Adam D.J. Balfour is on a mission to help make ethics and compliance more relatable and relevant for his fellow human beings. He likes to design ethics and compliance programs that employees can actually relate to, engage with and find useful. Adam currently works in Nashville, Tennessee, as Vice President and General Counsel for Corporate Compliance and the Vice President for Global Management Risks for Bridgestone Americas, and also chairs Bridgestone’s global compliance group meetings. He has written several articles on ethics and compliance and enjoys speaking at conferences and other events. He previously worked for Kirkland & Ellis LLP and Paul, Weiss, Rifkind, Wharton & Garrison LLP in New York. He is a graduate of the University of Dundee, Scotland and Harvard Law School and is CCEP certified.
SUNDAY, NOVEMBER 27, 2022
Ethical Leadership To Do List
Leaders, managers and supervisors are one of the key ingredients to helping make ethics and compliance a priority in any organization. It isn’t enough for a Code of Conduct to say that they have a “special responsibility” when it comes to ethics and compliance, you need to help people in these roles understand what they need to do. Here is a quick “to do” list that any leader, manager or supervisor can use to use their voice and influence to support employees and set the right tone.
What else would you add to the list? What are the biggest challenges you think leaders, managers and supervisors face in helping to build and sustain a culture of integrity?
SUNDAY, NOVEMBER 20, 2022
How To Make A Speak Up Habit Loop vs. Making Speaking Up A One Time Regrettable Event
A speak up culture is an important element of sustaining an effective ethics and compliance program and an indication of whether or not the program is working in practice. A speak up culture is not simply the individual responsibility of anyone who should, or wants to, speak up – it is a collective responsibility to ensure that speaking up becomes a habit and an individual and organizational norm, and not a one time immediately regrettable event for the person speaking up (or deter others if they see or hear about the bad experience others have gone through when speaking up). As many Codes of Conduct encourage, people who have relevant information should speak up – but that alone won’t build a habit or culture of speaking up. The organization has to listen to the person (including their story and not just facts relevant to potential liability for the organization) and ensure that the person is, and feels, listened to and that the process provided a more positive outcome than not speaking up. Cue; routine; reward; repeat (aka the habit loop).
While perhaps overly simple (and missing some other things that organizations can do to build a speak up culture), the below images show the differences in how to create a speak up culture through the habit loop and how to not have a speak up culture by breaking the loop. The images might be overly simple, but in some ways I think the concept of creating a speak up culture is fairly simple – listen to people, treat them with respect, appreciate and recognize them for speaking up and continuously build trust.
People who speak up are people who care, and organizations should in turn take care of these people. People should be rewarded for speaking up – otherwise an organization cannot expect to build or maintain a speak up culture.
Thoughts? Agree? Disagree? Share your thoughts in the comments below.
SUNDAY, NOVEMBER 13, 2022
The Island of California – Why Future Generations will Probably Laugh at Today’s Commonly Held Beliefs about Ethics and Compliance
There was a long held belief that started in the 16th century that California was an island. This incorrect belief continued to be reflected on some maps throughout the 17th century despite the fact that there was plenty of evidence that California was not an island (including, to state the now obvious, that California was in fact connected to the rest of the contiguous United States). Based on what we know today, the notion that anyone could think that California was an island and maintain that belief for such a long period of time seems absurd and comical. However, despite the evidence to the contrary, the mistaken belief persisted for a long period of time.
As much as we might not want to admit it, some of today’s commonly and tightly held beliefs about ethics and compliance will no doubt seem backward and comical to future generations. These “erroneous beliefs” will seem so obvious to future generations, yet we are unable to see the flaws in our thinking or the potential to see things differently. Commonly held beliefs can be hard to critically reflect on, but we absolutely have to challenge why we think certain things, seek differing perspectives and explore new ways of thinking.
I personally hope that we abandon “training and communication” in favor of “learning and engagement” (this is something that can, and should in my opinion, be done by every organization now), that Codes of Conduct and online training will look very different in the future, and that programs will seek to add value to their employees, culture and organization (which includes today’s program pillar of risk assessment/management) rather than being primarily driven to only minimize risk for the organization (an effective program does reduce risk, but also can add so much financial and other benefits and value).
What are some aspects of today’s ethics and compliance programs that you think will be challenged and rethought in the future? What’s one transformational or radical change you would like to see ten years from now and what are the one year and five year incremental milestones we would need to hit to get there?
SUNDAY, NOVEMBER 6, 2022
How to Get Your C-Suite to Talk About Ethics and Compliance
Over the years, I’ve been asked by a few people from other organizations “how do you get the CEO and other senior leaders to talk about ethics and compliance?” The answer is simple – you start by asking the C-suite to talk about ethics and compliance. Yup, it is that simple.
Your CEO and other senior leaders are incredibly busy, but I have yet to come across a senior leader who is driven to deliver results and leads with integrity, and who has not immediately said “yes” to helping reinforce organizational values and using their voice for good. Regulators expect “tone at the top” and – more importantly, in my opinion – I think most employees want to hear directly from their organization’s leaders and what they really think. This is an opportunity for senior leaders to reinforce the key messages of the ethics and compliance program, and also for them to share their personal stories about their careers, ethical dilemmas they have faced and when/how they spoke up (and what their experience was like in doing so). People connect with people and they connect with human stories – your organization’s senior leadership are hugely influential people who will inevitably have interesting and impactful stories to tell. No policy or PowerPoint presentation can equal the impact of senior leaders talking about organizational values. If you haven’t asked your senior leaders to talk about ethics and compliance, then reach out to them and find opportunities that work for their schedules to make it happen.
Tomorrow starts Bridgestone Americas’s 8th annual Ethics and Compliance Week and I could not be more excited to kick off our “Trust Week” theme with a panel discussion on trust, ethics and integrity with Paolo Ferrari, Chris Nicastro, Dane Parker (Board Member) and special guest Asha J. Palmer, JD, CCEP, LPEC (SVP of Compliance Solutions at Skillsoft. Each of these four people are leaders who role model integrity and trust, and I am sure our teammates and I will learn a lot hearing from them.
SUNDAY, OCTOBER 30, 2022
The Time It Takes To Conduct Internal Investigations Is Relative
Some internal investigations are going to take longer than others (due to various factors such as complexity, number of people to be interviewed, materials to be reviewed, specificity of the allegations etc.), but many companies consider 30 days as being the target (whether or not they actually hit it) to complete most investigations within.
