Scope: This Compliance Management Policy applies to the creation, approval, adoption, and maintenance of all compliance policies along with all related procedures (together, the “compliance policies and procedures”) of [INSERT COMPANY NAME] (the “Company”).
Purpose: Company compliance policies and procedures are designed to ensure compliance with our Code of Conduct and with applicable laws. Our compliance policies and procedures are managed by the Company’s Global Compliance Committee (GCC). Only the GCC has the authority to issue or revise the Company’s compliance policies and procedures. This policy is intended to ensure we have a uniform process for the creation, approval, adoption, and maintenance of such policies.
“Compliance policy owner” is the content owner of the policy who serves as the subject matter expert with primary responsibility for compliance policy governance in their area of expertise. The compliance policy owner will also determine the appropriate individuals/departments that should be involved in the compliance policy governance process in their area of expertise. This person’s approval is required before the compliance policy or procedure can be presented to the chief compliance officer and GCC for approval.
“Compliance policy standard format” is the uniform format and style for all compliance policies attached as Exhibit A.
“Designated compliance policy manager” is the individual(s) designated as responsible for reviewing, updating, and/or recommending compliance policies within their areas of responsibility. They collaborate and coordinate with policy stakeholder(s) for input prior to submission of final draft policy for review and approval by the compliance policy owner.
“Procedure” means a document describing the stages or steps necessary to complete a particular process intended to supplement and/or support a compliance policy.
Compliance Policy Creation and Update
The Company maintains an appropriate portfolio of compliance policies and procedures to address and takes into account the various risks arising from or related to the Company’s various businesses, the interests of the Company’s various stakeholders, industry best practices, compliance program best practices, and applicable laws. To assure compliance policies are consistent with legal requirements, our Code of Conduct, and our other compliance policies, compliance policy owners shall: (a) initiate/promote compliance policies, (b) periodically review such compliance policies and propose appropriate amendments thereto, and (c) propose the elimination of any compliance policies that are obsolete or unnecessary. Compliance policies should be initiated or reviewed primarily in response to a change in the nature or extent of Company business activity, regulatory requirements, best practices, recognized policy weaknesses, or when recommended by key stakeholders (e.g., the board of directors, senior management, in-house counsel, industry associations, consultants). In any event, each compliance policy shall be reviewed no less than once every three years.
Procedure Creation and Update
A Region/Legal Entity or Function may initiate/propose additional or complementary compliance policies and procedures of limited scope and for limited use within such Region/Legal Entity/Function only if they are consistent with and not duplicative of existing compliance policies. All such proposed compliance policies or procedures shall be reviewed and approved by the compliance policy owner and, where appropriate, the Company’s chief compliance officer and/or the GCC for consistency with existing compliance policies.
Compliance Policy and Procedure Content
Compliance policies and procedures shall consist of concise descriptions of expected behavior, practice, or standard presented in simple wording so they are easily understood (and translated). Compliance policies shall be in the standard format (See Exhibit A) and shall be assigned a distinctive number and effective date and submitted for approval. After approval, such compliance policies shall be translated into all the Company’s official languages and shall be uploaded to the Company’s intranet site. No compliance policy shall be published to the Company’s corporate intranet site without the concurrence of the Company’s general counsel and chief compliance officer and the approval of the Company’s CEO. New and updated compliance policies and procedures shall be communicated across the organization with a dedicated communication campaign in coordination with Internal Communications.
Document and Archive of Compliance Policy Modifications
The Company’s chief compliance officer shall designate one or more people to create and maintain a historical database to track and document all compliance policy changes and updates.