A Strategic Approach to Developing Compliance Policies
Part I:
- Why Compliance Policies?
- Compliance Strategy--Compliance Policy: What's the
Difference?
- The Secret of the Strategy: Maximizing Leverage
- Think First: Do Your Homework
- Objectives of the Regulatory Program
- Rules & Design of the Program
- Roles and Functions of Key Authorities
- The Regulated Group
- Potential Allies
- Factors That Affect Compliance
- Pulling the Factors Together
- The Compliance Profile
- Meeting Enforcement Responsibilities
- Designing the Strategy
- Orientation of the Program
- Guiding Principles
- Promotion Activities
- Monitoring Activities
- Enforcement Activities
Part II: The Process, Step by Step
Step 1 -- Start with a Plan
Step 2 -- Set up the Project Team
Step 3 -- Work towards the Strategy
Step 4 -- Reality Check
Step 5 -- Revisit and Revise
Step 6 -- Get Policy Approval
Step 7 -- Implement the Policy
Step 8 -- Evaluate Regularly
Some Final Advice
Preface
This Manual owes its existence to the collective effort of many people. It is
the result of knowledge distilled from many sources.
The Regulatory Compliance Project, an interdepartmental initiative led by the
Department of Justice, engaged Eric Milligan of Milligan and Company Inc. to
develop the initial draft of the guide and to provide advisory services as it is
refined through consultations.
In developing the initial draft, Mr. Milligan was assisted by Bud Taylor of the
Phillips Group of Companies Inc., who provided input on to the dynamics of
change in large organizations, an essential element of any guide which hopes to
influence operational realities. In addition, Nadine Levin was seconded from the
Office of Enforcement at Environment to work with Mr. Milligan.
Officials from the Regulatory Compliance Project revised the initial draft of
this guide after consulting with several focus groups comprised of federal and
provincial enforcement officials from more than a dozen regulatory departments
and agencies. The final draft is the work of Danile Tremblay-Lamer, Susan
Krongold, and Lyle Fairbairn, Q.C.
Much of the raw material for this guide came from the experience gained from
working with government departments and field officers and from field studies
originally conducted by the forerunner of the Regulatory Compliance Project (The
Federal Statutes Compliance Project 1982-86) in the areas of mining, pulp and
paper, meat packing and processing, uranium production and radiography.
We learned a great deal about developing and implementing compliance policies
from departments such as Environment Canada (CEPA), Labour Canada (Parts 3 and 4
of the Labour Code), Revenue Canada (GST implementation), Consumer and Corporate
Affairs (Competition Act), Patent Medicine Prices Review Board, Agriculture
(Pesticides) and Fisheries and Oceans. We also drew extensively from the
experience of government agencies outside of Canada, particularly from the
Environmental Protection Agency in the United States which has adopted a highly
strategic approach to achieving regulatory compliance with scarce resources.
The Regulatory Affairs Secretariat of Treasury Board is a participant in the
Regulatory Compliance Project and is publishing this guide as part of a series
of Treasury Board materials on regulatory practices.
Part I:
Why Compliance Policies?
Your department or agency has decided that a regulatory response is the best way
to deal with a problem it faces. It is now your job to secure the highest
possible levels of compliance with the rules that have been or will soon be in
place. This guide will provide you with a strategic approach to promoting
compliance to help you meet that challenge.
In Canada, several specific factors have contributed to the need for a more
consistent and effective approach to policy development:
- Criminal sanctions alone don't always do the job.
- Budgets are shrinking.
- The threat of law suits.
- The Canadian Charter of Rights and Freedoms.
The federal government has recognized that it needs to change the way it does
business. Its Regulatory Reform Policy calls for departments and agencies that
have justified the need for regulation to show that compliance and enforcement
policies have been articulated and resources have been approved and are adequate
to discharge enforcement responsibilities effectively and to ensure compliance.
The government's Criminal Law Policy calls for a more strategic use of criminal
sanctions.
The approach outlined in this guide focuses on what we know about the reasons
people comply with the law. It teaches us to anticipate compliance problems as
an integral part of planning a compliance strategy. But what really makes the
approach work is that it requires input and ownership by operational personnel
in the program.
There are two key reasons why some compliance policies only partially succeed.
First, some programs do not carry out a comprehensive and detailed review of
what they need to do to get people to comply with the law. In some cases,
policies are developed that need significantly more program resources than are
available.
Secondly, some departments may focus their attention on crafting the policies
without fully understanding their significance or taking the necessary steps to
implement the policies. One example of this is failing to properly integrate
program activities that promote compliance with more severe enforcement
measures. Some program managers may think that compliance policies are simply
guidelines on how to catch and prosecute the members of a regulated group. The
hard issues -- which activities are really effective and what portion of the
program's resources should be allocated to promotion or enforcement activities
-- are not seriously tackled.
Some senior managers and ministers' offices view compliance policies primarily
as a public communications product -- print it up, sent it out with a press
release, and the job is done. This does little to increase compliance levels and
may even result in serious legal problems. If the program doesn't deliver what
the policy says it will, the government runs the risk of being held negligent if
someone is injured or suffers economic loss.
Sometimes managers or ministers realize that the policies may imply changes
in the way a program does business, but they don't recognize the scope of change
or the effort required to achieve change, nor do they choose an effective method
to ensure that the change actually takes place.
Compliance Strategy--Compliance Policy: What's the
Difference?
A compliance strategy is the end product of an in-depth analysis of how the
department does business or intends to do business. This guide focuses on that
in-depth analysis.
There will, of course, have to be a document of some kind produced that
records the results of the analysis. It will be used to consult with program and
enforcement officers and to obtain senior management approval. A department's
internal strategy document should capture the thinking that program officials
have done about what they have to do, what factors will influence their success,
what tools they have to work with, and how they can best employ those tools to
achieve compliance.