From an organization’s standpoint – and perhaps the investigator’s too if their workload is so high – 30 days is not a lot of time. However, from the perspective of the person who reported actual or alleged wrongdoing or (if the reporter is aware of, and spoke up about, wrongdoing impacting someone else) the person suffering the wrongdoing, 30 days can seem like a really long time. If someone is dealing with harassment, retaliation or workplace bullying, then 30 days (especially if there is not much communication from the organization about what is happening) is going to feel a lot longer to the individual than it will to the organization. The reality, as seen in NAVEX’s latest benchmarking report, is 22% of organizations had a median case closure time of 100 days or more.
Investigations should never be rushed and they need to be made a priority to ensure that wrongdoing is addressed in a timely manner and also to make sure that employees are, and feel, seen and valued as people. Speaking up is often hard, but it doesn’t need to be made worse by the organization taking what might feel like an eternity to respond.
SUNDAY, OCTOBER 23, 2022
Like many others, I learned a lot from this week’s Society of Corporate Compliance and Ethics (SCCE) CEI in #Phoenix. I picked up a number of new ideas from the different sessions I attended, and also learned just as much from the conversations I had with other attendees during the coffee breaks, walking around the vendor exhibits, over meals and other random interactions during the few days there. Learning can take place during formal training (such as classroom or online training), but we can also learn so much through less formal ways including conversations, coaching and mentoring.
When organizations – especially leaders, managers and supervisors – regularly have conversations with employees about ethics and integrity, we can really enhance the opportunities for employees to ask questions, see different perspectives and to learn in a less formal environment. If we only focus on helping employees learn about ethics and compliance in traditional class room settings, then we are (according to the Center for Creative Leadership’s 70-20-10 model) missing out on 90% of how adults learn. There are so many different things organizations can do to help employees learn – share stories of when other people have spoken up (especially personal stories by leaders), connect strategic projects to organizational values and help employees get more comfortable with understanding whether leaders are truly committed to the organization’s compliance program.
SUNDAY, OCTOBER 16, 2022
Risk-Based Due Diligence is Just a Fancy Way of Describing…
Risk-based due diligence can sound both abstract and scary – and, perhaps understandably, something that anyone would want to kick over to the Legal and/or Compliance departments to handle. We all perform risk-based due diligence every single day, but we just don’t use that term to describe the following things:
1. Looking at the price, brand and expiration date on produce at the grocery store.
2. Checking the Yelp or Google reviews of a restaurant before deciding whether to make a reservation and/or what to order.
3. Checking whether it is safe to cross the road before you do so.
4. Checking the weather forecast before you head out for a walk.
5. Doing as your Peloton instructors say and “taking a quick 360 around the treadmill to make sure there are no children, pets or objects.”
These are all examples of risk-based due diligence that many of us can relate to and we all do ourselves without even realizing it is risk-based due diligence. Some types of due diligence definitely do require legal and/or compliance expertise, but we can do a lot to make most risk-based due diligence seem a lot less scary and abstract.
SUNDAY, OCTOBER 9, 2022
Scary Headlines and Compliance Program Branding
While scary ethics and compliance headlines are sometimes useful for explaining the importance of ethics and compliance, they often reinforce the brand that compliance programs are only about “not doing bad things” and “avoiding fines and penalties.” A well designed, well resourced and effective ethics and compliance program does a lot more than simply preventing “bad things” – such a program can support the financial success of an organization (see the Ethisphere ethics premium and the university study from a few years ago that showed increase return in assets, fewer materials lawsuits and lower settlement costs amongst other benefits), helps employees and other people who work with your organization, and will also support any organization’s mission statement that includes a social focus.
Fear based training and communication on any topic has limitations and is something that should be used in moderation. Ethics and compliance can add value to any organization and it is important to help ensure the program brand helps communicate the actual and potential value. A well designed program that has a lousy and/or fear based brand will struggle to really be effective and engage employees.
SUNDAY, OCTOBER 2, 2022
Making Compliance Painful and Laborious
Sometimes doing the right or ethical can be emotionally challenging – for example, it can be difficult to speak up or to challenge existing norms even if someone knows doing so is the right thing to do. Organizations need to be aware of this and always try (whenever possible) to design compliance processes to ensure that doing the right or ethical thing is not more painful or laborious compared to not doing the right or ethical thing. If the speak up process is too painful or laborious (for example, the hotline process takes too long to report matters or lacks empathy, or someone reports a matter to a manager and is then told to call the hotline), then it will put people off from continuing the reporting process or they won’t want to do it again. If finding guidance requires too many “clicks,” then only the most motivated and persevering individuals are likely to find the guidance. If a policy or procedure is so long and filled with technical terminology, then it won’t be read or understood (and possibly not complied with). Doing the right thing should be made as easy as possible – if doing the right thing is emotionally and logistically hard to do, then an organization should not be surprised when overworked people aren’t doing what the organization hopes they will do.
SUNDAY, SEPTEMBER 25, 2022
Spot The Traffic Sign
I took this picture on a recent evening run in my neighborhood. A traffic sign can be clear and easy to understand, but if it is hidden by trees or other objects then it is not helping anyone and certainly not fair if someone is given a ticket for not complying with the traffic sign.
The issue is not only hidden traffic signs, but also organizations that have their Codes of Conduct hidden in obscure places or only on password protected intranet sites. A Code of Conduct should be clear, easy to find and visible to all. If an organization’s Code isn’t visible and easy to find, then it won’t have any positive impact and it also would not be fair to enforce disciplinary proceedings for not complying with it.
Ethical organizations don’t hide their values – they make them visible for stakeholders (internal and external) to see and operate by those values.
SUNDAY, SEPTEMBER 18, 2022
Building A Compliance Program Is A Never Ending Task
I used to run marathons and I usually found that once I reached the ~20 mile mark, I would only focus on the last ~6.2 miles ahead of me and not give much thought to the ~20 miles that I had already completed. Often the road ahead – especially when times are tough – consumes our attention and focus, and we immediately forget the road behind us.
While a marathon has an end, the work of an ethics and compliance professional will never be complete. It is understandable why those of us working in ethics and compliance often look at the road ahead and the (often daunting amount of) work that still needs to be done. While it is important to think about, and have a plan for, the future, it is also good to occasionally reflect on the progress your program and those involved have made. Reflecting on the progress made can help you, your colleagues and the organization take stock of the hard work and value you have added over an extended period of time, while also helping provide motivation for the road ahead. Building a compliance program is a never ending task – we need to keep that in mind to ensure we help others stay motivated, not overwhelmed or burning out while still moving forward.
