What Good Compliance Looks Like: Part II
Updated: Sep 8, 2020
In a prior post, I shared the view of a CEO of a Fortune 500 company, who launched his talk at a compliance event by asking “what does good look like?” In that post, I concluded with how “I spent the better part of my career avoiding and evading compliance, but I now appreciate that compliance leaders want those outside of their perimeter to be successful, and they want them home with their families.”
So, let’s reflect some more on what good compliance looks like. Let’s start with a question: What Was Volkswagen Thinking?
In an Atlantic article titled with that very same question, which addressed a number of corporate scandals, including VW, the Ford Pinto, and the Challenger disaster, author Jerry Useem concluded: “the sequences of events fits a pattern that appears and reappears in corporate misconduct cases, beginning with the fantastic commitments made from high.” And when those “fantastic commitments,” are made without the input of compliance, they can become stand-alone red-flags for future misconduct.
As Bazerman and Tenbrunsel share in Blind Spots, “underlying formal systems are informal norms and pressures that exert far more influence on employee behavior than any formal efforts could,” adding that informal systems “teach employees what behavior is really expected of them.” In my experience, incentives, forecasts and business strategy represent a tremendous unspoken message of organizational values and ethics. When organizations speak to a ‘win above all else’ mentality, including lucrative incentives and aggressive forecasts in high risk areas, then compliance can be viewed from the front lines as “ethics marketing.”
What I have come to appreciate is that the compliance community understands that peril, and as Scott Killingsworth recently shared in a WSJ interview (here), when compliance personnel “are in from the start you have a chance…to foresee what compliance risks are and put in some protections and some cautions early on.” I call that baking in compliance risk before boots hit the ground, and to shore up processes and programs to make sure that spoken and unspoken messages are aligned.
If compliance is not a part of that business discussion, including setting strategy, goals and incentives, especially in high-risk (low integrity) regions, then the compliance team may be left with the unenviable task of ‘catching falling knives.’ I hear those trepidations from compliance personnel when they share their concerns of how the voice of “growing the business” is drowning out the voice of “how to grow the business.” That’s bad for everyone.
When ‘grow the #business’ drowns out ‘how to grow the business’ that’s bad #FCPA news for all
This dynamic was well addressed in a recent discussion I had with Dr. Susanne Marston, Vice President & General Counsel, APM Terminals, in preparing for an event where I addressed her leadership team. Susanne shared with me (and my appreciation to her for putting it in writing):
“Richard, while we certainly understand that a robust compliance program must have the tools to raise awareness and insure that employees understand rules, policies, and procedures as to prevent violations, that’s not enough. We know that rules don’t necessarily drive behavior. So we need to be very clear with our international teams that compliance does not conflict with the business objectives, and that in fact, the two are complementary parts of business strategy.”
When compliance is a part of that business discussion, then the reality which Ms. Marston and Mr. Killingsworth describes is much more likely to occur. While Ben DiPietro’s reporting (here) of a survey released by Convercent and the Ethisphere Institute (here) shows “that while the compliance function is gaining in prominence within many organizations, it’s still ‘falling short of having input on company strategy,’” might be somewhat disheartening, that it’s now in the mainstream of the discourse is entirely encouraging.
Compliance and tone at the top are more than stated values, it’s about operational and unspoken values. It’s about a seat at the table of business strategy.
#Compliance is more than stated values and tone at the top. It’s about operational values