Once the major elements of a compliance strategy are approved by senior
management, they become the policy of that department. The description of that
approved policy, the policy document, serves two purposes: it is a general guide
for day-to-day operations of enforcement officials and managers; and it explains
to the regulated group, other stakeholders and the general public how a
department expects to achieve compliance with a particular piece of legislation.
Simply put, it says: "These are the tools available to us, and this is
how we intend to use them." The policy document is distributed widely
both internally and externally. By publishing a compliance policy, the
government is making a commitment, both to its own personnel and to the public,
that it will administer and enforce its legislation in accordance with the
policy's principles.
The Secret of the Strategy: Maximizing Leverage
The aim of a compliance strategy should be to get the biggest possible pay-off
from a program's activities and scarce resources by maximizing leverage of both
the activities and the resources. For years, resources available to regulatory
programs have been steadily whittled away. Even if the resource base of a
program has not been reduced, chances are that any increases have not kept pace
with either inflation or the demands placed on the program. A compliance
strategy that maximizes the leverage of a program's activities will ensure the
best use of scarce funds.
In order to better understand where the leverage for your particular
regulatory program can be found, you need to be aware of the factors that affect
compliance and how to use them effectively.
Think First: Do Your Homework
What do you need to know to help you to maximize the leverage of your program's
activities and ensure that you get the best return for the taxpayers' money?
In developing a compliance strategy, you will have to consider the following
key elements:
Objectives of the Regulatory Program
Determining the objectives of the regulatory scheme first will sharpen the
focus of your compliance and enforcement strategy. The objectives should be
clear, concise, measurable, and internally consistent. Some sources for finding
a statement of the objectives of the scheme are Part III of the Main Estimates,
an annual report for the program, or an old program evaluation study.
You should know whether the program has more than one objective and if any of
the objectives conflict. Other broader government objectives that have an impact
on your regulatory program, (eg. competitiveness or regulatory reform) may
influence how you make decisions and do business in your program.
Rules and Design of the Program
The next step is to make sure that you have a clear understanding of the
fundamental rules and basic design of the regulatory system, as reflected in the
enabling legislation or the proposed legislation. You might be able to find
suitable text in existing documents such as backgrounders to the legislation,
pamphlets, or annual reports.
Ask yourself the following questions:
What are the most important rules that people will have to comply with?
What methods are available under the program to promote compliance? (eg.
educational programs, financial incentives, technological development)?
What legislative tools are available to enforce compliance? (eg.
administrative orders, enforceable agreements)
What processes are used to determine if violations of the rules have
occurred and which sanctions apply (e.g. courts, tribunals)?
The Roles and Functions of Key Authorities
It is particularly important to know who has discretionary decision- making
authority for enforcement matters under the legislation. The compliance strategy
that you develop should guide their activities and decisions.
You need to pin down exactly who can do what to whom. No surprises. All the
officials who perform a function in the regulatory system should be identified,
including enforcement officials such as inspectors and investigators, as well as
senior managers, Crown counsel, and the courts. Individual ministers and Cabinet
should be included if they have powers prescribed under the enabling legislation
(eg. decisions about licence conditions or suspensions).
Ask yourself the following questions:
Who has the power under the legislation to make decisions concerning
enforcement responses (e.g. choosing how to respond to a violation)? What
functions do they perform and what types of decision-making authority do they
have under the legislation?
Who has the power under the legislation to exercise enforcement powers
(e.g. conducting inspections, searches, seizures)? What functions do they
perform and what types of decision-making authority do they have under the
legislation?
Who has actual authority over enforcement responses (e.g. senior management
or the Minister)? Where do they fit in and what do they do?
The Regulated Group
So far, you have set out the fundamentals of your regulatory system. Now it is
time to take a closer look at the regulated community. The more you know about
who they are and how they behave, the better job you will be able to do in
designing effective monitoring, promotion and enforcement activities for your
program.
Begin by identifying and describing the regulated interests and their
activities. This should be done at several levels. If there are only a few
members of the regulated group, each member can be identified individually. If
there are many, try to break them down into categories. Factors to be considered
for categorization include geographic location, market structure, size of firm,
nature of ownership, whether the regulated group is an importer or domestic
producer -- all factors which have compliance implications.
You should understand how the regulated group operates its business on a
day-to-day basis. For instance, your information gathering may need to take into
account established accounting systems.
Ask yourself the following questions:
What goods and services are affected?
What is the structure of the market for the goods or services? Is it
highly concentrated or dominated by a few big firms?
What percentage of the market for the product is domestically produced?
How many people or corporations are there in the regulated group?
Where are the members of the regulated group located?
What size of operation do the members of the regulated group have?
Are the members of the regulated group companies, individuals, or both?
If companies, which individuals must actually comply with the rules?
If companies, are they small or large, private or public?
Are they Canadian-owned or foreign?
Do they produce the product (i.e. goods or services) themselves, or import
it?
What are the physical conditions under which the goods are produced or the
service is provided?
What other provincial, federal or international laws does the regulated group
needs to comply with?
Potential Allies
Now turn your attention to the other interests affected by the regulatory
program. First identify the people who benefit from the program. You may find
allies there or you may not. Then look within the regulated group itself. Some
of the members of the regulated group may be potential allies. Don't overlook
them.
Ask yourself the following questions:
Are the rules specifically designed to benefit identifiable interests?
Who are they and where are they located?
How strong is their individual and collective interest in securing
compliance?
Are they organized? Do they have resources?
What is their comparative advantage in securing compliance? Have they been,
or are they likely to be, effective as a force to secure compliance?
How can you strengthen the relationship with your potential allies or gain
new allies?
Factors That Affect Compliance
You should now have a handle on the objectives of the program and what
legislative tools you have to work with. You should know something about the
regulated group and the potential beneficiaries of the regulatory program.
Remember, the objective in designing a compliance strategy is to maximize the
leverage of program activities on the factors that affect compliance. This means
that you use your scarce resources to strengthen the naturally occurring
pressures that work in favour of compliance and minimize those that work against
it.
Even without a policy in place or an active enforcement program, some people
will obey the law. So the mere existence of the requirements themselves will
result in a base level of compliance.
