“Compliance Program Certification”
The Mark of Excellence
As compliance programs have become an increasingly critical success factor in both for and not for profit organizations, the importance of having an organization’s compliance program externally certified has grown. For this reason, CRG’s parent organization (Council of Ethical Organizations) introduced its Compliance Program Certification process over five years ago.
Program certification is a peer review process staffed by experienced, working compliance professionals who have completed the Certified Compliance Program Examiner course. The review panel consists of three working compliance professionals plus one representative from CRG. CRG presents the organization being reviewed a list of candidate reviewers, which can be assessed for potential conflicts of interests and revised until a three-person panel is mutually agreed upon. The approach and standards used by the review panel are those that CRG employs when conducting a compliance program assessment. While the standards employed are the same, the certification review is not oriented toward rating program elements, but instead focuses on whether or not each element of an effective compliance program is adequately implemented.
Results of the certification review are presented in several forms. The review panel issues a Certification Report which opens with a brief executive summary that can also serve as a stand-alone narrative of the review and its results. An analytic section containing results identifies all program elements and sub-elements. Unlike a compliance program assessment, there is not a numerical rating for each element and sub-element, but only a Yes/No (the element meets/does not meet requirements) score. Observations supporting the element-by-element determinations are provided. Concluding the Certification Report is a section of practical recommendations for strengthening the program. We have found that the recommendations made by our peer panels are typically very focused and practical.
Organizations that are successful in the certification process are typically granted certification for three years. There is an annual program review questionnaire to ensure that the program is essentially unchanged and functioning at the same level as at the time of the initial review. The annual review also allows consideration of new business lines or changes in basic business operations. A program that is generally sound with one or two areas of weakness may receive certification on a conditional basis if it is likely that the deficiencies can be promptly addressed. If a program is not certified, even conditionally, the panel will state its reasons for withholding certification and identify areas of deficiency to be addressed if certification is to be granted at a later date.
In the years since the introduction of Compliance Program Certification, certain questions have arisen multiple times. The following points are intended to address the most common questions.
- Compliance Program Certification began in 2005 through the Commission on Compliance Program Effectiveness, which is a part of the Council of Ethical Organizations.
- Compliance Program Certification is currently the only compliance program peer evaluation/accreditation process in the industry.
- No organization having once achieved Certification has been subject to a CIA/CCA during their period of Certification. We believe that this is because organizations seeking Certification generally have excellent compliance programs.
- Certification is intended to ensure an organization’s publics that they are dealing with an ethical, honest organization. Certification is normally announced publicly by CRG and by the organization achieving Certification. Organizations with Certified Compliance Programs are entitled to so indicate in their public information.
- CRG does not determine an organization’s Certification status; Certification is decided by peer reviewers.
- Organization under review can veto any proposed peer reviewer without cause prior to final selection of the review panel.
- The peer review process is overseen by the Fellows of the Health Ethics Trust, approximately 20 leading CEOs and CCOs nationwide.
- There are two elements of the review – review of documentation constitutive of the compliance program and review of actual compliance processes during a two-day site visit.
- In some cases, Certification reviews are conducted under legal privilege, but normally the privilege is vacated after a successful review.
- The Certification Report is structured in the same way as our assessment reports, except that it is written by the reviewers. Recommendations are often more detailed and practical since they are written by working compliance professionals.
- The standards used by the reviewers are public knowledge. See Best Practice Standards for Compliance Programs: A Manual for Compliance Professionals.
- In one respect, Program Certification is less demanding than program assessment. In a program assessment, the compliance program is evaluated on a continuum ranging from below requirement to best practice. Program Certification is certification that each element of an effective program is present and functioning as intended.
- Certification is normally for a three-year period subject to a simple annual renewal. Specifically, the CCO is asked to complete a questionnaire annually to ensure that the program has not changed significantly during the certification period.
- Even if a program does not satisfy the reviewers, there is a 90-day reconciliation period so that the organization can present additional facts and make other adjustments as necessary.