businessman helping colleagues bridge gap

How the CEO Can Support Compliance

Many executives view compliance as a “check the box” proposition. In this column, LeClairRyan attorneys Brian Lansing and Patrick Hurd argue that a focus on compliance should permeate the entire organization, in much the same way that Amazon obsesses about customer service. It all starts at the top, with the CEO setting the tone.

with co-author Patrick Hurd

Plenty of CEOs “check the box” on compliance. The drill goes something like this: Once a year, the CCO presents the written compliance plan at a board meeting or C-suite retreat. After scanning the checklist of do’s and don’ts, the CEO basically feels satisfied the bar has been met. Time to move on to the next agenda item.

But does checking the box truly protect the company from risk? Does it enhance its business or propel its growth strategy? The likes of Amazon, Apple and Dollar Shave Club have earned kudos for building cultures permeated by a sharp focus on customer service, right down to the smallest interaction. In the same way, regulated companies need to make sure that compliance permeates the organization. The benefits go beyond risk management: A true culture of compliance feels open and honest to everyone it touches; it leads to higher morale, easier recruiting and retention, happier customers and, ultimately, higher productivity. (If this sounds like an overstatement, imagine how it would feel to be at an outfit scandalized by endless sexual harassment claims or embroiled in accusations of “Enron accounting.”) Developing a culture of compliance requires effort, but the concepts are straightforward:

Set the Tone

Setting the right tone starts with the CEO. This does not mean simply honing your message. Fundamentally, it is about integrating compliance into all that you do. The CEO should see all processes in the organization as opportunities to further the company’s culture of compliance, whether they involve the supply chain, operations, facilities, sales, marketing, HR, the board, you name it. How can you prevent costly mistakes? Where could you find opportunities to implement best practices? Have you listened directly to rank-and-file feedback about what’s actually happening on the ground? When it comes to setting the tone, remember that actions matter much more than words (which certainly matter, too). When the CEO makes a visible, daily commitment to compliance, it is easy for everyone else in the organization to follow suit. Consistency is essential. The CEO should set clear expectations and never move goalposts without thinking carefully about the fallout.

Train Your People

Like all other job responsibilities, employees must be trained in compliance. It starts with having a code of conduct, issuing copies to all employees and posting it on the company’s intranet. Consider also posting the code on your outward-facing website to demonstrate your culture of compliance to external stakeholders – customers, suppliers, business partners and the public. But don’t stop there. Train new employees on their first day. Train all employees at least annually. Develop policies and procedures, distribute and post them and train employees on the distinction. Policies have the force of “law” in a company, violations of which subject an employee to discipline, up to and including termination. Procedures are business rules for the company’s operations. Training should include a combination of facilitated in-person training and online training. Take the training yourself, ensure your executive leadership team does, too, and take it seriously. Doing so sets the example for all employees to follow (remember, tone starts at the top).

Build Trust

The CEO and Chief Compliance Officer must have a bond of trust. At a macro level, this starts with the CEO initiating “the talk” — a freewheeling discussion about questions like how to handle incident responses or what the CEO wants with respect to the frequency of compliance-related communications and the level of detail. Some CEOs want to know about any breaches that occur, and ASAP. Others are a bit more hands-off. The CEO should remove the guesswork by communicating openly about expectations with the compliance team.

Be Accessible

Access also matters. The CEO should make sure the CCO and board have an open line for routine reporting and the regular exchange of information about goals, policies, processes and internal investigations. The objective here is engagement, not micromanagement. Regarding communication farther down the line, some companies suffer from disconnects between top execs and mid-level managers who implement compliance programs. In the worst cases, middle managers believe their concerns aren’t being listened to and become millionaires by turning into whistleblowers. The CEO needs to make sure employees at all levels of the organization understand that the brass wants to hear from them. Consider having an anonymous, monitored compliance hotline. This makes employees feel they are a valued part of the company’s compliance efforts. Well-run hotlines can also turn up other matters that may be important to the company. They can help boost morale by contributing to a culture of openness.

Act Quickly

If a compliance issue emerges, the CEO should never wait and hope it goes away. To be sure, the CEO must balance a host of factors, including financial stability, impact on growth and return on investment/profitability. But decision paralysis can be devastating. It is better to act decisively on the recommendations of the CCO, one way or another. In order for CEOs to get the information they need to act swiftly, they need to make sure all parties understand they can “handle the truth.”

In today’s highly competitive environment, it is easy to feel that “now is not a good time” to focus on regulatory compliance. But CEOs cannot afford to be consumed by things like mergers and acquisitions, sales slumps or factory closures. They have to multitask and keep compliance on their radar screens. When companies build integrated, sustainable, mutually trusting cultures of compliance, CEOs would never even think about asking the question, “Why you are bringing this up now?” Nor would the CCO tremble at the thought of raising a compliance issue with a harried CEO. From the top down in such cultures, everyone understands that compliance is a daily responsibility — part of who and what you are.

Corporate Compliance Insights is a wholly owned subsidiary of Conselium Executive Search, the global leader in compliance search.  


Brian Lansing

Brian Lansing is a Senior Counsel in LeClairRyan, based in Richmond, Va. He is the leader of the national law firm’s General Counsel and Secondments team, which provides outside general counsel services and onsite attorney support to businesses of all sizes. His practice also includes compliance, investigations and white-collar criminal defense, intellectual property and technology, commercial litigation, and food and beverage matters.  Mr. Lansing’s litigation experience spans numerous cases in federal and state courts nationwide and before administrative agencies.

Prior to joining LeClairRyan in January 2017, he served nearly 12 years as in-house counsel for a Fortune 200 consumer packaged goods company, where he closely managed dozens of anti-counterfeiting, antitrust, commercial, intellectual property, and regulatory cases, and served as legal counsel to the Chief Compliance Officer and compliance department, the corporate affairs and communications departments, the brand and trade channel integrity department, the regulatory affairs department, and the research, development and engineering department.

Before that, Mr. Lansing practiced at a Washington, D.C. law firm, where he litigated complex commercial, intellectual property, qui tam False Claims Act, and white-collar cases in federal and state courts around the country and before government agencies. His clients have spanned industries as diverse as banking, communications, construction, government contracting, manufacturing, and services. He has significant experience in business tort, contract, copyright, False Claims Act, fraud, patent, trademark, shareholder, trade secret, and white-collar cases.

Mr. Lansing began his career in the United States Navy Judge Advocate General’s Corps, where he handled hundreds of criminal appeals, prosecuted dozens of crimes, and defended dozens of civil lawsuits in federal trial and appellate courts on behalf of the Department of Defense, Department of the Navy, and high-ranking officials. After eight years of active duty he transferred to the Navy Reserve, where he continued litigating civil cases for another six years, and later served as an executive officer and then commanding officer of a JAG Reserve unit, and as special assistant to the Naval Inspector General. He was invested as a military judge in 2012, and currently serves as the Chief Trial Judge of the Navy Reserve, holding the rank of Captain.

He can be reached at brian.lansing@leclairryan.com.

Related Post