Misbehaving bosses and employees are a fact of life. At some point, every organization will likely have to deal with them. But when the misconduct crosses a line, the fallout can ripple through your company costing you millions. Between hits to your reputation, fines, lost clients, decreased productivity, ongoing litigation, and increased insurance premiums, hanging onto bad employees can be an expensive mistake.

Here are 3 things you can do right now to protect yourself from the bad behavior of your employees:

Create a compliance program

If you don’t have a set of policies in place that address misconduct by employees, create one that clearly outlines what is and is not tolerated at the company and the associated consequences. Be sure to consult with attorneys and other experts to ensure that these policies are legal, enforceable, and match the needs and expectations of your organization.

Next, you’ll need the buy-in of your managerial staff. It’s up to them to communicate the mission and vision of the compliance program to employees. This messaging should be robust, scalable, and repeatable. Having a method for doing this should provide your managers with the tools they need to deliver these messages to your employees effectively. The better these messages are communicated, the lower your risk of employee misconduct.

While your managers will play a significant and important role in the roll out of these messages, they cannot do it all on their own. To really make sure everyone knows about them you’ll need compliance training and a code of conduct for employees to sign on to. Taking the time to train employees on the intricate ins and outs of your policy will help clear up any ambiguities in the code. Having them sign on to the code will communicate its importance to their continued employment and send a message that these codes of conduct are serious business. 

Incentivize compliance and enforce consequences

Laws are only useful when they are enforced. But enforcing the laws you’ve made may require additional resources. Assuming you planned for these during your policy formation phase, the next step is to gather the resources you need to enforce compliance through auditing and investigation.

Make sure employees are aware of the legal implications of non-compliance – both for the company as a whole and for them as individuals should they be held personally liable. This should be done throughout the program messaging, training, and in the actual code of conduct.

With enforcement resources in place and the stakes around compliance known, it’s time to formulate and implement screening standards for employees. These standards should be robust, scalable, and repeatable processes that provide your company with the assurances it needs to mitigate the risks you face.

Assess risk and be prepared

Once you have a documented and well-communicated set of policies in place, you’ll need to prepare for the worst case scenario. Begin by identifying potential areas where misconduct could take place and perform necessary audits to ensure policies and procedures are being followed. 

Next, consider those groups who would respond to a violation such as regulators, law enforcement, shareholders, employees, and even the general public. What do they expect from your company? How do they expect you – and your brand – to resolve the issue? 

Having a response plan in place will allow you to respond quickly and decisively to a crisis, in a way that inspires trust and confidence in your stakeholders that it won’t happen again.