There is a variety of factors that influence the ability and the willingness of
people to comply with the law. These include:
- understanding and acceptance of the objectives and rules of the
regulatory program
- enforceability of the rules
- capability of the regulated group to comply
- social and psychological factors
- economic considerations
- capability of the regulatory program to monitor, promote and enforce
compliance
Many of these factors have nothing to do with the regulatory program itself, but
most can be influenced by program activities carried out under a compliance
strategy.
Pulling the Factors Together
Next, identify and assess the impact of the specific factors that can influence
compliance and determine which are relevant. Remember, your objective is to
maximize leverage in securing compliance. You do this by enhancing the natural
incentives to comply and by minimizing the disincentives. Address each one,
figuring out what you have working for you and what you have working against
you.
The Compliance Profile
Now you can do a compliance profile. A compliance profile is simply a
"map" that tells you who is obeying what.
To develop your compliance profile start with the rules. Most regulatory
systems have lots of rules and the scope of activities that must be examined for
compliance is very broad. Some rules may have virtually 100% compliance while
others may have much lower rates.
Ask yourself: What levels of compliance are being attained for the various rules
or groups of rules?
Next, differentiate by sub-categories of the regulated group (or by
individuals if the group is very small). Ask yourself: To what extent is each
sub-group complying with the various rules?
Now put it all together and "map out" your compliance profile. You may
describe it in words, or represent it as a graph. It really doesn't matter. What
is important is that you identify the problem areas.
With the compliance profile in mind, you can set your priorities for the
program. To do this, you have to consider the consequences of violating the
various rules. For instance, you may have low rates of compliance for several
rules, but they may be relatively unimportant and not worthy of a great deal of
your resources and attention. Your efforts might be better directed at more
pivotal rules that actually enjoy somewhat higher rates of compliance. Remember,
you can't possibly pursue everything and, in fact, it doesn't make sense to try.
If you don't figure out your priorities, you will find yourself in serious
trouble later on.
Ask yourself the following questions:
- What types of violations pose the greatest risk to the program's
objectives?
- Taking account of both the frequency and the consequences of
contraventions as well as who the non-compliers are, what are the most
important compliance problems?
Meeting Enforcement Responsibilities
Before sitting down and distilling the information you have collected so far,
you should be aware of some of the legal implications of what you are about to
do. In a recent series of cases, courts have imposed a new legal reality on
inspection and enforcement activities. The legal implications of these cases
will affect the decisions you are about to make in designing a compliance
strategy.
The courts have held governments responsible for the manner in which inspection
and enforcement activities have been conducted in some situations where the
beneficiaries of the programs suffered damage by careless enforcement. To
identify what the government should have done in order to meet enforcement
responsibilities, the courts have looked at accepted enforcement practices of
similar regulatory programs in other jurisdictions. The courts have also made it
clear that lack of resources for inspection activities will not always be
accepted as a legal excuse for an enforcement program with serious flaws.
What does this mean for the strategy exercise? You should work with your
legal counsel and your most knowledgeable to help determine whether you need to
be concerned about legal liability in relation to your regulatory program and,
if so, which activities would meet the standard of care that might be imposed by
the courts.
Here are some of the questions that you will be addressing with your legal
advisors:
- Who is likely to be hurt if the program is carelessly enforced?
- What is the nature and level of enforcement activity that would be
needed to be put in place to meet a reasonable standard of care under
the program?
- Which inspection and enforcement activities, or related management
practices, deviate significantly from the legal standard of care for
that program?
Whatever the outcome of these discussions, you should be looking to design a
strategy that will be able to detect serious cases of non- compliance and deal
with those cases in a decisive, timely and appropriate way.
Designing the Strategy
Orientation of the Program
Now you can turn your attention to the first step in developing the strategy
- finding an appropriate balance between promotion and enforcement activities.
Is the emphasis to be on activities which inform people about the law and
encourage compliance, or will it be on detection of violations and enforcement?
Should more resources be devoted to information activities and fewer to
investigations? Should you put a hold on expanding the automated enforcement
information systems and put the money toward producing videos for use in public
schools? Should you cut back on the number of programmed inspections and mount a
major effort to promote the establishment of self audit programs in regulated
firms? Should you drop the TV advertising and target more high-profile
prosecutions which are certain to get a lot of (free) media attention.
The balance you strike should be founded on your assessment of the factors
affecting compliance, the compliance profile of your regulated group, and how
best to influence them. Always keep in mind that your objective is to maximize
leverage in securing compliance. Remember, as well, that the balance may change
over time as the program matures, as new rules are introduced, or existing rules
or industry circumstances change.
The choice of the program's orientation will have far-reaching effects. It
can influence the internal management structure of the program, human resource
requirements (numbers, skills, and expertise), other resource requirements
(equipment, laboratory facilities, travel budgets, communication/education
budgets, money for expert witnesses) information requirements for administration
of the program, even the legislative tools to be employed.
Guiding Principles
Keeping in mind the orientation you selected to achieve compliance, set out
the basic principles that will guide the compliance-related activities of the
promotion. As you elaborate the principles, you should be thinking about how you
will handle promotion, monitoring and enforcement activities so that these
activities will be consistent with the principles.
Remember, you will be held accountable for administering the program in
accordance with the principles that you identify as important for your program.
Identify and priorize which principles will guide your regulatory program.
Promotion Activities
At this point you should identify the types of program activities that can
promote compliance with the rules, that is, increase the base level of
compliance. Again, the focus should be on finding activities that will
strengthen the factors operating in favour of compliance and mitigating those
operating against.
How can you employ promotion activities to strengthen the incentives and
minimize the disincentives to compliance? Well, a good place to start is by
using information effectively.
Consider information activities, since acceptance of the regulatory program's
objectives can affect the level of compliance. For example, special media
campaigns can be developed to increase public attention and concern about
problems that are addressed through regulatory requirements (e.g. smoking,
drinking and driving).
