Sometimes, real life can be the hardest teacher. Just ask anyone who has had to clean up the leftover mess caused by his or her company falling out of compliance. Compliance breaches put a business' reputation on the line. Therefore it is critical for every employee and all stakeholders involved to enforce best practices, require compliance training, and develop and implement a communication compliance policy. Additionally, ensuring that policy matches the organization's goals and needs—it's part and partial to effective and responsible corporate governance.
For most businesses to remain legally compliant, they must meet internal and external regulatory compliance requirements, including activities like filing necessary operational paperwork, maintaining a healthy and safe environment for employees and/or customers, paying taxes, and maintaining updated business records. Compliance communication is one of the most valuable things any business, in any industry, has at its disposal to use to foment positive brand awareness.
Non-compliance in the Workplace Non-compliance in the workplace is a failure to meet any of the requirements instituted by national or global industry standards and laws or those of regulatory oversight organizations. Just as finance PR and corporate compliance PR is a must-have, non-compliance communication, if not handled immediately and thoroughly, can damage a company permanently.
Unfortunately, non-compliance messes happen daily to businesses of all sorts who do good work on behalf of their clients, customers, shareholders, and the general public. To add insult to injury, the clean-up can be far more expensive than staying compliant would have been.
Challenges of Non-compliance The cost to reinstate compliance is secondary to the true threat non-compliance causes. In addition to the financial losses, security breaches, license revocations, and business disruptions that can occur when a company falls out of regulatory compliance, the reputational damage and loss of trust caused by losing accreditation from a governing body can last years compared to the length of time it can take to put a company back into compliance.
Here is an example of what’s at stake for medical centers in the healthcare industry to become non-compliant with the regulations under which they must legally operate: Let’s say you’re the CEO of a hospital that is considered the best place for people to go for treatment of illnesses or necessary surgeries. Other hospitals have been closing in on equaling your stellar public opinion in recent years, but yours is still ranked as the highest in the county, city, or town where yours is located.
One day, The Joint Commission on Accreditation of Healthcare Organizations, or JCAHO, performs one of several quarterly inspections on your hospital; on account of ongoing staffing problems, your hospital was cited for several infractions that you and your leadership team have struggled with for a few years – mostly Medicaid-related billing issues due to lack of adherence to the latest medical codes that accounting relies on. You are informed after the last inspection that you have lost your accreditation and must go back through the last seven years of prior patient records to find, and fix, all of the coding inaccuracies while also retraining all of your accounting employees.
The local news finds out about the loss of JCAHO accreditation, and suddenly, there are stories on the news, in the newspaper, in trade publications, and on the radio about the hospital’s non-compliance. Suddenly, you start to hear rumors that your hospital lost its accreditation due to a large number of preventable deaths; that rumor grows into other stories about how dirty your hospital is and that all the good doctors are leaving – none of which are true. Your accounting issues have suddenly turned into your hospital losing its standing in public as the best local medical center to go to. In fact, even after you spend months, and tons of money, to earn back your accreditation, those rumors still persist. Your hospital has lost the public trust; you and the rest of your leadership team are terminated, despite fighting all the rumors swirling around the medical institution to which you have served tirelessly for the last 25 years…all because of the inaccurate public perception about the safety concerns that have nothing to do with your original non-compliance. It’s a healthcare PR nightmare!
The bottom line is, if you don’t get out in front of the communications surrounding your non-compliance, your entire business is in the hands of others who do not know what they are talking about – hence, the mess. If you and your leadership, led by yourself and your Chief Information Officer, had immediately addressed the situation publicly, the lack of public support would most likely not have waned as much as it did in the end.Information is knowledge, and knowledge is power.
Information left unaddressed in the early stages of non-compliance leaves those with no knowledge in power.
The Ramifications of Non-compliance The hospital example can be translated into most industries that operate under the guidelines set forth through laws passed by national and international governments and organizations.
Think of all the legalities that come from the U.S.’s Occupational Safety and Health Association, or OSHA…on its own Education Center website, the most frequently cited OSHA standard violations in FY 2020 were:
Fall Protection (5,424 violations)
Hazard Communication (3,199 violations)
Respiratory Protection (2,649 violations)
Scaffolding (2,538 violations)
Ladders (2,129 violations)
Control of Hazardous Energy (2,065 violations)
Powered Industrial Trucks (1,932 violations)
Fall Protection Training (1,621 violations)
Eye and Face Protection (1,369 violations)
Machinery and Machine Guarding (1,313 violations)
Because OSHA responds to compliance issues where physical safety is concerned, losing the organization’s accreditation can lead to perceptions that your workplace isn’t a safe place to work.
