Government of Canada, Privy Council Office
Français Contact Us Help Search Canada Site
What's New Site Map Other PCO Sites Publications Home
Publications

Publications

A Strategic Approach to Developing Compliance Policies

Preface

Part I:

  1. Why Compliance Policies?
  2. Compliance Strategy--Compliance Policy: What's the Difference?
  3. The Secret of the Strategy: Maximizing Leverage
  4. Think First: Do Your Homework
  5. Objectives of the Regulatory Program
  6. Rules & Design of the Program
  7. Roles and Functions of Key Authorities
  8. The Regulated Group
  9. Potential Allies
  10. Factors That Affect Compliance
  11. Pulling the Factors Together
  12. The Compliance Profile
  13. Meeting Enforcement Responsibilities
  14. Designing the Strategy
  15. Orientation of the Program
  16. Guiding Principles
  17. Promotion Activities
  18. Monitoring Activities
  19. Enforcement Activities

Part II: The Process, Step by Step

Step 1 -- Start with a Plan
Step 2 -- Set up the Project Team
Step 3 -- Work towards the Strategy
Step 4 -- Reality Check
Step 5 -- Revisit and Revise
Step 6 -- Get Policy Approval
Step 7 -- Implement the Policy
Step 8 -- Evaluate Regularly
Some Final Advice

top

Preface

This Manual owes its existence to the collective effort of many people. It is the result of knowledge distilled from many sources.

The Regulatory Compliance Project, an interdepartmental initiative led by the Department of Justice, engaged Eric Milligan of Milligan and Company Inc. to develop the initial draft of the guide and to provide advisory services as it is refined through consultations.

In developing the initial draft, Mr. Milligan was assisted by Bud Taylor of the Phillips Group of Companies Inc., who provided input on to the dynamics of change in large organizations, an essential element of any guide which hopes to influence operational realities. In addition, Nadine Levin was seconded from the Office of Enforcement at Environment to work with Mr. Milligan.

Officials from the Regulatory Compliance Project revised the initial draft of this guide after consulting with several focus groups comprised of federal and provincial enforcement officials from more than a dozen regulatory departments and agencies. The final draft is the work of Danile Tremblay-Lamer, Susan Krongold, and Lyle Fairbairn, Q.C.

Much of the raw material for this guide came from the experience gained from working with government departments and field officers and from field studies originally conducted by the forerunner of the Regulatory Compliance Project (The Federal Statutes Compliance Project 1982-86) in the areas of mining, pulp and paper, meat packing and processing, uranium production and radiography.

We learned a great deal about developing and implementing compliance policies from departments such as Environment Canada (CEPA), Labour Canada (Parts 3 and 4 of the Labour Code), Revenue Canada (GST implementation), Consumer and Corporate Affairs (Competition Act), Patent Medicine Prices Review Board, Agriculture (Pesticides) and Fisheries and Oceans. We also drew extensively from the experience of government agencies outside of Canada, particularly from the Environmental Protection Agency in the United States which has adopted a highly strategic approach to achieving regulatory compliance with scarce resources.

The Regulatory Affairs Secretariat of Treasury Board is a participant in the Regulatory Compliance Project and is publishing this guide as part of a series of Treasury Board materials on regulatory practices.

top

Part I:

Why Compliance Policies?

Your department or agency has decided that a regulatory response is the best way to deal with a problem it faces. It is now your job to secure the highest possible levels of compliance with the rules that have been or will soon be in place. This guide will provide you with a strategic approach to promoting compliance to help you meet that challenge.

In Canada, several specific factors have contributed to the need for a more consistent and effective approach to policy development:

  • Criminal sanctions alone don't always do the job.
  • Budgets are shrinking.
  • The threat of law suits.
  • The Canadian Charter of Rights and Freedoms.
The federal government has recognized that it needs to change the way it does business. Its Regulatory Reform Policy calls for departments and agencies that have justified the need for regulation to show that compliance and enforcement policies have been articulated and resources have been approved and are adequate to discharge enforcement responsibilities effectively and to ensure compliance. The government's Criminal Law Policy calls for a more strategic use of criminal sanctions.

The approach outlined in this guide focuses on what we know about the reasons people comply with the law. It teaches us to anticipate compliance problems as an integral part of planning a compliance strategy. But what really makes the approach work is that it requires input and ownership by operational personnel in the program.

There are two key reasons why some compliance policies only partially succeed. First, some programs do not carry out a comprehensive and detailed review of what they need to do to get people to comply with the law. In some cases, policies are developed that need significantly more program resources than are available.

Secondly, some departments may focus their attention on crafting the policies without fully understanding their significance or taking the necessary steps to implement the policies. One example of this is failing to properly integrate program activities that promote compliance with more severe enforcement measures. Some program managers may think that compliance policies are simply guidelines on how to catch and prosecute the members of a regulated group. The hard issues -- which activities are really effective and what portion of the program's resources should be allocated to promotion or enforcement activities -- are not seriously tackled.

Some senior managers and ministers' offices view compliance policies primarily as a public communications product -- print it up, sent it out with a press release, and the job is done. This does little to increase compliance levels and may even result in serious legal problems. If the program doesn't deliver what the policy says it will, the government runs the risk of being held negligent if someone is injured or suffers economic loss.

Sometimes managers or ministers realize that the policies may imply changes in the way a program does business, but they don't recognize the scope of change or the effort required to achieve change, nor do they choose an effective method to ensure that the change actually takes place.

top

Compliance Strategy--Compliance Policy: What's the Difference?

A compliance strategy is the end product of an in-depth analysis of how the department does business or intends to do business. This guide focuses on that in-depth analysis.

There will, of course, have to be a document of some kind produced that records the results of the analysis. It will be used to consult with program and enforcement officers and to obtain senior management approval. A department's internal strategy document should capture the thinking that program officials have done about what they have to do, what factors will influence their success, what tools they have to work with, and how they can best employ those tools to achieve compliance.