Providing basic information on regulatory requirements is an essential activity
in any compliance program. Most people would agree that you can't expect
somebody to obey the law if they don't know that it exists. The clarity and
perceived fairness of rules are among the most important factors influencing
compliance. Compliance strategies do not address and cannot correct problems
with the rules. They can, however, do something to ensure that people are aware
of the rules and they can, to some extent, compensate for a lack of clarity in
the legislative requirements through information and education programs.
Communicating the program's policy on compliance can promote compliant
behaviour. People need to know how the government will use the various tools
available to it to achieve compliance with the law and what they can expect if
they break the law. A properly-framed compliance policy, even if it emphasizes
promotion of compliance over formal enforcement actions (as many do), will let
people know that the government "means business".
A good regulatory program will have mechanisms to
communicate with members of the regulated group, those who benefit from the
regulatory regime, and, often, with the general public, In a good program,
communication will be a two-way exercise: Information going out will ensure that
people know something about the problems addressed by the law and the policy
objective being served. They will be able to judge the merits of the law and the
approach taken to deal with the problems.
Information coming in, however, may be even more important, helping to inform
the decision-making process as well as ongoing administrative and enforcement
activities. A comprehensive approach to public communication should have as its
goal public involvement in the regulatory process, rather than just the
production of pamphlets, press releases, videos, and speeches. Effective
communication provides an information exchange when legislation is first being
developed, giving the public advance notice of impending laws and allowing for
input from a broad range of interests.
A note of caution. Public communication can be an incredibly powerful tool,
providing explanations, interpretations, and elaborations of regulatory
provisions, but it also has the potential to cause a lot of problems for a
regulatory program. It is essential that the public communication materials be
carefully drafted and reviewed to avoid any conflicts or inconsistencies with
formal legal requirements. This is equally the case for information made
accessible to inspectors, regulated parties and the general public.
Rewarding compliant behaviour can also help achieve the objectives of the
legislation. Rewards can take many forms, including recognition awards, public
information campaigns, reduction of monitoring activities for good performers,
or simply giving a member of the regulated group with a good record the benefit
of the doubt when minor violations are discovered.
In addition, a program can offer financial incentives or support research,
development and marketing of new technology, making compliance easier and less
costly for people who are willing but, perhaps, unable to comply without
assistance.
Monitoring Activities
A comprehensive compliance monitoring system to support a regulatory involves
more than ensuring that the latest and greatest inspection and investigation
powers are provided in the legislation. Every regulator is keenly aware of the
limitations of regulatory surveillance as a tool to achieve compliance. In most
areas of broad regulation, it is simply impossible for regulatory officials to
be in all the right places at all the right times.
In this aspect of the strategy, you will design tracking activities. Look for
leverage¢ wherever you can. For example, promotion of self- monitoring,
third-party monitoring, or monitoring by other federal, provincial or municipal
authorities can be a very cost-effective way to get more people paying more
attention to the actions of the regulated group. With more people monitoring,
more violations are more likely to be detected. If the likelihood of detection
is increased, and an effective response from officials is assured, compliance
should be enhanced.
The public, or committed elements of the public, can be a powerful ally in
monitoring compliance with regulatory requirements. A well- designed regulatory
regime must consider whether and how the public should be involved in matters
such as triggering investigations and the conduct of prosecutions.
In some areas, something more than encouragement of monitoring by
third-parties may be necessary. One option is "whistle blower" laws
which protect employees who provide information about offenses committed by
their employers. Another option is to empower groups of people to trigger an
official enquiry by government officials into suspected breaches of the
regulatory scheme.
Audit and inspection programs should be designed to supplement and take maximum
advantage of other compliance monitoring systems that may be established. By
focusing programmed inspections on high risk areas or on members of a regulated
group who have poor records of compliance, the effectiveness and efficiency of a
regulatory program can be increased. Of course, this type of approach cannot be
fully implemented unless the program has a comprehensive management information
system which collects, stores, compiles, and provides access to the necessary
data.
Ask yourself the following questions:
What is the most cost-effective way to obtain information on the general
state of compliance with the rules?
Is self-monitoring a viable option? Can we rely on records retention
requirements or should mandatory reporting be stipulated?
Is third-party monitoring or certification a viable option?
Would the threat of an audit be a more effective tool than regular
inspections?
Are the inspection programs focused on the high priority problem areas?
Can we make any changes that will increase our monitoring
"presence"?
Can we, and should we, encourage complaints and tips as a source of
information on compliance? Would we be able to respond to them effectively?
Can we, and should we, provide some form of protection for
"whistle-blowers"?
Do we have effective information systems to gather, compile, analyze, and
distribute information on compliance?
Enforcement Activities
Enforcement activities, including prosecution, are an important component of
most regulatory programs. Where a regulatory program is founded on a
sufficiently compelling social purpose, the use of coercive methods to gain
compliance will only be a marginal activity. Over the long run, a regulatory
regime that relies wholly on activities which promote compliance will get into
trouble. People expect that regulatory authorities will monitor the activities
of the regulated group and that the law will be enforced. Members of the
regulated expect that authorities will not penalize those who obey the law by
not taking action against those who violate it. If this does happen, you could
find an increase in non-compliance across the board. Monitoring of compliance
and the ability to invoke enforcement measures is necessary to ensure the
long-term effectiveness of a regulatory regime and to ensure fairness in its
administration.
There is a wide range of possible enforcement responses available to
regulators, most of which must be expressly authorized in the governing
legislation. Possible enforcement responses include:
- verbal or written warnings
- tickets
- administrative directives or orders
- increased regulatory burden (e.g. more stringent reporting requirements,
more intensive inspections, cost recovery of additional inspections)
- administratively imposed monetary penalties
- negotiated solutions to non-compliance enforceable by various methods (eg.
performance bonds, consent orders, suspended penalties)
- adverse publicity
- licensing sanctions (eg. increased restrictions, short-term renewals,
suspension)
- contract listing (loss of right to government contracts)
- other civil remedies (injunctions, more punitive fines, restitution)
- criminal prosecution (which may also result in a wide array of possible
remedial orders)
At this point in the process, you should discuss the formal information
gathering mechanisms provided under the legislation (e.g. investigation powers),
review the various types of enforcement responses available under the program,
and generally identify the factors that will influence the choice of responses.
