to-day operation of the program are none the same person. In these cases, the guidelines specify that “the individual(s) with the day-to-day operational responsibility for the program typically should, no less than annually, give the governing authority or an appropriate subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.” Application Note 3, Sec. 8B2.1.

The top 10 topics communicated to the Board or a Board committee are:

1. Compliance and ethics program audits, assessments, and benchmarking
2. Code of Conduct updates and revisions
3. Overall program performance
4. Compliance and ethics risk assessments
5. Training initiatives and statistics
6. Misconduct investigations and resolutions
7. Significant legal and regulatory updates
8. Upcoming program initiatives
9. Misconduct reporting statistics
10. Policy management and updates

76% of compliance groups are invited to add elements to human resources training events, but less than half are invited to provide formal input to corporate business strategy or sales and marketing agendas.

While not surprising, it’s great to see that compliance professionals are invited to collaborate with HR to ensure employee training materials include a compliance component. Conversely, compliance professionals have some work to do when it comes to the C-Suite and the Sales and Marketing departments. Thus, compliance could benefit by being proactive and establishing a close relationship with Sales and Marketing and C-level executives to ensure that there is ongoing communication and collaboration with these groups.

Less than half of organizations (41%) meet the best practice standard of rewriting or updating their Code of Conduct at least every two to three years.

The report indicates that organizations have some room for improvement in the documentation of their standards. More than half of organizations do not update their Code of Conduct frequently enough to meet best practices. Additionally, less than half of organizations maintain a document that outlines how frequently the Code is updated.

The top 10 universal risk areas for which organizations maintain standalone policies are:

1. Workplace harassment
2. Equal employment opportunity/discrimination/diversity
3. Data privacy
4. Information security
5. Confidential information
6. Workplace health and safety
7. Records retention
8. Conflicts of interest
9. Records management
10. Gifts and entertainment

Nearly all organizations (93%) conduct background checks for some or all individuals in positions of trust (where permitted by law).

Similar to previous studies, the report finds that most organizations are performing their due diligence by conducting background checks on their employees. More interesting, however, was the fact that 16% of organizations who reported conducting background checks performed them periodically. With a criminal background check representing only a snapshot in time, roughly one out of five employers recognize the importance of conducting ongoing background checks to ensure the long-term safety of their staff.

Updating your background check policy? Contact us today to learn how PreCheck can help you streamline your background check process.