Ethics and compliance community, how can you use this coming week to reflect on and celebrate how far you and your team have come on building your program or even a project?
SUNDAY, SEPTEMBER 11, 2022
“Shirt and Shoes Required” Store Policies Don’t Mean a Lack of Lower Half Clothing is Okay
Ethics and compliance (and other) policies should be clear and practical for employees, especially if there is a risk that someone could lose their job or face other disciplinary action for violating an organization’s policy. However, policies should also exist alongside common sense – if someone does something that any normal, reasonable human being would consider wrong or inappropriate, then the defense of “the policy doesn’t specifically cover or prohibit that” is not a valid excuse. If human beings can figure out that “shirt and shoes required” policies don’t mean a lack of lower half clothing is okay, then organizational policies should focus on helping employees with guidance that adds value and not aim to cover every type of behavior that no normal, reasonable human being would need guidance on.
SUNDAY, SEPTEMBER 4, 2022
Ethical Learning Opportunities
Ethical lapses or other non-compliance issues in an organization can present learning opportunities for those involved, as well as other employees and the organization as a whole. However, “learning opportunities” are simply opportunities for learning – learning does not automatically occur and not helping the relevant employees learn from the situation is a missed opportunity. If an ethical lapse has occurred in your organization that presents a learning opportunity, it is important to (i) understand who the learning opportunity is for, (ii) identify what the potential learning is, and (iii) develop, and then implement, a learning plan that actually supports, and results in, the desired learning.
Learning can come in many forms (e.g., feedback conversation with manager, individual or group training, or even using the scenario to help others learn from, etc.) and helping people learn from ethical and compliance shortcomings can support an organization’s culture, support a growth mindset, and reinforce the importance and expectations around an organization’s standards.
SUNDAY, AUGUST 28, 2022
Make Sure Employees Know Their Ethical Contributions Are Seen and Appreciated
It is that time of the year when summer is ending (as least in the northern hemisphere) and many organizations are soon to start ramping up for year end and even looking to next year. While ethical behavior should always be recognized and rewarded, this is the time of year when genuine recognitions for employees who have shown a commitment to ethics and integrity can help reinforce desired behaviors, boost morale, support organizational values and just let employees know they matter and make a difference. Whether it is through recognitions, rewards or a simple “thank you,” genuine appreciation for the actions of employees makes a positive difference. If you are a manager or supervisor of others, what can you do this coming week to recognize and appreciate someone on your team for demonstrating your organization’s value of ethics and integrity?
SUNDAY, AUGUST 21, 2022
Sharks, Bath Tubs and Compliance
What is more scary to you: a Jaws sized great white shark with rows of razor sharp teeth or a bath tub? Most people (including myself) would say the shark is the scarier of the two. But which is more dangerous? The answer (at least from a statistical point of view) is the bath tub. Bath tubs are responsible for more than 350 deaths per year in the U.S. compared to only 1 shark related deaths per year in the U.S. (the absolute risk for both is really small before anyone freaks out, especially if you don’t go into shark-infested waters and take showers over baths).
So what’s is the connection to ethics and compliance? Sometimes things that are familiar might not seem scary, but doesn’t mean they don’t bring compliance risk or other danger to the organization. Perhaps your organization has worked with a third party for many years – you have a good relationship with the third party, they are familiar and they don’t seem all that scary. Simply because a third party is not as scary as a great white shark doesn’t mean that the third party might not be dangerous or bring risk to your organization.
It might seem frustrating to some employees as to why there is such a need to focus on things that don’t appear on their face to be scary for the organization (gifts and entertainment, conflicts of interest, etc.), but often those are the areas where real danger and risk are for your organization.
SUNDAY, AUGUST 14, 2022
One of the (Many) Pitfalls of ‘Zero Tolerance’ Policies
Policies that include zero tolerance statements are often well intentioned, but good intentions do not always result in good consequences. Zero tolerance policies are often ineffective when inconsistently enforced and also because (as an EEOC task force commented in 2016) they can lead to underreporting “particularly where they [the employee being subjected to workplace harassment] do not want a colleague or co-worker to lose their job over relatively minor harassing behavior – they simply want the harassment to stop.”
Zero tolerance policies that focus on automatic consequences for wrongdoer (e.g., termination of employment) are really not effective in most instances and do run a real risk of underreporting. In contrast, zero tolerance policies that focus on behaviors are likely to be more effective and can better support victims of wrongdoing who simply want the wrongdoing to stop. Sometimes wrongdoing can be effectively and fairly addressed and stopped through feedback and coaching or other measures short of termination, but a hardline zero tolerance stance that focuses on the person rather than the behavior does not allow for that. There will still be occasions when the wrongdoer should be fired (and hopefully they will be fired in those instances), but such decisions should be taken with thought after assessing the particular circumstances rather than an automatic decision. A people centric approach allows organizations to go hard on behaviors that there is zero tolerance for while taking a fair approach to all the relevant people involved and the organization’s values.
SUNDAY, AUGUST 7, 2022
Compliance and the start of the school year
It’s almost the start of the school year again (at least for my kids). There will, no doubt, be some kids that will bring in treats or gifts for their new teacher. Some gifts are totally fine – such as a small token gesture to build an appropriate relationship with your child’s teacher (our kids will probably take their new teachers some of the homemade jam they made this summer from the berries we picked). There is a legitimate reason to the gift and unlikely to unduly impact the teacher or how they treat our kids or any other students.
But then there are other types of gifts – cash, iPads, gift cards and the like – where every other parent would be perfectly entitled to roll their eyes and questions what it is really going on (thankfully, I haven’t heard of anything like this at my kids’ schools). Those gestures – even if very generous – are so questionable and just feel wrong to everyone else. Even though there is no bright line that goes from harmless/acceptable to causing every other parent and teacher to raise their eye brows and shake their heads, everyone knows the difference – just not everyone complies with the norm.