Again, ask yourself, how can you employ enforcement activities to strengthen the
incentives and minimize the disincentives to compliance? Remember, the very same
factors which influence voluntary compliance under a regulatory program are also
helpful in identifying pressure points for the application of effective
sanctions.
This is the point, as well, that you need to
outline precisely when and how each type of enforcement response is to be used.
Be aware that this exercise may result in adjustments to the strategy that you
have developed so far.
Make sure that the team that actually develops detailed enforcement responses
includes a large number of experienced enforcement officers. Why? Because
experienced enforcement personnel will be essential to provide detail and to
carry out the subsequent "reality check" of the strategy.
If field staff are involved in the process right from the start, you should
not get many surprises when this detail is discussed. Of course, you will still
have to cross-check the details of the strategy against your existing
organization, systems, procedures, and resources, and against the attitudes and
past practices of your enforcement personnel.
Criminal sanctions alone don't always do the job.
To enforce standards, Canada has historically used a criminal law model. This
model sets out rules of acceptable and prohibited behaviour with criminal
penalties for the prohibited behaviour. The system is based on the theory that
people who might otherwise disobey the law will comply with the law to avoid the
stigma of criminal proceedings. But the criminal law system was really designed
to deal with more serious societal crimes, such as murder and theft, and not
necessarily with such regulatory offenses as failure to provide proper
protective equipment at a work site or not complying with building standards.
Enforcement officers often hesitate to prosecute people for regulatory offences.
Using tougher sanctions often alienates the very people whose cooperation the
government needs to achieve its regulatory objectives. Courts, too, are
beginning to distinguish more emphatically between "criminal" offences
and "regulatory" offences and are looking to governments to treat
regulatory offenses differently.
Budgets are shrinking.
Shrinking enforcement budgets are forcing
regulating departments to consider compliance activities outside of frequent
inspections or criminal proceedings. Departments are being forced to choose
strategies that cost less and, at the same time, result in greater compliance.
They do this by considering the underlying causes of violations and finding ways
to make complying with the law easier.
The threat of law suits.
Recently, the government has become increasingly exposed to civil liability
for damages to third parties caused by inadequate enforcement. This is
particularly true in situations where the safety and health of the public are at
stake. Already substantial damages have been awarded against the Crown for
losses suffered because regulators failed to take effective action to secure
compliance. When the federal government establishes regulatory requirements, it
usually has a legal obligation to mount a reasonably effective program to secure
compliance with the requirements.
The Canadian Charter of Rights and Freedoms.
More and more, governments and public agencies are subject to monitoring by
the courts, whose remedial powers have been broadened by the Charter. Unless an
enforcement policy is rationally and consistently applied, the government may
face challenges under the Charter based on arbitrariness, injustice or inequity.
Understanding and Accepting the Objectives and Rules
The ability and willingness of people to follow the rules can be
significantly influenced by their acceptance of the underlying policy
objectives. If they believe that the law is serving a valid purpose, they are
more likely to comply. Understanding and accepting the rules is also critical.
People can't comply with rules if they don't know about them. People can't
comply with rules if they can't understand them. People won't willingly comply
with rules if they think they are unfair.
An important element of any compliance strategy, therefore, is the reinforcement
of the social purpose which underlying the regulatory scheme.
Understanding and accepting the regulatory processes particularly
decision-making and adjudication processes, can have an impact as well. If the
procedural requirements to achieve compliance (e.g. filing requirements,
applications) are not known, or are very complex, people will have trouble.
Finally, the relationship with the regulatory
authorities can be an important factor. If there is a sense of partnership, or
at the very least, a sense of trust, compliance will be facilitated. If members
of the regulated group don't think they are being treated fairly, they will be
less likely to comply with the rules.
Enforceability of the Rules
Just because you have established a regulatory requirement in law does not mean
that it is enforceable. Requirements may not actually create (or connect with)
an offence. They may specify a standard of conduct or attributes that are too
vague. They may be so convoluted as to make it virtually impossible for anyone,
including judges, to determine whether the law has been obeyed.
Where the law is unclear, you can expect compliance problems. You may have
difficulty gathering sufficient evidence to prove a violation, or if you do have
the evidence, you may still have problems convincing a judge that the evidence
supports the conclusion that a violation has occurred. Even if the judge
believes that a violation has occurred, a severe sanction is unlikely for
"technical violations" or for violations of rules that are inherently
unclear.
Your compliance strategy can recognize and, to some extent, compensate for
problems in the enforceability of the rules. For instance, the strategy may
place greater reliance on promotion and advisory activities. There is a limit,
however. A compliance strategy cannot compensate for unenforceable rules if
successful prosecution is a key element for securing compliance.
Capability of the Regulated Group to Comply
Sometimes, members of a regulated group simply may not be able comply with the
law, whether or not they want to. If, for instance, regulatory requirements
specify standards that cannot be met through any available technology (i.e.
technology forcing requirements), non- compliance by the entire regulated group
is a sure bet. This is really a problem with the rules, but the compliance
strategy will have to deal with it. In other cases, the standards may be
achievable, but certain firms or individuals may not be able to comply because
they lack resources, skills, expertise, or information. This situation may or
may not indicate that there is a problem with the rules but, again, it must be
addressed in the compliance strategy.
The most common response of regulators to both situations is to adopt a
(usually unwritten) compliance strategy that relies on discretion in enforcement
(including turning a blind-eye to violations of the law). In some cases, more
formal extra-legal programs may be established which allow firms to achieve
compliance in accordance with a pre- determined schedule. While such flexibility
may be admirable, this really amounts to officials modifying legislative
requirements established by Parliament or by Cabinet. Compliance strategies must
be built on a clear-headed assessment of the extent to which compliance is
possible, but problems with the regulatory requirements should be fixed in the
statutes and the regulations.
