Answer ... A robust compliance programme should be drafted, designed specifically for the designated company. Standard programmes often do not adequately reflect the business practices and structures of the enterprise and become a mere box-ticking exercise, doing more harm than good. The compliance programme should further be endorsed by senior management, with a clear ‘zero tolerance’ message sent from the top. It should further be based on a risk assessment of the company’s business activities. To draft such a programme, the relevant managers should be involved, which should also increase acceptance of the programme. Prior to its enforcement, management and other employees should be schooled in the programme, with practical examples of business situations they may encounter. Once the programme has been introduced, the unit in charge of monitoring its implementation (eg, compliance) should keep track of developments and update the programme on a regular basis. Targeted audits should be conducted and all new employees should be schooled in the programme. Existing employees should receive updates at regular intervals.

The main sticking points typically arise where a compliance programme is forced upon unwilling staff, in particular sales teams, by outsiders without the participation of the relevant managers. This leads on the one hand to a lack of acceptance and on the other to rules and thresholds which are unsuitable for the business. Furthermore, regular updates, monitoring and training are often neglected.