Calvin London (email@example.com) is the Founder and Principal Consultant of The Compliance Concierge in Melbourne, Australia. Reyna-Chris Comeros (firstname.lastname@example.org) is the Compliance Manager, Celgene Pty Ltd., and An Nguyen (email@example.com) is the Associate Manager Affiliates Quality, ANZ & CEA, Celgene Pty Ltd. in Melbourne, Australia.
According to Wikipedia, operationalizationis a term in research design, especially in psychology, social sciences, life sciences, and physics. It is a process of defining the measurement of a phenomenon that is not directly measurable, though its existence is inferred by other phenomena. The definition then goes on to give several examples from different disciplines of how the term is used, none of which are particularly helpful.
Nonetheless, operationalization is a term that has gained prominence in the compliance world. It is mainly a result of the term’s use in the Evaluation of Corporate Compliance Programs in 2017 by the Department of Justice (DOJ). DOJ emphasized the importance of an “implemented, reviewed, and revised, as appropriate, in an effective manner” compliance program versus simply having a “paper program” in place. Following this guidance (which was developed from guidance provided in the previous year by the Foreign Corrupt Practices Act (FCPA)) should be automatic, given the potential legal consequences.
Employees within our own organization may well have had good intentions when implementing operationalization but struggled with what it exactly meant, let alone how to pronounce it. I am sure many compliance professionals also share this sentiment, and definitions like the one on Wikipedia don’t help. So, what is operationalization?
Ricardo Pellafone put it quite nicely: “You ‘operationalize compliance’ by integrating it into business process—so it becomes part of how people do their job duties.” He went on to say it was not enough to simply have a policy, but that it had to be applied to the operational tasks and duties that would support the compliance initiatives (operationalize it).
Problems with operationalization
A large number of internal review/audit observations and DOJ/FCPA prosecutions reflect that companies have difficulty effectively demonstrating that the intent of policies has been transitioned into procedures or that they are understood by employees within the company. This is the reality for many companies: Although they may have good intentions, there is a disconnect somewhere between the policy and the actual procedures and processes.
Policy operationalization also becomes more complicated when the policies are issued by global headquarters for implementation to a subsidiary or affiliate office. Often, they assume that since the policy has been given, it must have been implemented. It is not until an internal audit that they realize the policy has not been effectively transitioned into meaningful procedures or practices, exposing the company to regulatory compliance risks.