Once the major elements of a compliance strategy are approved by senior management, they become the policy of that department. The description of that approved policy, the policy document, serves two purposes: it is a general guide for day-to-day operations of enforcement officials and managers; and it explains to the regulated group, other stakeholders and the general public how a department expects to achieve compliance with a particular piece of legislation. Simply put, it says: "These are the tools available to us, and this is how we intend to use them." The policy document is distributed widely both internally and externally. By publishing a compliance policy, the government is making a commitment, both to its own personnel and to the public, that it will administer and enforce its legislation in accordance with the policy's principles.

top

The Secret of the Strategy: Maximizing Leverage

The aim of a compliance strategy should be to get the biggest possible pay-off from a program's activities and scarce resources by maximizing leverage of both the activities and the resources. For years, resources available to regulatory programs have been steadily whittled away. Even if the resource base of a program has not been reduced, chances are that any increases have not kept pace with either inflation or the demands placed on the program. A compliance strategy that maximizes the leverage of a program's activities will ensure the best use of scarce funds.

In order to better understand where the leverage for your particular regulatory program can be found, you need to be aware of the factors that affect compliance and how to use them effectively.

Think First: Do Your Homework

What do you need to know to help you to maximize the leverage of your program's activities and ensure that you get the best return for the taxpayers' money?

In developing a compliance strategy, you will have to consider the following key elements:

top

Objectives of the Regulatory Program

Determining the objectives of the regulatory scheme first will sharpen the focus of your compliance and enforcement strategy. The objectives should be clear, concise, measurable, and internally consistent. Some sources for finding a statement of the objectives of the scheme are Part III of the Main Estimates, an annual report for the program, or an old program evaluation study.

You should know whether the program has more than one objective and if any of the objectives conflict. Other broader government objectives that have an impact on your regulatory program, (eg. competitiveness or regulatory reform) may influence how you make decisions and do business in your program.

 

Rules and Design of the Program

The next step is to make sure that you have a clear understanding of the fundamental rules and basic design of the regulatory system, as reflected in the enabling legislation or the proposed legislation. You might be able to find suitable text in existing documents such as backgrounders to the legislation, pamphlets, or annual reports.

Ask yourself the following questions:

What are the most important rules that people will have to comply with?

What methods are available under the program to promote compliance? (eg. educational programs, financial incentives, technological development)?

What legislative tools are available to enforce compliance? (eg. administrative orders, enforceable agreements)

What processes are used to determine if violations of the rules have occurred and which sanctions apply (e.g. courts, tribunals)?

top

The Roles and Functions of Key Authorities

It is particularly important to know who has discretionary decision- making authority for enforcement matters under the legislation. The compliance strategy that you develop should guide their activities and decisions.

You need to pin down exactly who can do what to whom. No surprises. All the officials who perform a function in the regulatory system should be identified, including enforcement officials such as inspectors and investigators, as well as senior managers, Crown counsel, and the courts. Individual ministers and Cabinet should be included if they have powers prescribed under the enabling legislation (eg. decisions about licence conditions or suspensions).

Ask yourself the following questions:

Who has the power under the legislation to make decisions concerning enforcement responses (e.g. choosing how to respond to a violation)? What functions do they perform and what types of decision-making authority do they have under the legislation?

Who has the power under the legislation to exercise enforcement powers (e.g. conducting inspections, searches, seizures)? What functions do they perform and what types of decision-making authority do they have under the legislation?

Who has actual authority over enforcement responses (e.g. senior management or the Minister)? Where do they fit in and what do they do?

top

The Regulated Group

So far, you have set out the fundamentals of your regulatory system. Now it is time to take a closer look at the regulated community. The more you know about who they are and how they behave, the better job you will be able to do in designing effective monitoring, promotion and enforcement activities for your program.

Begin by identifying and describing the regulated interests and their activities. This should be done at several levels. If there are only a few members of the regulated group, each member can be identified individually. If there are many, try to break them down into categories. Factors to be considered for categorization include geographic location, market structure, size of firm, nature of ownership, whether the regulated group is an importer or domestic producer -- all factors which have compliance implications.

You should understand how the regulated group operates its business on a day-to-day basis. For instance, your information gathering may need to take into account established accounting systems.

Ask yourself the following questions:

What goods and services are affected?

What is the structure of the market for the goods or services? Is it highly concentrated or dominated by a few big firms?

What percentage of the market for the product is domestically produced?

How many people or corporations are there in the regulated group?

Where are the members of the regulated group located?

What size of operation do the members of the regulated group have?

Are the members of the regulated group companies, individuals, or both?

If companies, which individuals must actually comply with the rules?

If companies, are they small or large, private or public?

Are they Canadian-owned or foreign?

Do they produce the product (i.e. goods or services) themselves, or import it?

What are the physical conditions under which the goods are produced or the service is provided?

What other provincial, federal or international laws does the regulated group needs to comply with?

top

Potential Allies

Now turn your attention to the other interests affected by the regulatory program. First identify the people who benefit from the program. You may find allies there or you may not. Then look within the regulated group itself. Some of the members of the regulated group may be potential allies. Don't overlook them.

Ask yourself the following questions:

Are the rules specifically designed to benefit identifiable interests?

Who are they and where are they located?

How strong is their individual and collective interest in securing compliance?

Are they organized? Do they have resources?

What is their comparative advantage in securing compliance? Have they been, or are they likely to be, effective as a force to secure compliance?

How can you strengthen the relationship with your potential allies or gain new allies?

top

Factors That Affect Compliance

You should now have a handle on the objectives of the program and what legislative tools you have to work with. You should know something about the regulated group and the potential beneficiaries of the regulatory program.

