Policy Management: How Hard Can It Be?

Compliance doesn’t have to be a solo journey. Join Anna Romberg and Julia Haglind in a collaborative exploration of real-world compliance challenges. Share your experiences and challenges; your issue could be featured in the next Compliance Conversations With Anna Romberg & Julia Haglind.

You may wonder — why policy management? How hard can it be? And that is exactly where we will start. Which words come to mind when you think about policy management? Formal, legalese, a document no one reads?  

In principle, policy management is simple and makes sense. A policy is defining the internal rules for how an organization translates external expectations and regulation into internal principles and standards. It sets the internal framework for how to act and how to conduct business.

In practice, policy management is usually a formal process, documents written by lawyers for lawyers that employees rarely read, or if so, may not be so easy to understand. 

We believe policy management should make sense, should be adding value and should be serving a purpose of ensuring that the business is run and decisions made in a responsible way. Done in the wrong way, policy management is not only bureaucratic and frustrating but can put the whole organization at risk by creating a false sense of comfort regarding compliance.

Writing a policy is easy and can be outsourced to external lawyers and consultants. Ensuring that the formal text is understood and translated into a daily reality by all employees is another thing and requires hard work. Policy management is the core of an effective compliance program where you start with understanding your risks and the regulatory requirements. These are then translated into formal documents, which are adapted by relevant governing bodies to make them into the internal law. 

After this, the hard work begins, which is to anchor the spirit of the law throughout the organization and to ensure that the formal requirements are translated into a daily reality for employees. This requires more than an e-learning and also acknowledging that sometimes it may be difficult to apply a formal policy in practice, especially if there are ambitious business goals that may put you under pressure or in conflict.

A vital part of policy management is to ensure there are transparent discussions on how to apply the policy in practice and also how to act if there are concerns. And as if this was not enough, policy management is not a one-time effort. Regulations change, the outside expectations change, you learn more about internal challenges and so you need to follow up and revise your policies. 

Let’s not simplify policy management to a tick-the-box exercise but give it the attention it deserves. Policy management is a handicraft, a continuous process with a core ambition in supporting running the business in an effective, compliant and responsible way. It is part of doing business and not creating a library of documents that is detached from the daily reality. It is about translating the letter of the law into the spirit of how a successful business is run.

What would you like to know about policy management? Let’s explore together. Questions we have pondered include:

• How do you keep up to date with evolving regulatory requirements and updating your policies?
• How to ensure that your policy fulfills legal requirements and is understandable for non-lawyers?
• Is it realistic to expect all employees to read all policies and directives (and understand them)? 
• Why do you say e-learning is not good enough; how do you reach thousands of employees? 
• How do you measure policy implementation? 

Which one do you want us to address next?