We get the basic principles of gifts, meals, entertainment and travel when it comes to schools and similar principles apply at most organizations. Yes, some organizations will take different approaches (some don’t allow any giving or receiving, some allow moderate amounts and others are more generous particularly if entertainment is a part of what their company does), but the basics still apply. In most instances (but check your organization’s policy, especially relating to government or unions officials), a small gift or item of value that is intended to build an appropriate relationship will be okay. Looking like, or acting like, the parent who goes over the top with teacher gifts is not only going to land you in trouble with your employer but will also make you just look bad.
We deal with ethics and compliance in so many aspects of our lives, but ethics and compliance at work can often seem scary and abstract. This is why it’s so important to not simply make employees aware of your ethics and compliance program, but to make it relevant and resonate with employees.
SUNDAY, JULY 31, 2022
Booth’s Rule #2 and Compliance
I recently learned about Booth’s rule #2, which relates to skydiving. The rule states that “the safer skydiving gear becomes, the more chances skydivers will take, in order to keep the fatality rate constant.” Essentially, improvements in safety will often be offset by risky human behavior to keep things constant and unchanged.
Booth’s rule #2 is something that I think should be considered in assessing the effectiveness of your organization’s ethics and compliance program and overall operations. Here are three points I think worth considering in applying Booth’s rule #2 to ethics and compliance:
1. If you are continuously improving and strengthening your compliance program but the organization’s operations are taking on more risks, then your compliance risk rate will either remain constant (or even increase). This should set off an alarm bell for your organization and should be addressed quickly.
2. Changes in the risk profile of your organization should be matched or exceeded by strengthening and evolving the ethics and compliance program to make sure the compliance risk rate is intentionally managed. Regularly assessing your organization’s compliance program using the Department of Justice’s three key questions (whether the program is well designed, sufficiently resourced and independent, and if the programs works in practice) can help determine whether your program is doing what it is meant to and what is happening with the compliance risk rate.
3. Booth’s rule #2 should also serve as a reminder that it is not enough to assess changes or improvements to your program without thinking about whether or not the changes or improvements are actually helping the organization to reduce ethics and compliance risks overall.
Organizations need to be aware of whether the compliance risk rate is constant, increasing or decreasing, and also be intentional about deciding what that rate should be and committing resources to ensuring the desired rate. This is also why your organization’s senior leaders need to understand the importance of ethics and compliance and how their decisions can impact the program, and why Compliance needs to have a seat at the table and a voice that is listened to when strategy is being set and important decisions made.
SUNDAY, JULY 24, 2022
Seeing The Human Stories of Compliance Violations and Ethical Wrongdoing
I regularly reference a 2015 article in the Guardian that looked at the Petrobras corruption scandal. The journalist who wrote the article, Jonathan Watts, shared various quotes from different individuals who were low paid employees and who lost their jobs because of the scandal. One quote in particular from someone who lost their job following the scandal has really stuck with me from that article: “I’m very worried. I have a two-year-old daughter who depends on me. I’m sinking into depression. I’ve lost 6kg since this started.”
We often don’t see or hear these voices and they are drowned out by other headlines relating to scandals. Many employees depend on their jobs to provide for themselves and their loved ones, and some of them might not have much in the way of savings to get them through periods of unemployment. Regulators and enforcement agencies are important stakeholders in ensuring your organization’s ethics and compliance program works well, but there are many other stakeholders (including employees and those who rely on your employees to have an income) who also have a vested interest in your organization’s ethics and compliance program. A good way to care for, and show care for, your organization’s employees is by making sure they aren’t at risk of losing their jobs as a result of the organization going through a massive compliance scandal.
SUNDAY, JULY 17, 2022
Where Should the Ethics and Compliance Program Report Into?
I often see and hear a lot of strong opinions about where an organization’s ethics and compliance program should report into – some people feel strongly that it should report into legal, some feel the complete opposite, others think compliance can and should own areas such as ESG, and others think ethics and compliance should be separate from each other.
So which reporting structure is correct?
The Department of Justice expects that a compliance program should be well designed, adequately resourced and empowered to function effectively, and that it works in practice. The DOJ does not say that one reporting structure is inherently right or wrong or that one is better than the other. If a program is well designed, adequately resourced and empowered and working in practice, then it is probably a good sign that the reporting structure used in that organization is working well.
While I have yet to see any studies that demonstrate one way or another that more serious violations occur with one reporting structure or another, organizations with different reporting structure have found themselves committing serious violations – reporting structure alone is not enough to keep your organization out of trouble. [If anyone is aware of any studies that shows number and type serious violations broken down into reporting structure, please share.]
So where should your organization’s compliance program report into? It should report into whichever part of your organization will ensure that the program will be well designed, properly resourced and empowered, and that it works in practice. That’s the primary objective that your reporting structure should be based on and looking to achieve – obsess less about what is the theoretical “right” reporting structure and figure out what is best for your organization and your organization’s compliance program.
SUNDAY, JULY 3, 2022
EY’s Now Much Publicized $100M Ethics Exam Cheating Scandal
Despite only being announced a few days ago, I have seen lots of coverage and commentary about the “simply outrageous” (that’s what the SEC said) behaviors and culture at EY (including that EY hindered the SEC’s investigation). Unfortunately this isn’t the first time we have seen exam cheating amongst the Big Four (anyone remember KPMG’s $50M fine?) and who knows if it will be the last.
An employee’s career brand is partially derived from the brand of the organization they work for (as well as other factors). EY’s brand has certainly taken a pretty big hit this week and some (but unlikely all) of the people involved in, or responsible for, the wrongdoing will have taken a similar hit on their professional reputation. Unfortunately, the brand and reputational consequences will also impact other EY employees who played no part in the wrongdoing including those who (i) took the exams in the period of 2017 to 2021 and did not cheat (and weren’t aware of the cheating) and (ii) the employees who had “informed [the firm] of potential cheating on a CPA ethics exam” and weren’t listened to. These are the people who now have to face the consequences for wrongdoing by their colleagues (including anyone who was involved in the wrongdoing and has since left EY and gone to another employer) and are trying to manage their career brand as a trusted and qualified professional. A $100M fine is a drop in the bucket for EY that will have little – if any – impact, but the impact of wrongdoing by an organization like EY can be significant and material on the career brands of innocent employees who thought they could trust in their employer, leadership and colleagues. Compliance scandals and violations of trust are about much more than just the wrongdoing, fines and headlines – there are often many human stories that are not seen or considered when wrongdoing has occurred.