Remember, the objective in designing a compliance strategy is to maximize the leverage of program activities on the factors that affect compliance. This means that you use your scarce resources to strengthen the naturally occurring pressures that work in favour of compliance and minimize those that work against it.

Even without a policy in place or an active enforcement program, some people will obey the law. So the mere existence of the requirements themselves will result in a base level of compliance.

There is a variety of factors that influence the ability and the willingness of people to comply with the law. These include:
  • understanding and acceptance of the objectives and rules of the regulatory program
  • enforceability of the rules
  • capability of the regulated group to comply
  • social and psychological factors
  • economic considerations
  • capability of the regulatory program to monitor, promote and enforce compliance
Many of these factors have nothing to do with the regulatory program itself, but most can be influenced by program activities carried out under a compliance strategy.

top

Pulling the Factors Together

Next, identify and assess the impact of the specific factors that can influence compliance and determine which are relevant. Remember, your objective is to maximize leverage in securing compliance. You do this by enhancing the natural incentives to comply and by minimizing the disincentives. Address each one, figuring out what you have working for you and what you have working against you.

 

The Compliance Profile

Now you can do a compliance profile. A compliance profile is simply a "map" that tells you who is obeying what.

To develop your compliance profile start with the rules. Most regulatory systems have lots of rules and the scope of activities that must be examined for compliance is very broad. Some rules may have virtually 100% compliance while others may have much lower rates.

Ask yourself: What levels of compliance are being attained for the various rules or groups of rules?

Next, differentiate by sub-categories of the regulated group (or by individuals if the group is very small). Ask yourself: To what extent is each sub-group complying with the various rules?

Now put it all together and "map out" your compliance profile. You may describe it in words, or represent it as a graph. It really doesn't matter. What is important is that you identify the problem areas.

With the compliance profile in mind, you can set your priorities for the program. To do this, you have to consider the consequences of violating the various rules. For instance, you may have low rates of compliance for several rules, but they may be relatively unimportant and not worthy of a great deal of your resources and attention. Your efforts might be better directed at more pivotal rules that actually enjoy somewhat higher rates of compliance. Remember, you can't possibly pursue everything and, in fact, it doesn't make sense to try. If you don't figure out your priorities, you will find yourself in serious trouble later on.

Ask yourself the following questions:
  • What types of violations pose the greatest risk to the program's objectives?
  • Taking account of both the frequency and the consequences of contraventions as well as who the non-compliers are, what are the most important compliance problems?

top

Meeting Enforcement Responsibilities

Before sitting down and distilling the information you have collected so far, you should be aware of some of the legal implications of what you are about to do. In a recent series of cases, courts have imposed a new legal reality on inspection and enforcement activities. The legal implications of these cases will affect the decisions you are about to make in designing a compliance strategy.

The courts have held governments responsible for the manner in which inspection and enforcement activities have been conducted in some situations where the beneficiaries of the programs suffered damage by careless enforcement. To identify what the government should have done in order to meet enforcement responsibilities, the courts have looked at accepted enforcement practices of similar regulatory programs in other jurisdictions. The courts have also made it clear that lack of resources for inspection activities will not always be accepted as a legal excuse for an enforcement program with serious flaws.

What does this mean for the strategy exercise? You should work with your legal counsel and your most knowledgeable to help determine whether you need to be concerned about legal liability in relation to your regulatory program and, if so, which activities would meet the standard of care that might be imposed by the courts.

Here are some of the questions that you will be addressing with your legal advisors:
  • Who is likely to be hurt if the program is carelessly enforced?
  • What is the nature and level of enforcement activity that would be needed to be put in place to meet a reasonable standard of care under the program?
  • Which inspection and enforcement activities, or related management practices, deviate significantly from the legal standard of care for that program?
Whatever the outcome of these discussions, you should be looking to design a strategy that will be able to detect serious cases of non- compliance and deal with those cases in a decisive, timely and appropriate way.

Designing the Strategy

top

Orientation of the Program

Now you can turn your attention to the first step in developing the strategy - finding an appropriate balance between promotion and enforcement activities. Is the emphasis to be on activities which inform people about the law and encourage compliance, or will it be on detection of violations and enforcement? Should more resources be devoted to information activities and fewer to investigations? Should you put a hold on expanding the automated enforcement information systems and put the money toward producing videos for use in public schools? Should you cut back on the number of programmed inspections and mount a major effort to promote the establishment of self audit programs in regulated firms? Should you drop the TV advertising and target more high-profile prosecutions which are certain to get a lot of (free) media attention.

The balance you strike should be founded on your assessment of the factors affecting compliance, the compliance profile of your regulated group, and how best to influence them. Always keep in mind that your objective is to maximize leverage in securing compliance. Remember, as well, that the balance may change over time as the program matures, as new rules are introduced, or existing rules or industry circumstances change.

The choice of the program's orientation will have far-reaching effects. It can influence the internal management structure of the program, human resource requirements (numbers, skills, and expertise), other resource requirements (equipment, laboratory facilities, travel budgets, communication/education budgets, money for expert witnesses) information requirements for administration of the program, even the legislative tools to be employed.

top

Guiding Principles

Keeping in mind the orientation you selected to achieve compliance, set out the basic principles that will guide the compliance-related activities of the promotion. As you elaborate the principles, you should be thinking about how you will handle promotion, monitoring and enforcement activities so that these activities will be consistent with the principles.

Remember, you will be held accountable for administering the program in accordance with the principles that you identify as important for your program.

Identify and priorize which principles will guide your regulatory program.

Promotion Activities

At this point you should identify the types of program activities that can promote compliance with the rules, that is, increase the base level of compliance. Again, the focus should be on finding activities that will strengthen the factors operating in favour of compliance and mitigating those operating against.

How can you employ promotion activities to strengthen the incentives and minimize the disincentives to compliance? Well, a good place to start is by using information effectively.

