Few misconduct scandals have captivated the public mind as much as the indictments in the college admissions scandal announced by federal prosecutors last week. Anywhere you went — coffee shops, taxi rides, chats by the water cooler — people were talking about it.
So compliance officers would do well to ask one question right away: why?
What about this scandal provokes such widespread outrage? And is there a deeper lesson to be learned for compliance officers about the nature of misconduct, so that your organization can avoid its own miniature misconduct meltdown?
After all, that’s what compliance officers should worry about foremost: a scandal that puts your whole enterprise in an uproar, invalidating all the previous ethics and compliance work you’ve done. That type of incident can ruin corporate reputations, cost people their jobs, invite regulatory scrutiny and litigation, and poison the bonds of trust that exist between your organization and its stakeholders. (All of which is happening in higher education now.)
So what about this scandal triggers such an explosive response?
Why the College Admissions Scandal Triggers an Explosive Response
First, this misconduct reeks of undeserved privilege. People with money gained access to something valuable — college admissions for their children — by ignoring and breaking the law and using methods not available to everyone else.
People tend not to mind proper exercise of privilege. Nobody objects to entrepreneurs striking it rich in an IPO, or top sales executives winning a bigger bonus, as long as the conduct that led to that bonus was ethical, of course. The perception of undeserved privilege, however — that’s the triggering mechanism. When employees believe that a privileged few get to ignore standards of conduct to advance their own self-interest, that’s when the organization has big problems. That’s what the ethics and compliance function needs to work against, at all times.
Second, this case underlines the importance of ethics training — even among superstar employees and senior executives, whom we assume already know better; even when we’ve all taken the ethics training before, and discussed the importance of ethical conduct until we’re sick of it.
Because, clearly, people tend to forget their ethical moorings. We assume we know the right thing to do, and lull ourselves into a false sense of security that we’re not really acting unethically. Maybe we delude ourselves into believing everyone else does it (spoiler: they don’t). Maybe we tell ourselves we’re allowed to be unethical this one time, since we’ve been so ethical before. Maybe we convince ourselves there’s no actual harm (spoiler: there is), so it’s OK to take the unethical action just this one time. Well, maybe one more time after that.
All those rationales are baloney, and everyone who’s given an FCPA training course knows it. But this misconduct, so very different from a foreign bribery scandal, shows that those pitfalls in thinking are constant, universal temptations.
So we all need to talk regularly about what “doing the right thing” really means, to better defend ourselves when those temptations do come along. Spoiler: they will.
Those are points to ponder about an organization’s control environment: its tone at the top, and corporate culture throughout. The college admissions scandal has several more nitty-gritty lessons for compliance officers too.
Policies, Procedures, and People
The colleges involved in this case fell victim to poor oversight of third parties, poor risk assessment, and weak policies to prevent fraud.
For example, in one instance, the mastermind of the scheme took $50,000 from a parent to create a fake profile of his daughter as a top water polo player. The profile even included doctored photos of another girl playing the sport. A coach at the University of California then accepted a bribe to designate the student as a water polo recruit, so she could enroll at USC when she otherwise probably wouldn’t have been accepted.
What went wrong here?
First, a poor assessment of fraud risk. These applicants didn’t steal from the university, but they did steal from other deserving students who lost an enrollment slot. This risk is complex, because it involves multiple parties: the family applying, the mastermind orchestrating the bribe, the coach accepting the bribe.
Still, fundamentally, the universities involved weren’t thoughtful enough in their assessments of how admissions fraud might happen. It’s a reminder for other businesses: how could we be swept up in different types of fraud, even if we’re not the direct victims? What other parties could form alliances to use us as vehicles to commit fraud?
Second, poor policies and procedures to prevent fraud. Some college employees implicated in this scandal are accused of accepting millions in bribes. That raises questions about performing regular background checks — including a review of employees’ financial status — on employees and other third parties.
Compliance functions won’t usually perform such background checks themselves. More likely, HR would perform regular background checks, and internal audit would test whether those checks work. But compliance officers, HR, and internal audit all need to work together to create a means to police against abuses like this.
Who are our key employees? What policy should we have about background checks? How do we conduct them? How do we know those policies and procedures are working correctly? Those are the questions organizations need to ask. The answers will inform any changes to business operations that might be necessary.
That, coupled with a keen awareness of why ethics is important: those two things done together will help you avoid a harsh misconduct spotlight like the one glaring on college admissions now.