Social and Psychological Factors
Take a few minutes to walk out from the trees and look at the forest. What is
the social environment that the program is operating in? Compliance rates can be
influenced by such things as changing mores, demographic shifts, or swings in
the political climate.
Ask yourself the following questions:
How do people feel about the problems addressed by the regulatory program?
Does anybody care?
What is the media saying about the problems?
What are the politicians saying about the problems?
Are there any societal changes that could affect the severity of the problems
or the rates of compliance with the regulatory requirements?
Is anybody else tackling the problems in ways other than by regulations?
Are there other regulatory requirements (i.e. mandatory rules) that could
affect compliance (e.g. provincial or local regulations, foreign regulations)?
Are there other non-regulatory requirements (e.g. domestic or
international standards, non binding guidelines) that could affect compliance?
Psychological factors can also have a significant
influence on the willingness of people to follow rules. Among these factors
would be:
- culture and values of the community (e.g. good citizenship)
- culture and values of the regulated group (e.g. owners, managers, and
employees)
- personal views of the regulated group about
- whether their activities actually cause a problem
- the severity of any possible non-monetary sanctions, including a prison
term
- the risk of detection
- the likelihood of a swift and sure response to non-compliance
- the likelihood and severity of non-monetary sanctions imposed by the
regulated group itself (e.g. disciplinary action by managers or owners)
- willingness to tolerate different levels of risk
- desire for favourable image in the community (and media)
- peer or public pressure
Economic Considerations
How might the general economic situation influence compliance? Ask yourself:
Is the economy booming, or in a slump?
Is unemployment high or low?
Are profits high or low for products used in or produced by the regulated
group? Are things likely to get better or worse?
The following economic considerations can have a
significant influence on the willingness of people to follow rules:
- effect of compliance on competitive position of the regulated group
(influenced by market structure)
- effect of compliance on competitive position of small business as
against bigger business
- effect of compliance on overhead or incremental production costs
- personal views of the regulated group about the severity of any monetary
sanctions that might be imposed under the regulatory regime when
compared with the potential gains from non-compliance
- the personal views of the regulated group about the likelihood and
severity of monetary sanctions imposed by the regulated group itself
(e.g. disciplinary action by managers or owners)
- potential impact of legal liability that could be triggered by non-
compliant behaviour
When assessing the social and economic aspects, place the primary emphasis on
the communities affected by the regulatory programs. Knowledge about which
members of the regulated group are operating under significant business risks
can be an important factor in targeting inspection activity.
Part II:
The Process, Step by Step
Step 1 - Start with a Plan
Developing a compliance strategy will require substantial staff time, travel,
printing, and expense. Good project planning can help keep these costs under
control and can help ensure that the work progresses in an orderly and
expeditious fashion.
A good plan will guide you through the project from beginning to end. It will
let senior management know where they fit in and how much time they will have to
do their part. It will let the Department of Justice and other departments know
when they will be involved. It will help explain to program personnel what is
going on and where they fit in. It will allow managers to plan for the time and
resources that will be needed to prepare the compliance strategy.
The most common method for developing policies in government-- senior
management prepares a draft strategy and then communicates it to the rest of the
program--is not the best approach for developing compliance strategies. Instead,
the best approach is probably one that relies predominantly on the skills and
practical enforcement experience of line personnel, with senior management input
at critical points. For instance, early involvement by senior management is
particularly important, especially in determining the general orientation and
the guiding of principles of the strategy.
Remember that a compliance policy guides the everyday decisions of program
managers and enforcement officials. It has to be grounded in reality and must
reflect a good understanding of practical enforcement experience. It also has to
contain principles that enforcement officials such as field inspectors actually
agree with. If these officials do not believe in the policy, if it does not
coincide with the common wisdom in the program about how best to achieve
compliance, it will not work. Not only should line managers and field personnel
should be fully involved in the preparation of the strategy, they must take
ownership of it.
If you develop a strategy that requires officials to deal with members of the
regulated group in a way that is inconsistent with the officials' perceptions,
or if you focus on problems that your official do not believe are important, you
will either have a misaligned strategy or a requirement for major cultural
change among managers and enforcement officials.
One danger in developing a compliance strategy is that the policy principles
developed by the project team may not be acceptable to senior management.
However, senior management may, in fact, be in a better position to gauge
whether the approach is likely to gain the minister's approval, or is consistent
with other policy positions within the department or across the government. The
project plan prepared for the development of a compliance strategy must build in
points for periodic senior management review, and the very first thing that
should be reviewed and approved is the work schedule itself.
Once you have decided on an approach, project planning for development of a
compliance strategy should be relatively simple. The first step is to identify
the tasks have to be performed during the project and the sequence in which they
should occur. Key milestones for the project should be specified (e.g. strategy
discussions, drafting the strategy, strategy approval) and deadlines set for
them. The plan should provide for senior management review of the draft
materials at regular intervals, distribution and review of drafts by the field,
legal review by Department of Justice advisors, professional editing, and
translation.
Step 2 - Set up the Project Team
Getting the right people for a compliance strategy project team is critical
to the success or failure of the work. Based on the experience gained through
developing compliance policies, the following make-up is recommended:
A team leader who has sufficient experience and stature in the department to
warrant the respect of the other team members but who will not attempt to
dominate the discussions or impose personal views on the team. The team leader
guides and facilitates the development of the strategy, dictating content only
when necessary to break logjams or bring the text into conformity with senior
management or Department of Justice requirements. The team leader should have
clear instructions from, enjoy the confidence of, and have ready access to
senior management.
A head writer/editor whose job is to record the results of the strategy
development process and to produce the policy document from that record. This
position is far more important than that of a recording secretary -- the head
writer should be a person who could have participated in developing the content
of the strategy, but who has the primary responsibility for writing and editing
instead. The person should have good communication skills.
