6 Practices for Building a Better Culture of Compliance
While the “culture of compliance” concept has been around for more than a decade, compliance and ethics scandals continue to demonstrate that such cultures are still lacking in many organizations. And without organizational commitment to compliance, policies and procedures are merely documents.
Extreme examples, such as the continuing FIFA situation, demonstrate how a corrupt culture pervades an entire organization. Other incidents can be attributed to management, such as Volkswagen’s emissions cheating scandal.
Misconduct by single employees is more difficult to analyze. Take for instance Goldman Sachs’ complianceassociate who was recently charged with insider trading. While one may be inclined to think of this as a one-time problem caused by a bad employee, a bank that’s so high-profile should be capable of ensuring the ethics of its own compliance staff.
If one rogue employee’s behavior can cause significant damage, a culture of compliance may seem unattainable. However, a real-life culture of compliance makes so-called “rogue employees” much less likely. In fact, compliance expert Thomas Fox argues that a rogue employee is often the symptom of a poor ethics culture: “such unethical conduct is ‘predictable in organizations which allow dysfunctional, conflicting or incongruent elements of their organizational system to take hold.’” So, businesses should do all they can to foster a culture that encourages compliance at every level and throughout the organization.
To build a foundation for a culture of compliance, look to the following tips:
- Start with leadership. As Brent Snyder, Deputy Assistant Attorney General at the Department of Justice,pointed out “A company’s senior executives and board of directors must fully support and engage with the company’s compliance efforts. If senior management does not actively support and cultivate a culture of compliance, a company will have a paper compliance program, not an effective one.”
- Align compliance with enterprise risk management. The compliance program should address risks that arise in each strategic area.
- Train and test. Companies should invest in employee training that explains corporate policies, as well as what behaviors are prohibited. Training should be ongoing with regular policy review and employee assessment. Investing in an effective compliance program is not cheap, but it’s favorable to the unlimited costs of noncompliance.
- Incentivize ethical behavior by incorporating it into performance reviews. If compliance is tied to compensation, employees are much more likely to learn, adhere to and incorporate policies into everyday duties.
- Don’t ignore compliance mistakes. Mistakes that occur are often likely to occur again, so analyze the incident to help others avoid the same mistake. Be aware that a violation may be an indication that a policy needs to be modified. Furthermore, businesses should be willing to discipline employees who violate company policy, which provides further motivation to comply.
- Put effective technology in place. Spreadsheets can only go so far in tracking compliance before the struggle with scalability and reliability takes over. Compliance technology solutions can alleviate much of the burden of creating a program that is consistent and repeatable.
For more information, Bring Order to the Chaos of Compliance and Policy Management explains how organizations are improving their compliance programs through technology.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
Learn about how HIPAA Compliance plays a role in protecting against cybercriminals.
Learn about Principled Performance: Why should your company pursue it?