The EY matter should also be a reminder that leadership and ethics and compliance really go hand in hand. If you are a leader or manager in an organization, make sure those employees within your scope of responsibility know (and do) what is expected of them, protect your organizations values when you see them being compromised, make sure employees won’t be harmed by wrongdoing by others and listen to someone when they speak up. And if trust is a key part of your brand in how you sell to customers or what your customers think is important (as it was with EY’s), then trust better be a key part of how your organization operates internally.
SUNDAY, JUNE 26, 2022
One of the main issues I have with compliance e-learning courses is that they train and test an individual in isolation from their colleagues and remove other social processes/pressures within the organization. Even someone who is an “individual contributor” does not work in isolation from other people or the pressures/influence of other people. When something goes wrong in an organization, it is rarely the fault of one single “bad actor” and likely due to multiple people and how they interact with each other (e.g., this is from the DOJ 2020 press release about Wells Fargo referencing pressure and thousands of employees – “a practice between 2002 and 2016 of pressuring employees to meet unrealistic sales goals that led thousands of employees to provide millions of accounts or products to customers under false pretenses or without consent”).
Training and testing need to move from isolated training to be more realistic of how much work is done and influenced by how we interact with other people. We are already seeing a lot more use of group projects in schools, colleges and various other organizational learning (I can’t think of any good leadership training programs that I have taken that did not involve working with other people), yet ethics and compliance programs and e-learnings are still testing people in isolation. People are influenced by pressure and the acts and omissions of other people, and training in isolation removes a key element of how organizations actually operate and work.
My hope is that today’s e-learning format will, in the coming years, be replaced in some (but not necessarily all) instances by gaming that allows people to interact and influence each other during the training. If you want to hear a much more persuasive case for why gaming can have such a positive impact, check out Jane McGonigal’s TedTalk from 2010 called “Gaming can make a better world.”
SUNDAY, JUNE 19, 2022
Sometimes Compliance Can be Awkward
A vendor or supplier might, with good intentions, want to give your employee a gift or take them to an event that might be in violation of your policy but not the vendor or supplier’s policy. If your employee has an appropriately good relationship with the vendor or supplier, your policy puts that employee in an awkward position – they are going to have to say “no” to an offer or decline/return something and that can be socially awkward.
Writing a strict policy that says “no” and not leaning into the challenging situations that employees might find themselves in is not helpful. Policies don’t exist in isolation – they live alongside the pressures and social norms that your employees live in.
Compliance programs cannot shy away from taking a stance on issues where needed, but an effective and employee-centric program will anticipate and help people with the challenges and awkwardness that might result from complying with your policy. Seeing the awkwardness in situations and offering ways to help employees through the awkwardness will go a long way in helping your employees and the credibility and effectiveness of your program.
SUNDAY, JUNE 12, 2022
Closing the Loop After Someone has Spoken Up
Imagine watching a TV series or movie. You have invested time and energy and tried to guess how it will all end. Just as the end is nearing and you are about to find out what happened, a message appears that says “this movie/TV show and the story line were resolved to the satisfaction of the production team and is now considered to be complete. Thank you for watching.” While this might have (definitely would have) been a better way for Game of Thrones to have ended, it would be largely unsatisfying for most other movies and TV shows and would make me less likely to watch a show or movie by the same producer/director in the future. No one wants to invest time watching and then not to know how something ends.
Yet, this is the experience that so many people are left with when they have spoken up with concerns and are simply given the canned response of “your concern has been looked into and appropriate actions, if any were deemed necessary or appropriate, have been, or will be, taken by the organization.” The person raises a concern, perhaps even helps the investigation by being interviewed and providing information, and then nothing.
I get there are totally valid reasons as to why organizations don’t provide completely transparent responses, but we need to explore and find ways that recognize that we see the reporter as a human being and that her/his/their story has been heard (even if the allegations or concerns raised are unfounded). When someone speaks up, it is a moment of trust – either trust will be destroyed or it can be rebuilt/sustained if the person is (and feels) listened to and respected. We want speaking up (and listening on the part of the organization) to become a habit and not a one time immediately regrettable action. Even if you cannot share the complete ending of the organization’s story when it comes to the investigation, look for human ways in which you can help provide closure for the story of the person who spoke up.
SUNDAY, JUNE 5, 2022
What Value are You Adding or Problem are You Solving With Compliance e-Learning Courses?
E-learning can either help people learn or be a colossal waste of time and energy. One way to test if your training will be useful or not is to know (before rolling out the course) what problem you are trying to solve or other value you are adding by pushing a course to employees. You won’t find your colleagues in sales and marketing launching a new product for no reason other than “it’s been a while since we last launched one.” New products are launched when doing so solves a consumer problem or otherwise adds value.
If you are rolling out an e-training course, there needs to be a more convincing reason than simply “it’s been a while since we launched one.” Is it because you want to help people understand an area more and believe training is the most effective way? Is it because of a new or evolving risk or problem you are trying to solve or avoid? There might be many different compelling reasons, but don’t fall into a trap of relying on answers of “it’s been a while since we launched one,” “we always push X number of courses each year” or “we can say we have trained all our employees on compliance this year.”
SUNDAY, MAY 29, 2022
Compliance Program Pillars
No matter how many pillars your compliance program has or how you define those pillars, most corporate compliance programs tend to have some similarities when it comes to the program framework (i.e., Leadership, Risk Assessment, Standards and Controls, Learning and Engagement, and Monitoring and Responding – your program might have different pillars and that’s okay). Having pillars can help your program in a number of ways, including helping sort/group initiatives and priorities, and helping others understand and visualize the program elements. Things can go wrong though when those pillars are treated as separate and independent from each other, essentially meaning each pillar becomes a program silo rather than supporting the program.
Only looking at one pillar – e.g., how do we provide more effective training/learning? – without thinking about the other pillars is a siloed way of thinking. Employee learning should certainly take into account the risks the organization faces (and those the individuals looking to be trained actually face), what standards and controls exist (or are about to be launched) and be mindful of whether or not people are speaking up and what matters they are speaking up about. We need to engage “systems thinking” when thinking about different aspects of our program (because it is all one connected system), rather than thinking about the program in terms of silos.
How are your program pillars supporting or siloing your program?
SUNDAY, MAY 22, 2022
How Many Ethics and Compliance Policies Should You Have?
Standards and guidance (whether in the form of policies or some other form of communicating expectations and procedures) are an important part of an effective ethics and compliance program, but don’t make the mistake of assuming that “if some policies are good, more must be better.”