A selection of headquarters staff who have working experience with
compliance/enforcement activities. Individuals with a policy and legislative
development background are good candidates, but people with experience in other
areas such as education or information, laboratory services, technical support
services, should also be considered. If possible, the headquarters
representatives should have some field experience or at least some experience
working with field personnel on enforcement matters.
Strong representation from the field is critical to the success of the
project team. If possible, one representative from each region should be
assigned so that any regional differences in compliance/enforcement activities
will be accommodated. The field staff will be relied on to ensure that the
strategy is grounded in reality. The primary qualification, therefore, is
hands-on experience with inspection and where appropriate, investigation
activities.
Experienced enforcement officers will be invaluable when the project team
selects the criteria for the enforcement tools and determines which enforcement
tools will work best in achieving compliance in the shortest time possible with
no recurrence of violation. Enforcement officers, especially those in the field,
are closest to the action. To them achieving compliance and enforcing the law
are not theoretical exercises. They do it every day.
A lawyer from the department's Legal Services Unit should be assigned to the
team to provide legal advice and act as a link between the team, the Legal
Services Unit, and Justice headquarters. The lawyer will provide critical advice
on minimum enforcement standards which the courts may require in some areas of
regulation.
Step 3 - Work Towards The Strategy
As a first step, the team should review existing documents such as the
legislation, operational plans, program manuals or other documents that will
provide the guiding principles of the strategy, the list of responsible
authorities from the Minister on down, a description of available promotional
tools.
Then, work through the elements of the strategy as set out in this guide. Be
careful not to let the exercise slip into a search for a set of words that the
team members can all agree on, and don't hold out for perfection. Deal with the
ideas and the substance of the strategy, and less with the manner of expression.
Step 4 - Reality Check
Once you have a draft outlining the strategy, conduct a reality check by
reviewing your existing organization, systems, procedures and resources against
each element of the strategy. Is there a good match? Do you have what it will
take to make the strategy work? What more will be required? Can you get it, and
in time? Will it meet minimum enforcement standards?
As part of your reality check, be sure to share your strategy ideas with program
officials and enforcement officers who were not part of the strategy team. In an
appropriate case, as well, you might want to consult on an informal basis with
members of the regulated group through consultative committees or technical
advisory groups.
Ask yourself the following questions: Does the program have this function
now?
Is it being used to the extent required by the strategy?
How much more will it cost to carry out this function?
Can the existing staff handle any increase in compliance-related activities?
Does the program have the right kind of people in sufficient numbers to
carry out the functions? Are they in the right places? Can existing staff be
trained and are they sufficiently adaptable to handle a changing role?
Is the organization structure of the program appropriate to manage and
deliver the functions required by the strategy?
Are the financial, administrative and informatics support systems of the
program sufficient for the new strategy?
Be honest and be flexible. Perfection is an unrealistic goal. Although it might
be ideal to have all enforcement personnel fully trained, it might be more
realistic and almost as effective to establish a unit of experienced specialist
investigators who could handle the most serious cases. Massive public
advertising campaigns might be a wonderful way to promote compliance, but are
likely to be beyond the reach of most regulatory programs. Sophisticated,
portable equipment for on-site analysis of samples might significantly increase
the efficiency of inspection activities, but the greater need might be for a
computer system to track the record of compliance for a regulated group on a
regional and national basis.
The greater the shift in approach implied by the draft compliance strategy,
the more critical the need for a thorough reality check. Don't try to duck the
tough questions. If, for example, a new orientation will take more people or
money to implement than is currently assigned to the regulatory program, you
have a problem. Adjust your strategy or find new resources.
Make sure that you consider minimum enforcement responsibilities as part of your
reality check. Being unrealistic here can have very serious legal consequences.
You have an obligation to alert senior management to any problems associated
with meeting your responsibilities for effective enforcement.
Step 5 - Revisit and Revise
Once you have completed your reality check, you should adjust the strategy as
required. Modify each element that isn't workable or achievable in the real
world. But remember, if you adjust one area of activity, you may have to
compensate by modifying others as well. For instance, if the total resources
required to carry out the strategy are simply beyond reach, you will have to cut
down everywhere. Furthermore, the cuts won't likely be evenly spread. Some
functions, such as enforcement activities, are inherently costly and must be
maintained at a minimum level to ensure viability and credibility of the program
as a whole. This means that other functions such as promotion and monitoring
might have to be cut proportionately more even in cases where the strategy calls
for primary reliance on promotion techniques.
Finding a workable compliance strategy will be an iterative process. You may
have to repeat this loop several times before you have a strategy that is ready
for final approval.
Step 6 - Get Policy Approval
Before you can implement the strategy, you must get final approval. The
strategy that is submitted to senior management for approval should contain the
summary of the groundwork done by the strategy team, with enough background
material to explain how and why the team arrived its recommendations.
Step 7 - Implement the Policy
Obviously, a department's work does not end when it has received policy
approval. The policy must be implemented.
Developing and implementing a compliance strategy are simply two phases of a
single, continuous process. Perhaps the most important thing to remember is that
the approach taken in developing the strategy will significantly influence the
success in implementing any changes that may be required. Some changes in a
regulatory program are almost inevitable after a compliance strategy has been
developed because better, more effective, more efficient, legally sound ways of
doing things will probably have been identified.
Draft the Policy Document
Prepare a Detailed Implementation Plan
A Note About Human Dynamics
Private Sector Review
Step 8 - Evaluate Regularly
Compliance policies are never written in stone. Their underlying strategies
should be evaluated regularly for effectiveness and may have to be fine tuned
from time to time due to intervening factors: new legislation, a major
regulatory review, budget cut backs, new enforcement priorities, unanticipated
difficulty in dealing with significant non-compliers, and public reaction to
existing practices.
One federal department routinely discusses and reviews its compliance and
enforcement practices at an annual industry association meeting. It is not
uncommon for some of the best suggestions for improving compliance and
enforcement practices to come from within a regulated group.