Consider information activities, since acceptance of the regulatory program's objectives can affect the level of compliance. For example, special media campaigns can be developed to increase public attention and concern about problems that are addressed through regulatory requirements (e.g. smoking, drinking and driving).

Providing basic information on regulatory requirements is an essential activity in any compliance program. Most people would agree that you can't expect somebody to obey the law if they don't know that it exists. The clarity and perceived fairness of rules are among the most important factors influencing compliance. Compliance strategies do not address and cannot correct problems with the rules. They can, however, do something to ensure that people are aware of the rules and they can, to some extent, compensate for a lack of clarity in the legislative requirements through information and education programs.

Communicating the program's policy on compliance can promote compliant behaviour. People need to know how the government will use the various tools available to it to achieve compliance with the law and what they can expect if they break the law. A properly-framed compliance policy, even if it emphasizes promotion of compliance over formal enforcement actions (as many do), will let people know that the government "means business".

top A good regulatory program will have mechanisms to communicate with members of the regulated group, those who benefit from the regulatory regime, and, often, with the general public, In a good program, communication will be a two-way exercise: Information going out will ensure that people know something about the problems addressed by the law and the policy objective being served. They will be able to judge the merits of the law and the approach taken to deal with the problems.

Information coming in, however, may be even more important, helping to inform the decision-making process as well as ongoing administrative and enforcement activities. A comprehensive approach to public communication should have as its goal public involvement in the regulatory process, rather than just the production of pamphlets, press releases, videos, and speeches. Effective communication provides an information exchange when legislation is first being developed, giving the public advance notice of impending laws and allowing for input from a broad range of interests.

A note of caution. Public communication can be an incredibly powerful tool, providing explanations, interpretations, and elaborations of regulatory provisions, but it also has the potential to cause a lot of problems for a regulatory program. It is essential that the public communication materials be carefully drafted and reviewed to avoid any conflicts or inconsistencies with formal legal requirements. This is equally the case for information made accessible to inspectors, regulated parties and the general public.

Rewarding compliant behaviour can also help achieve the objectives of the legislation. Rewards can take many forms, including recognition awards, public information campaigns, reduction of monitoring activities for good performers, or simply giving a member of the regulated group with a good record the benefit of the doubt when minor violations are discovered.

In addition, a program can offer financial incentives or support research, development and marketing of new technology, making compliance easier and less costly for people who are willing but, perhaps, unable to comply without assistance.

top

Monitoring Activities

A comprehensive compliance monitoring system to support a regulatory involves more than ensuring that the latest and greatest inspection and investigation powers are provided in the legislation. Every regulator is keenly aware of the limitations of regulatory surveillance as a tool to achieve compliance. In most areas of broad regulation, it is simply impossible for regulatory officials to be in all the right places at all the right times.

In this aspect of the strategy, you will design tracking activities. Look for leverage¢ wherever you can. For example, promotion of self- monitoring, third-party monitoring, or monitoring by other federal, provincial or municipal authorities can be a very cost-effective way to get more people paying more attention to the actions of the regulated group. With more people monitoring, more violations are more likely to be detected. If the likelihood of detection is increased, and an effective response from officials is assured, compliance should be enhanced.

The public, or committed elements of the public, can be a powerful ally in monitoring compliance with regulatory requirements. A well- designed regulatory regime must consider whether and how the public should be involved in matters such as triggering investigations and the conduct of prosecutions.

In some areas, something more than encouragement of monitoring by third-parties may be necessary. One option is "whistle blower" laws which protect employees who provide information about offenses committed by their employers. Another option is to empower groups of people to trigger an official enquiry by government officials into suspected breaches of the regulatory scheme.

Audit and inspection programs should be designed to supplement and take maximum advantage of other compliance monitoring systems that may be established. By focusing programmed inspections on high risk areas or on members of a regulated group who have poor records of compliance, the effectiveness and efficiency of a regulatory program can be increased. Of course, this type of approach cannot be fully implemented unless the program has a comprehensive management information system which collects, stores, compiles, and provides access to the necessary data.

top Ask yourself the following questions:

What is the most cost-effective way to obtain information on the general state of compliance with the rules?

Is self-monitoring a viable option? Can we rely on records retention requirements or should mandatory reporting be stipulated?

Is third-party monitoring or certification a viable option?

Would the threat of an audit be a more effective tool than regular inspections?

Are the inspection programs focused on the high priority problem areas?

Can we make any changes that will increase our monitoring "presence"?

Can we, and should we, encourage complaints and tips as a source of information on compliance? Would we be able to respond to them effectively?

Can we, and should we, provide some form of protection for "whistle-blowers"?

Do we have effective information systems to gather, compile, analyze, and distribute information on compliance?

top

Enforcement Activities

Enforcement activities, including prosecution, are an important component of most regulatory programs. Where a regulatory program is founded on a sufficiently compelling social purpose, the use of coercive methods to gain compliance will only be a marginal activity. Over the long run, a regulatory regime that relies wholly on activities which promote compliance will get into trouble. People expect that regulatory authorities will monitor the activities of the regulated group and that the law will be enforced. Members of the regulated expect that authorities will not penalize those who obey the law by not taking action against those who violate it. If this does happen, you could find an increase in non-compliance across the board. Monitoring of compliance and the ability to invoke enforcement measures is necessary to ensure the long-term effectiveness of a regulatory regime and to ensure fairness in its administration.