I recently read about a traffic experiment that was previously conducted in Drachten, the Netherlands, in which the town removed the majority of the traffic lights and signs to improve road safety for drivers, cyclists and pedestrians (the number of accidents went down as a result – the thinking was that drivers were more aware of their surroundings, including other people, when required to think and not just rely on signs). Policies can be useful in the right culture when they provide appropriate guidance without employees abandoning other judgment and thought processes, but policies (and adding more and more) is not always the right option to achieve the desired outcome.
So how many policies should your organization have? The answer will depend not only on what risks your organization faces, but also the culture of your organization and assessing whether more or fewer policies will get to the desired outcome.
SUNDAY, MAY 15, 2022
Who is Coming Up With the Ideas for Your Ethics and Compliance Program?
Some of the best ideas I have heard this past week to improve our ethics and compliance program came from people who are not part of our core compliance team (they come up with awesome ideas too). People in other functions see things differently, and are the people who are more likely facing some of the risks and challenges that the program is trying to help with. Seeking out conversations, feedback and ideas from colleagues in different parts of your organization will both help improve your program and help you understand what is going on in the different parts of the organization your program is meant to support. It is hard to say you have a well designed program that works in practice if you don’t seek out feedback and input from different stakeholders and viewpoints in the organization.
SUNDAY, MAY 8, 2022
What Are The Day 1 Priorities for New Hires?
Day 1 priorities on a new job that are practical and memorable – how do I get my email to work, where are the bathrooms, where can I find good coffee close by, and maybe a few other critical “day 1” pieces of information to help transition a new hire into their new role and/or not mess up on.
Not a day 1 priority – endless PowerPoint presentations with information that is neither relevant to the day 1 experience nor will be remembered past day 3.
There are so many more ways to introduce new employees to your ethics and compliance program (and other areas) and it is time to be more creative and engaging than a new hire Code of Conduct PowerPoint training (especially if there are so many other presentations being forced on the new hire). Find ways to introduce organizational values (including ethics and integrity) in the interview process, have the new hire’s manager to talk her/him/them about ethics and organizational values during the first week, communicate anything particularly funky or nuanced about your program in a digestible format, and start a dialogue that allows you to engage with the new hire on an ongoing basis (e.g., ask them to complete a short survey about their perceptions of the organization after 6-9 months).
If new hire training does not result in long (or perhaps even short) term new hire learning, then what is the training actually doing and achieving?
SUNDAY, MAY 1, 2022
Engaging Leaders on Ethics and Compliance
Leadership engagement is one of the key aspects of any ethics and compliance program. One of the ways I find it can be most effective to engage senior leaders is to schedule a one hour conversation with them individually where we walk through the key aspects of our program, how we approach our program (including the rationale for some of our non traditional activities that work) and to get the honest feedback on what leaders like and don’t like about our program. These one hour discussions can help you learn more about the challenges that different parts of the organization face, as well as helping to build relationships with leaders throughout the organization. Sometimes the best way to move your program forward is not to providing a presentation to a large group of people, but to really invest in a meaningful conversation with one or two key leaders or influencers in that group who can really cascade the message in a way that is relatable and resonates with the rest of that group.
How are other people finding ways to have meaningful conversations about ethics and compliance with their organization’s leaders?
SUNDAY, APRIL 24, 2022
Printed Codes of Conduct are About as Well Read as Printed Airplane Safety Instructions
My “mini-me” recently read the airplane safety instructions on a spring break ski trip because it was something new for him while he was bored before takeoff. I didn’t see any adults reading the safety instructions (myself included), yet every seat had a printed copy. Printed policies and mundane trainings might be what everyone has “always” done, but it doesn’t mean they always work or are effective – it is absolutely key to make sure employees understand the relevant standards applicable to their role, but there are many ways beyond printed policies and mundane trainings to get to that result. It is another reason why we need to shift mindsets away from “training and communication” to “learning and engagement” – focus on the desired and actual impact on the target audience and find effective ways to get to that outcome, rather than focusing only on the “traditional” approaches and hoping for the desired outcome.
MONDAY, APRIL 11, 2022
Don’t Forget — This Thursday is International E-Learning Day
Okay – it isn’t and I hope there will never be anything so lame as National or International E-Learning Day. Giving something a “celebratory” name that is definitely not a celebration, calling an under performing operation a center of “excellence” or labeling training a “game” without proper gamification are ineffective and will cause your ethics and compliance program to lose credibility. Be creative and innovative with how you help your employees learn and how you engage with them, but don’t think anyone will fall for insincere or artificial labeling. Some parts of your program are not appropriate to make fun and that’s okay – explain the “why” behind any such items and do what you can to minimize the pain and burden, but don’t try to sell these aspects of your program as something they are not.
FRIDAY, APRIL 8, 2022
What Is One Key Thing That Will Cause Your Ethics and Integrity Program to Be a Success or Failure?
Leaders, managers and supervisors are the superfruit of an effective ethics and integrity program – a program will not be successful, effective or sustainable without them being engaged, using their voices and being incentivized accordingly. It really is hard to overstate the importance of leadership engagement for a program to be effective and organizational values to flourish. Employees in your organization need to know and understand the organization’s values and expected standards of behavior, but we shouldn’t assume (or even think) that the only way employees can or should learn about those expectations is by reading the Code of Conduct or other policies (especially if they are not employee centric policies that offer actual and practical guidance). A Code of Conduct should be a written version of the actual values and expectations, but we can’t forget that the most effective way for employees to learn and understand those values and expectations is by hearing leaders, managers and supervisors regularly talk about them in relevant and relatable terms and to see the values and expectations actually operate in practice.
It is not too late (but this is your last chance) to sign up for tomorrow’s SCCE webinar on “The Role of Leadership In An Effective Ethics And Compliance Program – Why, How And What To Do To Effectively Engage Leadership In Your Organization” to learn several strategies and tips for how you can engage leaders in your organization.
WEDNESDAY, APRIL 6, 2022
Organizational Culture and Weather
Describing your organization’s culture is a bit like describing the weather. Unless you live in somewhere like San Diego where the weather is fairly consistent, chances are the weather does not stay the exact same where you live and neither does your organization’s culture. Not only do weather and culture change over time, but an organization that spans multiple geographic areas is likely to experience different weather and culture in each location. Trying to define a culture for an entire organization is a bit like trying to define the weather for the entire United States. Rather than relying on what your organization states your culture is (or, more likely, wishes it to be) and thinking culture is static, it is important to understand what the culture is like in each part of the organization and whether or not employees experience that culture as healthy, ethical and psychologically safe.