While there is much yet to be learned about how to evaluate the effectiveness
of a compliance and enforcement program, you should start by asking the
following are questions:
Are the compliance rates going up or down? Are there any trends within the
regulated group that should be taken into account?
What progress has been made in making known offenders comply?
How timely has the follow through on cases been? Have the enforcement
responses been appropriate to the cases?
Have the number and quality of inspections been adequate to give the
impression that there is a credible likelihood of detection?
Would the treat of an audit be a stronger enforcement tool?
What are the results of impact studies of the regulatory program?
Have there been any complaints or actions against the department for careless
enforcement?
Some Final Advice
Rule #1: Don't make promises you can't keep.
It's better not to have a compliance policy at all than to have one that
can't possibly work. If a delivery program cannot be designed to implement the
policy then, sooner or later, the policy, the department, and perhaps the
minister could be discredited. If the program area is important enough, the
Government as a whole could be pressured for failing to meet expectations.
Rule #2: Don't make "never-to-be-broken" rules.
Try not to be rigid in your thinking about how things should be done. Above
all, don't expect to find the perfect match between the strategy and the program
design in the first attempt. To successfully design a delivery program, you have
to go through an iterative process of adjusting the compliance in view of the
resources and the organization and administrative infrastructure available.
It is likely that you will not achieve complete implementation through your
initial plan, particularly where the program adjustments will be significant.
Past shows that implementation is achieved through successive approximations of
the desired outcome.
Rule #3: Be realistic.
To get, and keep, the commitment you will have to make trade-offs between the
ideal strategy and the constraints imposed by the available resources and
delivery system. If you can't get a satisfactory commitment, you should consider
either modifying the compliance strategy or changing the expectations for
compliance.
For example, if your program does not have sufficient enforcement resources
across the country it may be necessary to rely more on promotion activities such
as information programs and self-audits than on inspections and investigations
in the early stages of implementation. This reliance on a "softer"
strategy might extend the timeframe required to gain the desired level of
compliance with the legislation. As more trained enforcement personnel become
available and the necessary support systems are established, the program could
shift to your optimal strategy which would place comparatively greater emphasis
on enforcement activities.
At this stage it is not critical that all of these programming concerns are in
balance with the chosen strategy. What is important is that there is commitment
to make the balance as implementation proceeds. Usually this means finding
resources and adapting organization structures and the support infrastructure of
the department. This commitment must come from senior departmental management,
central agencies, and the political level.
Big Change, Small Change
It is one thing to prepare a compliance strategy and obtain approval for it at
the senior management and political levels. It is quite another to see it fully
and successfully implemented, particularly if the strategy implies significant
changes in programs. The approach you take in implementing the strategy should
be determined largely by the degree of change and the way in which the strategy
was developed.
Scenario 1
Your program is operating well with reasonably up-to-date legislation, an
adequate resource base, and a mix of enforcement and promotion activities that
seem to bring acceptable levels of compliance. There are no indications of
inequitable treatment. Senior management decides that enlightened public
administration and the continuing pursuit of excellence calls for the
establishment of a compliance policy. The policy isn't supposed to change
anything; it is simply intended to reflect current operating practice. You
gather a small group of headquarters officers, prepare a draft policy, shop it
around to field staff, and submit it to senior management for review and
approval. What do you do once it is approved with the usual minor adjustments?
In this case, implementation of the compliance policy is a simple matter. You
distribute copies internally and externally, hold briefing sessions for staff,
ensure that it is covered in training programs for new employees. send a copy to
your favourite Department of Justice lawyers. No big deal.
Scenario 2
Your program is in serious trouble or is headed that way. It's amazing that
it hasn't hit the front page of The Globe and Mail. You live in fear that
your minister will be put on the spot in Question Period.
You're out of date. Your legislation hasn't been changed significantly in 20
years and the Department of Justice tells you that your investigatory powers
probably wouldn't survive a Charter challenge. Your offenses are so vaguely
worded that even you don't really know what they mean and the only penalties
available could be paid out of petty cash,
Your hands are tied. The number of "customers" you are supposed to
be looking after has mushroomed by 150% over the last three years, but
successive rounds of hiring restraints and budget cuts have reduced your
resource base by 75%. The latest cutbacks ordered by Treasury Board have reduced
your PY complement by a further 22%. You aren't sure you are going to make this
work in the next fiscal year. Unless something changes, you won't be able to
meet your statutory obligations in relation to the program.
You're flying blind. Due to the budget cuts over the last three years, you
weren't able to install the automated case file management system that you paid
a consultant $75,000 to design five years ago. You've probably got over 200
different legal requirements in your Act and Regulations and you have no idea
what the level of compliance is for any of them. You haven't been sued yet, but
you know that the enforcement approaches of the field staff differ widely from
region to region. You tried to gather the information manually, but the field
staff said that they were too busy.
You decide that the only choices are to find a job in the private sector or
to find a new way of delivering the program. Senior management decides that
enlightened public administration and the continuing pursuit of excellence calls
for the establishment of a compliance policy. The policy is supposed to lay out
a new approach - one that will work.
You prepare a project plan, consult experts throughout the Department, enlist
the aid of the Department of Justice Regulatory Compliance Project, assemble a
small group of headquarters and regional staff, carefully review how you do
business now, and reach a consensus on how you would do it in the future. You
capture the essence of the new program strategy in a draft compliance policy,
consult widely and frequently with field staff, and provide it to senior
management for review and approval. It is approved with the usual minor
adjustments. Now what?
In this case, implementation of the compliance strategy is a major
undertaking -- a multi-year affair. You're going to have to look at everything:
basic organization and staffing levels, budgets, accommodation, job
descriptions, computerized information systems, laboratory services, forms
design, public communications materials, training programs, recruitment
strategies, and security arrangements.
It's going to be hell. Stress. Late nights, weekend work, no vacations. But if
you pull this off, it could be good for your career.
Most likely, your situation will be somewhere between these two extremes.
|