There is a wide range of possible enforcement responses available to regulators, most of which must be expressly authorized in the governing legislation. Possible enforcement responses include:

  • verbal or written warnings
  • tickets
  • administrative directives or orders
  • increased regulatory burden (e.g. more stringent reporting requirements, more intensive inspections, cost recovery of additional inspections)
  • administratively imposed monetary penalties
  • negotiated solutions to non-compliance enforceable by various methods (eg. performance bonds, consent orders, suspended penalties)
  • adverse publicity
  • licensing sanctions (eg. increased restrictions, short-term renewals, suspension)
  • contract listing (loss of right to government contracts)
  • other civil remedies (injunctions, more punitive fines, restitution)
  • criminal prosecution (which may also result in a wide array of possible remedial orders)
At this point in the process, you should discuss the formal information gathering mechanisms provided under the legislation (e.g. investigation powers), review the various types of enforcement responses available under the program, and generally identify the factors that will influence the choice of responses. Again, ask yourself, how can you employ enforcement activities to strengthen the incentives and minimize the disincentives to compliance? Remember, the very same factors which influence voluntary compliance under a regulatory program are also helpful in identifying pressure points for the application of effective sanctions.

top This is the point, as well, that you need to outline precisely when and how each type of enforcement response is to be used. Be aware that this exercise may result in adjustments to the strategy that you have developed so far.

Make sure that the team that actually develops detailed enforcement responses includes a large number of experienced enforcement officers. Why? Because experienced enforcement personnel will be essential to provide detail and to carry out the subsequent "reality check" of the strategy.

If field staff are involved in the process right from the start, you should not get many surprises when this detail is discussed. Of course, you will still have to cross-check the details of the strategy against your existing organization, systems, procedures, and resources, and against the attitudes and past practices of your enforcement personnel.

Criminal sanctions alone don't always do the job.

To enforce standards, Canada has historically used a criminal law model. This model sets out rules of acceptable and prohibited behaviour with criminal penalties for the prohibited behaviour. The system is based on the theory that people who might otherwise disobey the law will comply with the law to avoid the stigma of criminal proceedings. But the criminal law system was really designed to deal with more serious societal crimes, such as murder and theft, and not necessarily with such regulatory offenses as failure to provide proper protective equipment at a work site or not complying with building standards. Enforcement officers often hesitate to prosecute people for regulatory offences. Using tougher sanctions often alienates the very people whose cooperation the government needs to achieve its regulatory objectives. Courts, too, are beginning to distinguish more emphatically between "criminal" offences and "regulatory" offences and are looking to governments to treat regulatory offenses differently.

Budgets are shrinking.

top Shrinking enforcement budgets are forcing regulating departments to consider compliance activities outside of frequent inspections or criminal proceedings. Departments are being forced to choose strategies that cost less and, at the same time, result in greater compliance. They do this by considering the underlying causes of violations and finding ways to make complying with the law easier.

The threat of law suits.

Recently, the government has become increasingly exposed to civil liability for damages to third parties caused by inadequate enforcement. This is particularly true in situations where the safety and health of the public are at stake. Already substantial damages have been awarded against the Crown for losses suffered because regulators failed to take effective action to secure compliance. When the federal government establishes regulatory requirements, it usually has a legal obligation to mount a reasonably effective program to secure compliance with the requirements.

The Canadian Charter of Rights and Freedoms.

More and more, governments and public agencies are subject to monitoring by the courts, whose remedial powers have been broadened by the Charter. Unless an enforcement policy is rationally and consistently applied, the government may face challenges under the Charter based on arbitrariness, injustice or inequity.

Understanding and Accepting the Objectives and Rules

The ability and willingness of people to follow the rules can be significantly influenced by their acceptance of the underlying policy objectives. If they believe that the law is serving a valid purpose, they are more likely to comply. Understanding and accepting the rules is also critical. People can't comply with rules if they don't know about them. People can't comply with rules if they can't understand them. People won't willingly comply with rules if they think they are unfair.

An important element of any compliance strategy, therefore, is the reinforcement of the social purpose which underlying the regulatory scheme.

Understanding and accepting the regulatory processes particularly decision-making and adjudication processes, can have an impact as well. If the procedural requirements to achieve compliance (e.g. filing requirements, applications) are not known, or are very complex, people will have trouble.

top Finally, the relationship with the regulatory authorities can be an important factor. If there is a sense of partnership, or at the very least, a sense of trust, compliance will be facilitated. If members of the regulated group don't think they are being treated fairly, they will be less likely to comply with the rules.

Enforceability of the Rules

Just because you have established a regulatory requirement in law does not mean that it is enforceable. Requirements may not actually create (or connect with) an offence. They may specify a standard of conduct or attributes that are too vague. They may be so convoluted as to make it virtually impossible for anyone, including judges, to determine whether the law has been obeyed.

Where the law is unclear, you can expect compliance problems. You may have difficulty gathering sufficient evidence to prove a violation, or if you do have the evidence, you may still have problems convincing a judge that the evidence supports the conclusion that a violation has occurred. Even if the judge believes that a violation has occurred, a severe sanction is unlikely for "technical violations" or for violations of rules that are inherently unclear.

Your compliance strategy can recognize and, to some extent, compensate for problems in the enforceability of the rules. For instance, the strategy may place greater reliance on promotion and advisory activities. There is a limit, however. A compliance strategy cannot compensate for unenforceable rules if successful prosecution is a key element for securing compliance.

top Capability of the Regulated Group to Comply

Sometimes, members of a regulated group simply may not be able comply with the law, whether or not they want to. If, for instance, regulatory requirements specify standards that cannot be met through any available technology (i.e. technology forcing requirements), non- compliance by the entire regulated group is a sure bet. This is really a problem with the rules, but the compliance strategy will have to deal with it. In other cases, the standards may be achievable, but certain firms or individuals may not be able to comply because they lack resources, skills, expertise, or information. This situation may or may not indicate that there is a problem with the rules but, again, it must be addressed in the compliance strategy.

The most common response of regulators to both situations is to adopt a (usually unwritten) compliance strategy that relies on discretion in enforcement (including turning a blind-eye to violations of the law). In some cases, more formal extra-legal programs may be established which allow firms to achieve compliance in accordance with a pre- determined schedule. While such flexibility may be admirable, this really amounts to officials modifying legislative requirements established by Parliament or by Cabinet. Compliance strategies must be built on a clear-headed assessment of the extent to which compliance is possible, but problems with the regulatory requirements should be fixed in the statutes and the regulations.