Similarly, the U.S. Equal Employment Opportunity Commission (EEOC), a federal agency that was established alongside the Civil Rights Act of 1964, administers and enforces laws concerning civil rights and discrimination in the workplace. Companies that the EEOC cites for infractions on things like illegal hiring practices, or wrongful firing offenses, are also subject to a public backlash, as well as the inability to maintain quality talent, among other drawbacks.
Again, some companies do not follow such laws to the letter…and they usually wind up in big trouble, both financially (by way of fines and lawsuits that can occur) and within the court of public opinion.
The Necessity for Public Relations Before and During Non-compliance Whenever non-compliance has been reported to or by an overseeing regulatory agency, the first matter at hand is to begin the work of being reinstated for the infraction(s) that led to a company’s failure to comply. Setting up a compliance team to address the issue and create solutions and actionable measures is necessary for reinstatement. Employees typically need to undergo compliance training or be retrained and brought up-to-speed on whatever was missing in the compliance process. Sometimes, manufacturing compliance is lost, which often requires mechanical solutions; in the technology industry, there are too many certifications to count, so keeping up with the latest changes and upgrades can be quite taxing…but all of these examples are necessary.
One of the most important actions a company can take after losing compliance is getting in front of the story. You should be reporting the compliance concern – truthfully and transparently – with all of your various audiences as soon as possible. You should get the facts out there before others (in your industry or the community where your business is located) have the chance to let their imaginations run away with the various scenarios.
The one thing you should NOT do is panic. This isn’t the end of the world for your business, it’s just a setback. As the following tips explain, you have a lot of work ahead of you.
You should have already developed a communications plan to cover all possible scenarios surrounding non-compliance in whatever certifications you are given. The worst thing you can do is hide behind what’s going on – particularly if your company is public. Every plan should have a timeline and roadmap of when you expect to regain compliance and how you will get there.
Post the non-compliance communications on your website. If your site has a newsroom attached to it, you will want to put all of the non-compliance communications on there, as well as any updates as your company goes through the process of getting back into compliance.
Posting on your website isn’t enough. You should take advantage of press release distribution, with the details about the “when” and “how,” but also information that explains the violation(s) that led to non-compliance, and what they mean. Again, with public companies, or those that hope to go public one day, taking this action can go a long way to allay the fears your shareholders, investors, and/or stakeholders have in your ability to right the ship. While reclaiming your compliant status, continue to distribute press releases to communicate any progress or positive steps that have been achieved.
Additionally, the link you can provide on your press releases should go directly to wherever you post your information and updates on your website, whether on the front page or the company news page. You might want to add a page and have the communications come from the President or CEO of your business and prepare a FAQ that answers all of the questions your audiences may have.
Create separate emails to your audiences – shareholders, investors, stakeholders, and your employees, and again, be upfront and honest about what has happened, how your company is dealing with the non-compliance situation, and how quickly you expect to comply again.
Have your PR and marketing teams monitor your social media accounts closely. Because “social trolls” are out there ready to pounce, it is not recommended that you put all of the information onto LinkedIn, Facebook, or Twitter. Instead, use those platforms to show your company is still operating as usual (if it is, in fact, still operational). If there are people who do mention your company’s non-compliance, simply refer them to your website’s link where you explain the situation.
As soon as your company regains compliance, let your target audiences know! Press release distribution and emails to your previous groups are also in order, and replace that link with your CEO’s or President’s message with a FAQ detailing all your company’s certifications that are in compliance and what each one means to your business and industry.
And For Companies Who Have Recently Been Certified As Compliant For The First Time…
CONGRATULATIONS! We recommend you TELL THE WORLD about your good news! Start with a press release distribution to the media outlets and journalists you want to be in front of, and make sure the same messaging goes out to your various audiences, both in email campaigns, via your business’s social media accounts, and on your website! ACCESSWIRE is happy to provide you with a demo of our press release distribution platform. Click here to schedule your demo today!