SUNDAY, APRIL 3, 2022
‘Generally, Your Supervisor or Manager Will Be in the Best Position to Resolve an Integrity Concern.’
So many Codes of Conduct use the above sentence, but you have to ask whether it is actually true. What percentage of supervisors and managers in your organization feel comfortable and know how to handle/resolve integrity concerns? What has your organization done to help supervisors and managers understand what to do if someone speaks up with a concern (should the manager investigate the issue? Tell the person to call the hotline? Do something else?) or asks a question or seeks guidance? Managers and supervisors are key to making sure an ethics and integrity program is more than just a written Code of Conduct and we have to help employees in those roles know what to do. Simply stating in your Code that leaders, managers and supervisors are in the “best position” without doing more is not helping your supervisors, managers, employees or organizational values.
Do you want to learn more about how to engage leaders, leverage their voice and use incentives to recognize leaders who set the gold standard when it comes to ethics and integrity? If so, please join me on April 11 at 12pm central where I will be presenting a webinar for the Society of Corporate Compliance and Ethics (SCCE) on this topic. Link to the registration page in the comments below.
SUNDAY, MARCH 20, 2022
Multinational Ethics and Compliance Programs – One Size Does Not Fit All
If you are building an ethics and compliance program for an organization that spans more than one country, then it is important to consider what elements of the program need to be adjusted so the program works effectively in each of the different countries. Some fundamental (and fairly obvious) differences can include addressing different risks (including types of risks, which employees can amplify/mitigate/manage risks, how to mitigate/manage risk, and impact of risk), different laws (including employment laws which can vary significantly and need to be considered before conducting investigations), language differences (even if English is your organization’s official working language, translate your policies, messages and other communications into local languages) and cultural differences (comparing hotline data without thinking about cultural factors can cause you to make assumptions). Beyond those basic differences that likely apply to most organizations, you also need to consider the differences that might be unique to your organization – for example, are employees in other countries using the same IT systems (including being able to access the relevant policies and guidance), do internal communications go to all operations in other countries, are people in a particular location facing unique challenges or pressures, and is there functional support from groups such as HR, Legal, Compliance and Audit in each country. The ethics and compliance program needs to be well designed, adequately resourced and work in practice in each location, but the means of achieving that outcome will likely need to vary for each location. There is a need for ethics and compliance professionals to regularly get to other locations and to see for themselves what life is like for colleagues in different parts of the organization.
SUNDAY, MARCH 13, 2022
What do Restaurant Chefs and Ethics and Compliance Officers have in common?
I think many people might enjoy occasionally going to a nice restaurant where the Chef is responsible for the menu and making sure the menu works for both the restaurant and the customers. Nobody would realistically or reasonably go to a restaurant, order food off the menu and then expect the Chef to eat what they ordered on the basis that the Chef is responsible for the menu and therefore should be responsible for all activities – including eating of the food – related to the menu. As diners, we recognize that we have a role to play in the process (selecting what we want to eat, eating the food and paying for the food) and not just the Chef (and other restaurant staff).
The above sounds like a terrible and bizarre way to enjoy a meal at a restaurant and yet is how some employees at your organization might think about ethics and compliance. If employees say “it’s covered by the Code of Conduct, so Compliance must own it,” the Compliance Officer/Team needs to challenge that thinking and perhaps the above Chef related analogy can help explain why not all Code related activities can or should be owned/performed by the Compliance Officer/Team. Just as the Chef in a restaurant is responsible for the menu but not all activities relating to the menu, the Ethics and Compliance Officer/Team is/are responsible for creating and maintaining the Code and they cannot be the only ones who handle topics related to the Code.
Ethics and Compliance programs can sometimes appear daunting to employees, but Compliance Officers can add value and help employees by making the program less scary/more relatable and helping employees understand what their role is (and why). And whatever you do, please make sure your Code of Conduct is not written like an overly pretentious restaurant menu that uses words no one is familiar with to describe normal ingredients; if that describes your Code, then you do need to re-think what you are serving as part of your ethics and integrity program.
SUNDAY, MARCH 6, 2022
Is a Culture of Compliance Always Inherently Good?
A culture of compliance is good when employees are complying with the relevant laws, policies and other written/stated standards; however, a culture of compliance also arguably existed in many organizations that have experienced ethical scandals and violations of law. Take Wells Fargo and the pressure on sales people several years to open millions of new accounts without customer authorization, for example – large numbers of employees (while not complying with their ethics and compliance standards) were complying with the pressures within the organization and delivering on what was expected of them. If the norm in part of an organization is to stay silent about issues and misconduct, then someone speaking up is doing the right thing and also not complying with the expected code of silence. We cannot simply ask if a “culture of compliance” exists in our organizations – we have to really understand what people are being encouraged and incentivized to comply with, and whether such compliant behavior demonstrates if there is a “culture of integrity and ethics.”
SUNDAY, FEBRUARY 27, 2022
How Would Frozen’s Prince Hans Have Been Treated In Your Organization?
I like to tease my eldest daughter that Prince Hans was the hero in Frozen. My argument is that if Hans had not swung his sword towards Elsa then Anna might not have stepped in as she turned to ice to save her sister. It turned out that Anna stepping in front of Hans’ sword to shield her sister was the act of true love she needed to perform in order to be saved from becoming a permanent human/cartoon ice cube. If Hans had not tried to kill Elsa, would Anna have turned to ice forever? I might be on thin ice with my argument and might need to let it go, but I think Anna would not have survived.
So was Hans actually a hero? Absolutely not – he tried to murder someone (Elsa) and ended up assaulting Anna with a deadly weapon. However, his bad act appears to have some contributing role in producing good consequences for both Anna and Elsa. Thankfully, Hans was not celebrated as a hero in the movie (although he seems to have escaped with only community service for his wrongdoing since he was seen shoveling horse manure in Frozen Fever).
But how would Hans have been treated in a corporate setting? Would management and HR have taken the position that Hans should face little disciplinary action, given a free pass or perhaps even be celebrated and rewarded for the consequences of his wrongdoing? Celebrating wrongdoing because it somehow has a contributing role in leading to a good outcome is nothing more than a celebration of wrongdoing. Outcome bias can distort how we see wrongdoing, but the wrongdoing is still wrong.