Social and Psychological Factors

Take a few minutes to walk out from the trees and look at the forest. What is the social environment that the program is operating in? Compliance rates can be influenced by such things as changing mores, demographic shifts, or swings in the political climate.

Ask yourself the following questions:

How do people feel about the problems addressed by the regulatory program? Does anybody care?

What is the media saying about the problems?

What are the politicians saying about the problems?

Are there any societal changes that could affect the severity of the problems or the rates of compliance with the regulatory requirements?

Is anybody else tackling the problems in ways other than by regulations?

Are there other regulatory requirements (i.e. mandatory rules) that could affect compliance (e.g. provincial or local regulations, foreign regulations)?

Are there other non-regulatory requirements (e.g. domestic or international standards, non binding guidelines) that could affect compliance?

top Psychological factors can also have a significant influence on the willingness of people to follow rules. Among these factors would be:

  • culture and values of the community (e.g. good citizenship)
  • culture and values of the regulated group (e.g. owners, managers, and employees)
  • personal views of the regulated group about
  • whether their activities actually cause a problem
  • the severity of any possible non-monetary sanctions, including a prison term
  • the risk of detection
  • the likelihood of a swift and sure response to non-compliance
  • the likelihood and severity of non-monetary sanctions imposed by the regulated group itself (e.g. disciplinary action by managers or owners)
  • willingness to tolerate different levels of risk
  • desire for favourable image in the community (and media)
  • peer or public pressure
Economic Considerations

How might the general economic situation influence compliance? Ask yourself:

Is the economy booming, or in a slump?

Is unemployment high or low?

Are profits high or low for products used in or produced by the regulated group? Are things likely to get better or worse?

top The following economic considerations can have a significant influence on the willingness of people to follow rules:

  • effect of compliance on competitive position of the regulated group (influenced by market structure)
  • effect of compliance on competitive position of small business as against bigger business
  • effect of compliance on overhead or incremental production costs
  • personal views of the regulated group about the severity of any monetary sanctions that might be imposed under the regulatory regime when compared with the potential gains from non-compliance
  • the personal views of the regulated group about the likelihood and severity of monetary sanctions imposed by the regulated group itself (e.g. disciplinary action by managers or owners)
  • potential impact of legal liability that could be triggered by non- compliant behaviour
When assessing the social and economic aspects, place the primary emphasis on the communities affected by the regulatory programs. Knowledge about which members of the regulated group are operating under significant business risks can be an important factor in targeting inspection activity.

Part II:

The Process, Step by Step

top

Step 1 - Start with a Plan

Developing a compliance strategy will require substantial staff time, travel, printing, and expense. Good project planning can help keep these costs under control and can help ensure that the work progresses in an orderly and expeditious fashion.

A good plan will guide you through the project from beginning to end. It will let senior management know where they fit in and how much time they will have to do their part. It will let the Department of Justice and other departments know when they will be involved. It will help explain to program personnel what is going on and where they fit in. It will allow managers to plan for the time and resources that will be needed to prepare the compliance strategy.

The most common method for developing policies in government-- senior management prepares a draft strategy and then communicates it to the rest of the program--is not the best approach for developing compliance strategies. Instead, the best approach is probably one that relies predominantly on the skills and practical enforcement experience of line personnel, with senior management input at critical points. For instance, early involvement by senior management is particularly important, especially in determining the general orientation and the guiding of principles of the strategy.

Remember that a compliance policy guides the everyday decisions of program managers and enforcement officials. It has to be grounded in reality and must reflect a good understanding of practical enforcement experience. It also has to contain principles that enforcement officials such as field inspectors actually agree with. If these officials do not believe in the policy, if it does not coincide with the common wisdom in the program about how best to achieve compliance, it will not work. Not only should line managers and field personnel should be fully involved in the preparation of the strategy, they must take ownership of it.

If you develop a strategy that requires officials to deal with members of the regulated group in a way that is inconsistent with the officials' perceptions, or if you focus on problems that your official do not believe are important, you will either have a misaligned strategy or a requirement for major cultural change among managers and enforcement officials.

One danger in developing a compliance strategy is that the policy principles developed by the project team may not be acceptable to senior management. However, senior management may, in fact, be in a better position to gauge whether the approach is likely to gain the minister's approval, or is consistent with other policy positions within the department or across the government. The project plan prepared for the development of a compliance strategy must build in points for periodic senior management review, and the very first thing that should be reviewed and approved is the work schedule itself.

Once you have decided on an approach, project planning for development of a compliance strategy should be relatively simple. The first step is to identify the tasks have to be performed during the project and the sequence in which they should occur. Key milestones for the project should be specified (e.g. strategy discussions, drafting the strategy, strategy approval) and deadlines set for them. The plan should provide for senior management review of the draft materials at regular intervals, distribution and review of drafts by the field, legal review by Department of Justice advisors, professional editing, and translation.

top

Step 2 - Set up the Project Team

Getting the right people for a compliance strategy project team is critical to the success or failure of the work. Based on the experience gained through developing compliance policies, the following make-up is recommended:

A team leader who has sufficient experience and stature in the department to warrant the respect of the other team members but who will not attempt to dominate the discussions or impose personal views on the team. The team leader guides and facilitates the development of the strategy, dictating content only when necessary to break logjams or bring the text into conformity with senior management or Department of Justice requirements. The team leader should have clear instructions from, enjoy the confidence of, and have ready access to senior management.

A head writer/editor whose job is to record the results of the strategy development process and to produce the policy document from that record. This position is far more important than that of a recording secretary -- the head writer should be a person who could have participated in developing the content of the strategy, but who has the primary responsibility for writing and editing instead. The person should have good communication skills.

