It’s the most wonderful time of the year… no, not the holidays – Budget Season! It’s the time we cry and fight and claw our way into next year, making the case for what we need.  Sometimes you know exactly what is called for, but other years it can be difficult to know what to request.  No need to worry, we’ve got you covered.  Here’s the ultimate checklist to get what you need.

1.     Third-Party Due Diligence Reports

A risk-based approach to due diligence necessitates that higher-risk third-parties receive greater due diligence than lower-risk third-parties.  You need to have budget to request deeper dive reports – whether that means that a human who speaks the local language is performing a deep-dive desktop review, or, for your highest-risk third-parties, an on-the-ground review including reputation checks from various sources.  These reports can get expensive, but having a budget for at least a few will make your program significantly more defensible if there’s an investigation.

2.     Travel/Training Budget

Everyone knows that the most effective training is done in person.  There’s nothing like being on the ground in a high-risk territory to find out what’s really happening.  You can answer questions in real-time during training, and follow-up to ensure that people understood what you were saying.  Asking for a travel budget is critical.  If you can’t get a travel budget, at least try to get budget for an online face-to-face tool like Zoom or Adobe Connect.  Seeing someone’s face is the best way to engage.

3.     A Professional Risk Assessment

The DOJ’s recent Evaluation of Corporate Compliance Programs guidance made it clear: if you don’t have a current risk assessment, you need to make it your priority to get one. The guidance repeatedly emphasizes the need for a risk-based program.  This is true regarding the assignment of training, level of due diligence required for your third-parties, response to investigations, and where you assign your human and monetary resources.  If you haven’t had time or don’t know how to perform a risk assessment, add a line item for a professional risk assessment into your budget for next year.

4.     Whistle-blower Hotline

The DOJ guidance states that companies must have a robust whistle-blowing process, and this process must include, “pro-active measure to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistle-blowers.”  Companies can expect to be asked whether they have a whistle-blowing procedure, “and if not, why not?”  Why not indeed.  If you don’t have a whistle-blower hotline or process, make this a high priority for budget allocation.

5.     Compliance Program Review

The DOJ guidance is clear: organizations must engage in a periodic review to ensure their programs stay up-to-date.  This evaluation must include “a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training.”  You can do a compliance program review in-house, or engage an external firm (like Spark Compliance Consulting) to perform your evaluation.  Outside consultants have experience of best practices and are able to provide insights that you won’t have from the inside.  Best practice is to complete a program review every 24 to 36 months.

6.     Communications Schwag

You need to remind people of your program, including your whistle-blower mechanisms.  To do so, you need materials.  A communications budget can be used to create and print posters to put up in your offices reminding people of the Ethics Helpline.  The budget can also be used to produce games, lanyards, or materials for Compliance and Ethics Week.  Clever design and interesting schwag can make your program memorable to employees when they’re under stress, and that’s worth buying into.

7.     Technology Solutions

There are some incredible technology solutions on that market that will blow your Excel chart out of the water.  You can ask for software that will assist you in many ways.  These include:

• Investigation management software (including analysis and reporting)

• Policy management software

• Conflicts of interest management

• Contact management

• Third-party management software (including audit trails, report storage, and easy review of whether a third-party has been approved)

• Data audit/data mapping software to help you comply with GDPR and CCPA

• Learning management systems to help track your training assignments and completions

• Online training courses

• Digital communications materials

• Risk management software

• Sanctions screening software

And more!  As you can see, there are many ways to spend your budget, and prioritizing using a risk-based approach is critical for your program. 

If your budget negotiations begin to fail, remind your C-suite and Board that if there is a compliance failure, a prosecutor will ask, “Have there been times when requests for resources by compliance and control functions have been denied, and, if so, on what grounds?”  If they deny, it’s at their own risk.

Use our handy checklist below to decide which solutions to request for next year. 

CHECKLIST OF CHOICES:

• Third-Party Due Diligence Reports

• Travel/Training Budget

• Professional Risk Assessment

• Whistle-blower Hotline

• Compliance Program Review

• Communications Schwag

• Investigation management software

• Policy management software

• Conflicts of interest management

• Contact management

• Third-party management software

• Data audit/data mapping software

• Learning management system

• Online training courses

• Digital communications materials

• Risk management software

• Sanctions screening software