(Want to get articles like this one by email? Here is the sign-up!)
During a recent speech to compliance professionals, Assistant Attorney General (AAG) Leslie R. Caldwell discussed “hallmarks of an effective compliance program.” The items she mentioned largely track the DOJ/SEC FCPA Resource Guide: senior management support, adequate resources, clear policies, training, periodic evaluation, enforcement of policies, third party due diligence and sensitization. Ultimately, though, this boils down to one factor: corporate culture.
This term describes a blend of a company’s values, beliefs and history, as well as the experiences, personalities and direction of its influential personalities. It evolves over time. As with compliance programs, there is no one size or type that fits all. Corporate culture typically applies (albeit quietly in most cases) to a variety of different company activities – from the benign to those decisions directly affecting the conduct of present and future business, e.g., everything from community-building social events (Friday trivia quizzes over email and employee birthday celebrations, for example) to significant commercial strategic considerations (e.g., financial and non-financial priorities when entering a new market, including the critical element of risk tolerance).
Creating a supportive corporate culture means sustaining an environment in which employees care not just about the risk of getting caught, but, even more importantly, about the importance of acting legally and ethically in the first place. As AAG Caldwell explained, “While companies have for years appropriately adopted a ‘risk-based’ approach to compliance, … corporations all too often misdirect their focus to the wrong type of risk” and “target the risk of regulatory or law enforcement exposure of institutional and employee misconduct, rather than the risk of the misconduct itself.” On another occasion she made the point even more succinctly: “Effective compliance programs must be embedded in a company’s culture.”
Senior management has an indispensable role in creating “tone from the top” and fostering “tone at the middle”, but a culture of compliance is truly evident when all employees, from executives to line staff share a commitment to respect for the law and ethical conduct. This is apparent when even staff in remote locations will dismiss possibly problematic (from a corruption perspective) opportunities with a simple “we don’t do business that way”.
How can a company create a culture of compliance? Focusing on the hallmarks of an effective compliance program that AAG Caldwell mentioned is a good place to start. In future blogs, we will discuss some specific ways companies can implement and expand upon these hallmarks.