A selection of headquarters staff who have working experience with compliance/enforcement activities. Individuals with a policy and legislative development background are good candidates, but people with experience in other areas such as education or information, laboratory services, technical support services, should also be considered. If possible, the headquarters representatives should have some field experience or at least some experience working with field personnel on enforcement matters.

Strong representation from the field is critical to the success of the project team. If possible, one representative from each region should be assigned so that any regional differences in compliance/enforcement activities will be accommodated. The field staff will be relied on to ensure that the strategy is grounded in reality. The primary qualification, therefore, is hands-on experience with inspection and where appropriate, investigation activities.

Experienced enforcement officers will be invaluable when the project team selects the criteria for the enforcement tools and determines which enforcement tools will work best in achieving compliance in the shortest time possible with no recurrence of violation. Enforcement officers, especially those in the field, are closest to the action. To them achieving compliance and enforcing the law are not theoretical exercises. They do it every day.

A lawyer from the department's Legal Services Unit should be assigned to the team to provide legal advice and act as a link between the team, the Legal Services Unit, and Justice headquarters. The lawyer will provide critical advice on minimum enforcement standards which the courts may require in some areas of regulation.

top

Step 3 - Work Towards The Strategy

As a first step, the team should review existing documents such as the legislation, operational plans, program manuals or other documents that will provide the guiding principles of the strategy, the list of responsible authorities from the Minister on down, a description of available promotional tools.

Then, work through the elements of the strategy as set out in this guide. Be careful not to let the exercise slip into a search for a set of words that the team members can all agree on, and don't hold out for perfection. Deal with the ideas and the substance of the strategy, and less with the manner of expression.

 

Step 4 - Reality Check

Once you have a draft outlining the strategy, conduct a reality check by reviewing your existing organization, systems, procedures and resources against each element of the strategy. Is there a good match? Do you have what it will take to make the strategy work? What more will be required? Can you get it, and in time? Will it meet minimum enforcement standards?

As part of your reality check, be sure to share your strategy ideas with program officials and enforcement officers who were not part of the strategy team. In an appropriate case, as well, you might want to consult on an informal basis with members of the regulated group through consultative committees or technical advisory groups.

Ask yourself the following questions: Does the program have this function now?

Is it being used to the extent required by the strategy?

How much more will it cost to carry out this function?

Can the existing staff handle any increase in compliance-related activities?

Does the program have the right kind of people in sufficient numbers to carry out the functions? Are they in the right places? Can existing staff be trained and are they sufficiently adaptable to handle a changing role?

Is the organization structure of the program appropriate to manage and deliver the functions required by the strategy?

Are the financial, administrative and informatics support systems of the program sufficient for the new strategy?

Be honest and be flexible. Perfection is an unrealistic goal. Although it might be ideal to have all enforcement personnel fully trained, it might be more realistic and almost as effective to establish a unit of experienced specialist investigators who could handle the most serious cases. Massive public advertising campaigns might be a wonderful way to promote compliance, but are likely to be beyond the reach of most regulatory programs. Sophisticated, portable equipment for on-site analysis of samples might significantly increase the efficiency of inspection activities, but the greater need might be for a computer system to track the record of compliance for a regulated group on a regional and national basis.

The greater the shift in approach implied by the draft compliance strategy, the more critical the need for a thorough reality check. Don't try to duck the tough questions. If, for example, a new orientation will take more people or money to implement than is currently assigned to the regulatory program, you have a problem. Adjust your strategy or find new resources.

Make sure that you consider minimum enforcement responsibilities as part of your reality check. Being unrealistic here can have very serious legal consequences. You have an obligation to alert senior management to any problems associated with meeting your responsibilities for effective enforcement.

top

Step 5 - Revisit and Revise

Once you have completed your reality check, you should adjust the strategy as required. Modify each element that isn't workable or achievable in the real world. But remember, if you adjust one area of activity, you may have to compensate by modifying others as well. For instance, if the total resources required to carry out the strategy are simply beyond reach, you will have to cut down everywhere. Furthermore, the cuts won't likely be evenly spread. Some functions, such as enforcement activities, are inherently costly and must be maintained at a minimum level to ensure viability and credibility of the program as a whole. This means that other functions such as promotion and monitoring might have to be cut proportionately more even in cases where the strategy calls for primary reliance on promotion techniques.

Finding a workable compliance strategy will be an iterative process. You may have to repeat this loop several times before you have a strategy that is ready for final approval.

 

Step 6 - Get Policy Approval

Before you can implement the strategy, you must get final approval. The strategy that is submitted to senior management for approval should contain the summary of the groundwork done by the strategy team, with enough background material to explain how and why the team arrived its recommendations.

top

Step 7 - Implement the Policy

Obviously, a department's work does not end when it has received policy approval. The policy must be implemented.

Developing and implementing a compliance strategy are simply two phases of a single, continuous process. Perhaps the most important thing to remember is that the approach taken in developing the strategy will significantly influence the success in implementing any changes that may be required. Some changes in a regulatory program are almost inevitable after a compliance strategy has been developed because better, more effective, more efficient, legally sound ways of doing things will probably have been identified.

Draft the Policy Document

Prepare a Detailed Implementation Plan

A Note About Human Dynamics

Private Sector Review

top

Step 8 - Evaluate Regularly

Compliance policies are never written in stone. Their underlying strategies should be evaluated regularly for effectiveness and may have to be fine tuned from time to time due to intervening factors: new legislation, a major regulatory review, budget cut backs, new enforcement priorities, unanticipated difficulty in dealing with significant non-compliers, and public reaction to existing practices.

One federal department routinely discusses and reviews its compliance and enforcement practices at an annual industry association meeting. It is not uncommon for some of the best suggestions for improving compliance and enforcement practices to come from within a regulated group.

