The fourth and last step to achieving successful compliance management for every chief compliance officer (CCO) is to Foster a Culture of Compliance.
The term 'culture of compliance' is now appearing with regularity in the US Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) policy and enforcement vocabulary. These agencies have likely seen too many examples of companies asserting that they had an effective compliance program, but the review showing a “check the box” rather than substantive program foundation.
So what does the term mean?
In the absence of an actual legal or standards-based definition, a common sense reference is that a culture of compliance exists within an organization when its shared and integrated values and attitudes place compliance with the law as an operational and strategic priority, as evidenced by the organization’s actions and practices.
As with other compliance topics that have a longer-term strategic aspect, it is important for the CCO to communicate with management about:
- What the regulatory expectation is, and what it means to the company;
- How you, as CCO, intend to work towards a culture of compliance – doing what, and over what period of time; and
- What support from management will likely be needed – and how it is in their professional and personal best interests to emphasize and operationalize compliance going forward.
If culture is defined as the attitudes and behaviours that characterize a group of people, then establishing a culture of compliance means setting the foundations of an organization in which every individual views compliance as an operational and strategic priority. Achieving this state will take many years for most companies, but it is as important to be moving forward on the path in identifiable ways as it is to actually achieve the ultimate goal.
Image credit: http://complianceandethics.org/