Just how strong is your program? This question is always in the back of compliance and ethics professionals’ minds. We at Allstate asked ourselves the same question. In this piece we share a practical approach used in finding the way to maintain an effective program.
Know your Company’s Landscape
On the quest to beginning a review of your compliance program, it is helpful to examine the nature of your company and how it operates. For example, at Allstate, the nation’s largest publicly held personal lines insurer, we serve over 16 million households through several brands. We are very highly regulated, predominantly at the state level but also subject to Federal and international laws and regulations. Allstate has a longstanding commitment to the highest standards of business integrity. As such, we have a mature compliance program. With several brands and diverse products, our compliance program operates in a decentralized manner, with designated compliance leaders assigned to each company officer, and dotted line reporting relationships to the corporate function of Enterprise Business Conduct.
Define your Terms
The word “compliance” invites multiple distinct definitions. It can mean acting ethically and employing the elements of the Federal Sentencing Guidelines for Organizations. It often includes a company’s Sarbanes-Oxley processes, spot-checks, policies and risk assessments. It also means the structure and operation of how a company ensures both continued compliance with existing laws and timely implementation of new laws. At Allstate, our ethics and compliance program covers all of these items. For the scope of this review we focused on the aspects of our compliance program that ensure compliance with external laws and regulations, reflective of the high degree of regulation applicable to our company.
Impetus for the Assessment
The current iteration of Allstate’s compliance program has been in place for approximately six years. The program includes ample forms of continuous monitoring and reporting, but in addition we wanted a comprehensive review of the compliance program structure and processes.
Other Reviews of Ethics and Compliance Programs at Allstate
The ethics and compliance function at Allstate employs a variety of review and monitoring processes over their respective programs, including outside parties. For example, independent third parties survey a sample of employees to learn how they view our commitment to ethical practices. This survey is then compared against corporate benchmarks. Allstate engaged another third party to review its program against the required elements in the U.S. Federal Sentencing Guidelines for Organizations. As a result of the regulatory structure of the state Departments of Insurance, company practices are routinely reviewed in market conduct exams.
There is also a wide array of internal reviews, risk assessments and audit practices that give us an insight into how we are meeting our compliance obligations. However, collectively these reviews, albeit important and informative, do not provide us with a comprehensive review of the structure and operation of the regulatory compliance program.
Resources Needed and Available for the Review
After validating the value of a program review, we then looked to all available resources for further assistance. As is common with so many compliance professionals, there was not a reservoir of surplus resources that we could tap into to perform this review. We leveraged the equivalent of two to three compliance leaders and one new college graduate to complete the review in our outlined 100-day time frame. Rather than seeking additional funds for the review, we decided to approach this review using the parameters and resources below.