While there is much yet to be learned about how to evaluate the effectiveness of a compliance and enforcement program, you should start by asking the following are questions:

Are the compliance rates going up or down? Are there any trends within the regulated group that should be taken into account?

What progress has been made in making known offenders comply?

How timely has the follow through on cases been? Have the enforcement responses been appropriate to the cases?

Have the number and quality of inspections been adequate to give the impression that there is a credible likelihood of detection?

Would the treat of an audit be a stronger enforcement tool?

What are the results of impact studies of the regulatory program?

Have there been any complaints or actions against the department for careless enforcement?

top

Some Final Advice

Rule #1: Don't make promises you can't keep.

It's better not to have a compliance policy at all than to have one that can't possibly work. If a delivery program cannot be designed to implement the policy then, sooner or later, the policy, the department, and perhaps the minister could be discredited. If the program area is important enough, the Government as a whole could be pressured for failing to meet expectations.

Rule #2: Don't make "never-to-be-broken" rules.

Try not to be rigid in your thinking about how things should be done. Above all, don't expect to find the perfect match between the strategy and the program design in the first attempt. To successfully design a delivery program, you have to go through an iterative process of adjusting the compliance in view of the resources and the organization and administrative infrastructure available.

It is likely that you will not achieve complete implementation through your initial plan, particularly where the program adjustments will be significant. Past shows that implementation is achieved through successive approximations of the desired outcome.

Rule #3: Be realistic.

To get, and keep, the commitment you will have to make trade-offs between the ideal strategy and the constraints imposed by the available resources and delivery system. If you can't get a satisfactory commitment, you should consider either modifying the compliance strategy or changing the expectations for compliance.

For example, if your program does not have sufficient enforcement resources across the country it may be necessary to rely more on promotion activities such as information programs and self-audits than on inspections and investigations in the early stages of implementation. This reliance on a "softer" strategy might extend the timeframe required to gain the desired level of compliance with the legislation. As more trained enforcement personnel become available and the necessary support systems are established, the program could shift to your optimal strategy which would place comparatively greater emphasis on enforcement activities.

At this stage it is not critical that all of these programming concerns are in balance with the chosen strategy. What is important is that there is commitment to make the balance as implementation proceeds. Usually this means finding resources and adapting organization structures and the support infrastructure of the department. This commitment must come from senior departmental management, central agencies, and the political level.

top

Big Change, Small Change

It is one thing to prepare a compliance strategy and obtain approval for it at the senior management and political levels. It is quite another to see it fully and successfully implemented, particularly if the strategy implies significant changes in programs. The approach you take in implementing the strategy should be determined largely by the degree of change and the way in which the strategy was developed.

Scenario 1

Your program is operating well with reasonably up-to-date legislation, an adequate resource base, and a mix of enforcement and promotion activities that seem to bring acceptable levels of compliance. There are no indications of inequitable treatment. Senior management decides that enlightened public administration and the continuing pursuit of excellence calls for the establishment of a compliance policy. The policy isn't supposed to change anything; it is simply intended to reflect current operating practice. You gather a small group of headquarters officers, prepare a draft policy, shop it around to field staff, and submit it to senior management for review and approval. What do you do once it is approved with the usual minor adjustments?

In this case, implementation of the compliance policy is a simple matter. You distribute copies internally and externally, hold briefing sessions for staff, ensure that it is covered in training programs for new employees. send a copy to your favourite Department of Justice lawyers. No big deal.

top Scenario 2

Your program is in serious trouble or is headed that way. It's amazing that it hasn't hit the front page of The Globe and Mail. You live in fear that your minister will be put on the spot in Question Period.

You're out of date. Your legislation hasn't been changed significantly in 20 years and the Department of Justice tells you that your investigatory powers probably wouldn't survive a Charter challenge. Your offenses are so vaguely worded that even you don't really know what they mean and the only penalties available could be paid out of petty cash,

Your hands are tied. The number of "customers" you are supposed to be looking after has mushroomed by 150% over the last three years, but successive rounds of hiring restraints and budget cuts have reduced your resource base by 75%. The latest cutbacks ordered by Treasury Board have reduced your PY complement by a further 22%. You aren't sure you are going to make this work in the next fiscal year. Unless something changes, you won't be able to meet your statutory obligations in relation to the program.

You're flying blind. Due to the budget cuts over the last three years, you weren't able to install the automated case file management system that you paid a consultant $75,000 to design five years ago. You've probably got over 200 different legal requirements in your Act and Regulations and you have no idea what the level of compliance is for any of them. You haven't been sued yet, but you know that the enforcement approaches of the field staff differ widely from region to region. You tried to gather the information manually, but the field staff said that they were too busy.

You decide that the only choices are to find a job in the private sector or to find a new way of delivering the program. Senior management decides that enlightened public administration and the continuing pursuit of excellence calls for the establishment of a compliance policy. The policy is supposed to lay out a new approach - one that will work.

You prepare a project plan, consult experts throughout the Department, enlist the aid of the Department of Justice Regulatory Compliance Project, assemble a small group of headquarters and regional staff, carefully review how you do business now, and reach a consensus on how you would do it in the future. You capture the essence of the new program strategy in a draft compliance policy, consult widely and frequently with field staff, and provide it to senior management for review and approval. It is approved with the usual minor adjustments. Now what?

In this case, implementation of the compliance strategy is a major undertaking -- a multi-year affair. You're going to have to look at everything: basic organization and staffing levels, budgets, accommodation, job descriptions, computerized information systems, laboratory services, forms design, public communications materials, training programs, recruitment strategies, and security arrangements.

It's going to be hell. Stress. Late nights, weekend work, no vacations. But if you pull this off, it could be good for your career.

Most likely, your situation will be somewhere between these two extremes.

top  


Last Modified: 1992-10-01  Important Notices