The Framework articulates eight elements necessary for the establishment and maintenance of an effective program, and defines three categories of responsibilities—operations, compliance, and senior leadership— as they relate to each element. The Framework provides a common set of basic standards from which the university’s various compliance leaders can operate, and encourages compliance functions to conceptualize, plan, execute, measure, and report on activities in a consistent manner.
The Framework is a flexible structure for supporting the management of Yale’s many compliance obligations. Reasonable ways to design and implement each of the eight elements of a program in relation to a specific regulatory area will vary based on risk. Broadly speaking, as the complexity, breadth of applicability, and impact and likelihood of noncompliance with a set of requirements increase, the more robust the resourcing and process formality should be for each element of a program in order to address the risk associated with that set of requirements.
The responsibilities articulated in the Framework provide leadership with a consistent way to ensure ownership and accountability in relation to compliance objectives. Within the Framework, those who engage in regulated activity have “operations” responsibility, which generally entails conducting activities in accordance with applicable requirements; those who serve as Yale’s subject matter experts for particular regulatory areas have “compliance” responsibilities, which generally include setting standards, advising operations on controls, monitoring, and reporting to senior leaders; and the officers and administrators who oversee compliance personnel are “senior leaders”, whose responsibilities include providing strategic direction, and ensuring adequate program structures and management are in place.
In practice, one individual can have multiple responsibilities. Often times, Yale’s compliance personnel will assume responsibility for operational activities in order to better support the university’s faculty and staff. This mix of compliance and operations responsibility is common at Yale, as at other universities.
In many cases, personnel who ultimately have “operational” responsibility under the framework delegate their responsibilities to others. This includes Yale’s lead administrators, embedded in every department across the university, who are often delegated significant “operations” responsibilities, and serve as liaisons between compliance and departmental personnel. Assignment and delegation of responsibilities varies widely across Yale’s compliance landscape, with practices varying by function, school, unit, and department. The Framework provides a uniform model from which leaders can work when evaluating appropriate allocation of responsibilities.