Long ago, a chief compliance officer told me this about the job: “If you only have time to think about either ethics or compliance, but not both — I’ll think about ethics every time. Because if you get the ethics stuff right, the compliance stuff becomes a lot easier to solve.”
There’s a lot of wisdom in that point. In two sentences, that CCO explained how ethics is the foundation for any successful compliance program; and what one of the primary roles of a modern chief compliance officer is: to support an ethical culture.
So let’s talk about how to do that — how to lay the foundations for an ethical culture, so your organization is in a better position to achieve corporate compliance and better business performance overall.
What do we mean by ‘ethical culture’?
Your corporation’s ethical culture is the set of ethical values and practices that shape morale and daily performance at work.
Those values and practices can vary enormously from one organization to the next, although good ethical cultures all share several fundamental traits. For example, ethical cultures tend to have leaders with a strong moral compass and who speak about the importance of ethics often. These cultures also tend to value team performance more than individual goals, have clear expectations for acceptable behavior, and hold people accountable for their actions.
Bad ethical cultures, on the other hand — they can be bad for any number of reasons. As Tolstoy said: “All happy families are alike. Every unhappy family is miserable in its own way.” The same is true for corporate cultures.
It’s important to remember that policies and procedures can influence corporate culture, but they are not the corporate culture itself. They are the instruments by which senior executives (including the chief compliance officer) try to nudge ethical culture in certain directions.
Also understand that one corporate culture can encompass numerous sub-cultures. Different offices or regions might conduct themselves in different ways, especially if your business spans multiple countries. That’s not necessarily a bad thing — until a sub-culture starts to deviate from the company’s ethical values and priorities. When that happens, the sub-culture is really saying that it believes its ethical values and priorities trump what the company holds as important. That’s when you have a problem.
And an ethical culture, specifically, is one driven by a commitment to make the company’s ethical values a priority for the business. That commitment to ethics prevails over short-term profits, personal advancement, or even regulatory obligations that you might not like. “Doing the right thing” comes first.
What is the compliance officer’s role in ethical culture?
First and foremost — no, the chief compliance officer does not “own” ethical culture.
If any single executive owns ethical culture, it’s the CEO. The better answer, however, is that all senior leaders in the organization share responsibility for steering corporate culture in the desired direction. The chief compliance officer is (or at least, should be) one of those senior leaders. That said, the CCO has a few other specific responsibilities for corporate culture that other senior executives don’t.
For example, the CCO should monitor the corporate culture for flaws or weaknesses that might pull employees away from the ethical values the company holds dear. Those flaws and weaknesses could then lead to compliance violations, with all the costs, remediation work, and other disruptions that ensue.
The CCO should also work to strengthen the ethical foundations of the corporate culture; by taking those observations of where the culture is weak, and designing policies, procedures, and internal controls to make the culture stronger. In numerous ways, the compliance officer needs to develop practical changes that the company can implement, to encourage its workforce to make ethical conduct a high priority.
How do you get started laying those foundations?
If the ethical culture is supposed to flow from the top, that’s where the CCO needs to begin: by working with senior leaders to define the company’s core values, and then framing them into a mission statement or statement of priorities. Such statements matter, and not just because they’re what employees see on the wall while relaxing in the lunchroom. They are a signal to employees about what’s important.
Compliance officers also need to find the logical allies within the organization who can help them lay those ethical foundations. Good candidates are the head of HR and sales (since incentive compensation is so important to driving behavior), as well as the heads of IT and of finance or accounts payable.
Next, talk with leaders of operating units and middle managers. First, you simply want them to know that the ethics and compliance function exists; but you also want to pump them for information about key business processes. Which ones could be subverted for misconduct, and how? Who would be susceptible to committing such misconduct, and why?
With those insights, and with those allies, you can then begin the more painstaking work. You need to amend policies and procedures so they’ll both strengthen the message that ethics matters, and reduce the opportunity for wrongdoers to commit misconduct anyway.
Then monitor and assess corporate culture all over again through workforce surveys, data analytics, and more consultation with those key allies. The ultimate goals are more employee engagement with the ethics program, and turning mid-level managers into advocates for a strong ethical culture. It’s a never-ending journey.
How does an ethical culture support my compliance program?
Investing the time to develop an ethical culture will always be worth it. Over the long run, the benefits to your compliance program — in fewer investigations, remediation costs, disclosures to regulators, and the like — will be enormous. (That was the point that my chief compliance officer friend at the top of this post was making.)
The work of building an ethical culture will pay off in practical ways, too. Assessing corporate culture provides insights about how to update policies and procedures. It also helps you to document your rationale for making those updates, and that documentation will be crucial if you’re ever on the wrong end of an enforcement action; regulators will want to see why you made the changes you did.
And more broadly, once you win over those middle managers and Second Line of Defense business functions, their input will let you develop a better compliance risk assessment — probably in ways you could never anticipate from your perch in the chief compliance officer’s office.
So never let others in your organization get away with saying an ethical culture doesn’t matter. On the contrary, an ethical culture is perhaps the most valuable asset an organization could have. Lay the foundations for it early, and protect those foundations constantly. The dividends that culture delivers will always be worth it.