|

JANUARY 2017

|

13

INNOVATE

A Compliance Conversation

Is compliance a hard or a soft measurable?

In discussing this question with others, I

received responses like, “You are either

compliant, or you are not.” One co-worker

responded with three questions:

1

Are you asking about

regulatory compliance?

2

Are you asking about

customer compliance?

3

Are you asking about internal

policy compliance?

I believe those are appropriate questions;

and the response to each gives us the

response to the subject question. So, let’s

take these in order, as asked above:

1

How do we measure regulatory

compliance?

I believe this is the easiest

to answer. Many third-party certifying

bodies require a company to have on staff

a regulatory/compliance professional.This

personmust understand the regulatory

landscape and the plain language of the

statutes, regulations and standards. If there

is no person in your company who has

this ability, your company is playing with

matches in a hay field. Having a person

on staff who knows and understands

implementation of the law is your

company’s regulatory and compliance

insurance policy. Pay that person now or

take the chance of paying the government

later. In short, you’re compliant with

federal and state law, or you’re not.There is

no “sort of;” “we’re close;” or “I think so.”

How do you measure that? Your

regulatory compliance specialist

performs quarterly, unannounced

inspections of your facilities—

and even the facilities of your

suppliers—using the standards that

apply to products you offer, or you

require records of such compliance

(testing, internal and external audit

reports, SDS, etc.). Documents and

observations are hard measurables

used to determine compliance.

2

How do we measure customer

compliance?

Your customers (should)

require that your company is compliant

in regulatorymatters and order accuracy.

Every company should have a resolutions

team that receives customers’ concerns

and inquiries about regulatory and order

compliance.This teambecomes the liaison

between the customer and the supplier in

determining whether an order was out of

regulatory compliance (improper labeling,

no tracking number on a children’s

product, no country of originmarking)

or customer-expectation compliance

(wrong flavor of lip balm, wrong logo,

logo smeared or off-center).These are

measurable by the number of “resolutions”

a company records.

Every distributor should have a quality

control team (or person). Every distributor

should require its suppliers to provide

proof of quality-control mechanisms.

Most federal and state regulations, as well

as third-party certifying bodies, require

manufacturing facilities to document

quality control processes. The FDA has

a clear code for quality control. Now, a

distributor may say, “No product comes

to our facility. Why dowe need a quality

control team (person)?” Inmy experience,

distributors ask for sample products from

suppliers before adding any product to

a catalog or brochure or booth. Every

distributor should closely review these

samples.Theymay be “golden samples,”

however, it is a good practice to have a

supplier (every once in a while) send you

a sample of a product they are sending

to one of your customers.Thus, you can

carefully reviewproducts for customer and

regulatory compliance.

Resolutions teams and quality control

teams are hardmeasurables used to

determine compliance.

3

How do we measure internal policy

compliance?

In a recent CFO.comblog

post, Lucy Skelton lists five ways tomeasure

internal compliance:

• Proper training and

compliance campaigns;

• Employee surveys of internal policy

compliance standards and requirements;

• Bringing in outside experts or utilizing

other resources in the drafting and

implementation of internal compliance;

• Empowering your managers tomake

compliance decisions and help employees

understand compliance issues; and

• Closely reviewing and observing

compliance breaches and successes;

keeping records of your observations

and findings.

Using your staff to develop, implement

and uphold clear internal compliance

standards (codes of conduct, mission

statements, company values, etc.) allows you

to createmethods to turnwhat may be soft

measurables into hardmeasurables.

All compliance is really about ethics:

We all knowwhat’s right. You either do the

right thing, or you don’t. If customers are

staying, and you’re growing, then you are

at least compliant to customers (price is

a customer compliance issue). If you are

losing customers, then youmust determine

where you are not compliant. If the CPSC

or FDA shows up, and you get fined, or shut

down, because youwere in the chain of

custody for a non-compliant product, you

have received a hardmeasurable. If you can’t

keep employees, your internal compliance

(including pay standards) may need to be

evaluated. So, soft or hard, compliance is

measurable. Your job is to ensure that you

have the data, understanding, policies and

ethics in place tomeasure it.

RICHARD D. MASSEY, ESQ.

Director of Legal and Regulatory Affairs

SnugZ USA, Inc. / PPAI 112982