Chief compliance officer
Ethics and compliance director
General counsel
Internal audit director
HR compliance manager
Governance officer
This process is used on an annual basis or at defined intervals when the organization requires its workforce — or a defined subset such as officers, managers, and key personnel — to certify compliance with the code of conduct and disclose any violations, conflicts of interest, or ethical concerns. It applies when the attestation requires more than a simple acknowledgment, including affirmative certification of compliance, disclosure of potential issues, and in some cases completion of a conflict of interest questionnaire. It is common when compliance, legal, and HR must coordinate to collect, review, and resolve attestations across the organization. Ideal for financial services firms, publicly traded companies, healthcare organizations, and any entity with governance or regulatory requirements for periodic compliance attestation.
The attestation process typically involves compliance officers who design and manage the attestation campaign, the attesting employees who complete the certification and disclosures, legal counsel who reviews disclosed violations or conflicts, HR who supports completion tracking and follow-up, and internal audit or governance committees who review aggregate attestation results.
Documented annual compliance certification for every individual in the attesting population. Identified violations and conflicts through the disclosure mechanism, enabling the organization to investigate and resolve issues proactively. Governance and regulatory compliance demonstrated through a structured, auditable attestation process. Risk visibility from aggregate disclosure data that reveals areas where additional training, policy clarification, or investigation may be needed. Accountability reinforcement by requiring each individual to personally certify their compliance rather than passively acknowledging a document.
Your version of this process may vary based on roles, systems, data, and approval paths. Moxo’s flow builder can be configured with AI agents, conditional branching, dynamic data references, and sophisticated logic to match how your organization runs this workflow. The steps below illustrate one example.
Attestation campaign design and launch
The process begins when compliance designs the annual attestation, defining the attesting population, the attestation questions, the disclosure requirements, and the completion deadline. The campaign is launched with distribution of the attestation form to all required individuals. An AI Agent can assist by generating the attesting population list from the HRIS and identifying any individuals who require special handling.
Attestation completion and disclosure
Each individual completes the attestation, which typically includes certifying that they have complied with the code of conduct during the attestation period, disclosing any known or suspected violations, reporting any actual or potential conflicts of interest, and confirming their understanding of the code’s requirements. Disclosures trigger a separate review workflow.
Disclosure review and investigation
Compliance and legal review all submitted disclosures. Straightforward disclosures such as routine conflict of interest declarations may be resolved through management approval or mitigation measures. Material disclosures involving potential violations are referred for investigation. An AI Agent may categorize disclosures by type and severity to prioritize the review queue.
Completion tracking and escalation
Compliance tracks attestation completions against the deadline and sends reminders to individuals who have not completed their attestation. Non-completions are escalated to the individual’s manager and, if necessary, to senior leadership. Persistent non-completion is documented and addressed per organizational policy.
Campaign closure and reporting
At the campaign deadline, compliance generates a summary report showing completion rates, disclosure categories, and any outstanding items. Aggregate results are presented to the governance committee or board as applicable. All attestation records are preserved.
This process commonly relies on inputs such as the attestation questionnaire, the attesting population list from the HRIS, prior year disclosures for reference, and the code of conduct. It may be triggered by the annual compliance calendar or a governance committee directive. Connected systems often include compliance management platforms, HRIS platforms like Workday or ADP, case management systems for disclosure investigation, and governance reporting tools.
Key decision points include which individuals are required to complete the attestation based on role, level, and regulatory requirements, whether submitted disclosures require investigation, management review, or mitigation measures, whether non-completions after the deadline require escalation or consequences, and how aggregate disclosure data informs the organization’s compliance risk assessment.
Attesting population list inaccurate, missing individuals who should be included or including those who have left the organization. Attestation questions ambiguous, leading to inconsistent or meaningless certifications. Disclosures not reviewed in a timely manner, leaving reported conflicts or violations unresolved. Non-completions not escalated, undermining the credibility of the attestation program. Aggregate results not analyzed for patterns that could indicate systemic compliance issues.
Orchestrates the annual code of conduct attestation from campaign design through disclosure resolution across compliance, legal, HR, and all attesting individuals in a single workflow.
AI Agents generate the attesting population from HRIS data and categorize submitted disclosures by type and severity to prioritize compliance review.
Engages each individual within the workflow for attestation completion and disclosure submission, capturing certification, disclosures, and signatures in context.
Routes disclosures for review and investigation within the workflow so conflicts and potential violations reach compliance and legal with full context.
Tracks completion rates in real time with automated reminders and escalation to managers for non-completions.
Preserves the complete attestation record including certifications, disclosures, review outcomes, and campaign reporting for governance, audit, and regulatory compliance.
