Compliance officers often spend their time building an ethics and compliance program. Some failure has happened, regulators are on the company’s back, and the company agrees to implement various reforms for a stronger, more ethical corporate culture.
OK, that’s good. What happens next? How can compliance officers sustain an ethical culture over the long term?
This is no esoteric issue. The U.S. Justice Department recently announced new policies to crack down on corporate misconduct, and one key point in that effort will be taking a harder stance against repeat corporate offenders. Too often, companies agree to implement a compliance program as part of a corporate integrity agreement — and then let that effort wither as soon as the agreement expires.
The challenge is how to break that bad habit; how to assure that a culture of compliance will continue without a corporate integrity agreement hanging over the executive suite’s head. Businesses need to retool their corporate culture to make ethical conduct its own reward, and something that can sustain itself over many years.
Why an Ethical Culture Matters
First, an ethical culture correlates with better business performance. Not only do you suffer fewer regulatory headaches (although that part is very much true); businesses with a strong ethical culture do better on a host of important performance metrics — everything from lower employee turnover, to fewer lawsuits, to higher share price appreciation and return on assets.
So before we even consider the argument that investing in ethical culture is necessary to support a compliance program, begin by understanding that an ethical corporate culture is a competitive advantage unto itself. Even if there were no regulatory pressures to support ethics and culture, that investment of company time and resources would still be worth it.
Second, however — an ethical culture is still important for effective regulatory compliance, too. As we noted earlier, the Justice Department is taking a more expansive view of how to enforce against corporate misconduct.
One part of that will be considering all of a company’s past misconduct, when deciding how to resolve a current issue. Another part will be taking a harder stance against repeat corporate offenders. For example, the repeat offender might be more likely to see a compliance monitor imposed as part of a settlement, or lose the chance to receive a deferred-prosecution agreement. Either way, being able to demonstrate that you have a real, sustainable culture of ethics and compliance will be crucial to achieve a better outcome.
How to Sustain Ethics in Your Organization
Building an ethics and compliance program requires policies, procedures, internal controls, and quite often, new technology to support better data analytics and reporting.
Sustaining an ethical culture is different, in the same way that maintaining a house is different from building it. You need some of the same tools, but you use them for different purposes. And while building a house requires enormous effort for a short while, maintaining a house (if you do the job conscientiously) is less demanding at any given moment, even though the work itself never ends.
What do you need to sustain an ethical culture? Let’s consider some of the primary tools.
Tone at the top
The single most important element in an organization’s ethical culture is the message that senior leaders send, both in the words they say to employees and the personal example senior leaders set with their conduct. CEOs, division managers, and other top leaders must talk about the importance of ethics in their messages to the workforce, and they must put those values into practice — even if that means painful consequences, like foregoing lucrative deals rooted in corruption or firing star performers who violate the rules.
Incentives and Promotion
Employees will follow the path laid out for them by management. Hence the company must structure its incentive compensation, promotion tracks, and any other rewards to align with the ethical culture you want to achieve. For example, consider incentive compensation that’s based on team performance, rather than pitting individuals against each other and driving up the temptation for misconduct; or include ethics and compliance considerations in performance reviews (especially for managers).
Training takes the lofty goals articulated in your Code of Conduct and translates them into specific behaviors employees should uphold or procedures that they should follow. Most employees naturally want to do the right thing — but as we’ve discussed previously, they may not understand what “right” means to the company (especially at large, global businesses). Training should explain that importance, and then provide clear, relevant instructions on how to perform their duties in an ethical manner.
Policies and procedures
Policies and procedures are the guidelines that get work done within a company on a daily basis. Policies state the broad goal: “We will not make corrupt payments,” “We will obey all relevant data privacy rules,” and so forth. Procedures are the specific steps employees follow: “This is how we file an expense report” or “Seek user consent in the following way.”
Policies should address every significant compliance risk your company faces, and should reflect the core ethical values senior leaders articulate in their tone from the top. Procedures should be clear and precise, and supported by sufficient and proper training.
Maintain safe spaces for communication
A strong, successful corporate culture establishes its own feedback loop: senior leaders set objectives and standards for ethical conduct, which flows down to employees; but employees must also be able to communicate upward to management what is or isn’t happening in accordance with those goals. So preserving those channels for safe, objective discussion is critical.
One indispensable tool for this goal is the internal whistleblower hotline, which should be designed and operated so that it’s accessible for all employees. Senior leaders should also consider other mechanisms to solicit feedback, such as employee surveys and even just employees chatting with supervisors. And once a complaint is submitted, the company’s policies and procedures for investigation (including anti-retaliation policies) should be followed strictly.
Use compliance software
As we said at the start, sustaining an ethical culture is about maintaining that culture over time — which means compliance officers must monitor an enormous amount of activity within the enterprise, and that means using compliance software is critical.
Specifically, use compliance software to analyze the activity happening within your enterprise and identify areas of “ethical drift” that might need adjustment. For example, you might study calls to your whistleblower hotline to see which regions receive the most complaints, or what misconduct is reported most often. You could also use policy management software to track local business units’ creation of policies, to assure that the local units draft policies in accordance with ethical values or that don’t contradict other policies.
The right compliance technology can provide rich analytics, to help the compliance officer understand where enterprise-level adjustments might be necessary (say, a new approach to incentive compensation); and it can provide better evidence when you report your ethical and compliance posture to regulators, the board, or other stakeholders.
Then you can repeat the process over again, year after year, and keep your ethical culture strong for the future.