Are there Prince Hans’ in your organization that are not only avoiding punishment but are even being celebrated for the fortunate outcome associated with their terrible behaviors?
SUNDAY, FEBRUARY 20, 2022
“We have been working with this third party for years and we trust them and they trust us. Do we really need a contract and due diligence?”
Relationships (including trust), business continuity and not wanting to have to deal with Legal/Compliance are all completely understandable. But think of contracts with third parties and due diligence using the following analogies:
- I trust most airlines will take me to wherever I have purchased a flight to, but I want to have an email confirmation for my reservation and ticket to make sure expectations are clear and I have an easily enforceable claim if the airline doesn’t perform. If you thought you were flying first class to a warm winter destination and the airline flies you somewhere that is well below freezing in coach, then you won’t want it to be your word against the airline’s. Written contracts help expectations become reality and provides remedies for if/when reality turns out differently than planned.
- Just because you haven’t had health issues in the past, it doesn’t mean that you shouldn’t go for regular check ups – an annual exam is essentially a form of due diligence. If you don’t have any health issues, then an annual exam will confirm that, give you peace of mind and likely cost you little time. If you do have health issues, better to detect and address them early on rather than waiting for the issue to get out of hand.
Trust isn’t destroyed by having a written contract or performing due diligence; having a written contract and conducting due diligence help establish a basis for the trust to exist in the first place and continue, and ensure that if things go wrong, then they can be addressed quickly and appropriately. You don’t want to end up with major heath issues or in the wrong destination and you don’t want things to go badly with your third parties either.
SUNDAY, FEBRUARY 13, 2022
Do you need to have a law degree or a legal background to work in ethics and compliance?
Some people will disagree with me, but I think the answer is a definite “no.” Having a legal background helps me in some aspects of my job, but seeing all ethics and compliance issues through a legal lens is often too narrow – the rules/laws are important, of course, but there is a lot more to building and running an effective ethics and compliance program than just knowing the law. Ethics and compliance are ultimately about human behaviors and seeing people only through a legal/rules based lens is not effective and missing the bigger picture. Ethics and compliance professionals need to think as lawyers, leaders, marketers, behavioral scientists, negotiators, HR, investigators, public speakers, as humans, and in a whole host of other ways too. A multi-disciplinary, curious and innovative mindset is needed to excel and be effective rather than a particular (or even any) degree – plus, if you have more than one person in the ethics and compliance team, then you can become a stronger team by leveraging the different knowledge, skills and experience of each person. I know many incredible ethics and compliance professionals who are lawyers and non-lawyers alike – it is pretty foolish, in my opinion, to think someone will be a better or worse ethics and compliance professional simply because they have a law degree or not.
SUNDAY, FEBRUARY 6, 2022
GPS versus written directions – a lesson for ethics and compliance.
As someone who has no sense of direction, I rely on GPS to get to most places (often to places I really shouldn’t need GPS for). There is zero chance that I am going to remember and follow 20 directional instructions correctly even if the directions are clearly written and stated. GPS addresses that by leveraging technology to help with short and timely instructions so we can focus on driving or whatever mode of transport we are taking. Policies are like written directions and my hope is that technology will continue to enable organizations to embed short, clear and timely directions for employees in a way that is much more user friendly and data driven. I don’t need to know all the directions if Waze can give me those directions when I need them, and this needs to be the direction we pursue for ethics and compliance. There will, in my opinion, always be a need for policies, but we can combine the policies with technology to design and implement processes that are meant to help guide human decision making and actions. Ethics and compliance programs need to be, in the words of the U.S. Department of Justice, “allocated sufficient funds” in order to leverage technology and data to help guide people in simple and clear ways that is easy for people to connect with. I’m no tech whiz, but we need to lean in heavily to the value that technology will inevitably offer our programs and challenge the technology companies to help us build ethics and compliance programs that are built for, and built around, humans.
How is your organization’s program leaning in to technology to help employees with ethics and compliance?
SUNDAY, JANUARY 30, 2022
Do leaders, managers and supervisors say “ethics and compliance are important – that’s a given” and then move on?
The words of leaders matter and set the tone for the rest of the organization underneath that leader’s position and influence. Sales and profits should be “a given” for a for profit company and yet are, and should be, continuously discussed, analyzed, measured and incentivized in a variety of ways. Saying the importance of ethics and compliance is “a given” and then moving on is not enough in the same way that saying profits are “a given” is not enough. Leaders, managers and supervisors need to be willing and able, and on a regular and ongoing basis, to help explain why ethics and compliance matter and their relevance to employees in that part of the organization. The message doesn’t need to be long, profound or complex; a genuine and sincere message that speaking up is encouraged and appreciated, and the ways to speak up, can have a meaningful impact. Many things in life are important and should be “a given,” but we can really make them so by talking about them on a regular basis and helping other people really understand their importance.
SUNDAY, JANUARY 23, 2022
Does your organization have pressure, psychological safety or both?
Pressure is not inherently bad. Pressure can help challenge us, bring people to work together and drive us to achieve more, and faster, than otherwise. The risks of pressure are when it becomes too much, or the pressure is to achieve something at the expense of safety, legal standards or other social or ethical values. Pressure without psychological safety is a recipe for potential disaster as people will remain silent and/or be punished for raising concerns; whereas a culture that is intentionally focused, and built, on psychological safety (including where people are encouraged and supported to speak up with concerns) will be able to leverage pressure effectively to be successful. According to the “2020 Global Business Ethics Survey – Pressure in the Workplace,” 31% of people in North America and 37% of people in Latin America who participated in the survey said they felt pressure to comprise their organization’s ethical standards, policies or the law (the global response rate was closer to 20%). That’s a lot of laws, policies and standards that risk being violated if those organizations don’t have psychological safety.
What is your organization doing to ensure that psychological safety is a key aspect of how you work?
SUNDAY, JANUARY 16, 2022
Are you or your #ethics and #compliance program facing challenges with program “scope creep”?
Program scope creep can often result from continuous incremental additional work and responsibilities for the #CECO and ethics and compliance team without commensurate increases in resources and support. The consequences – both professional and personal – can be serious and damaging for the ethics and compliance program, the organization, and the burned out #CECO and compliance team. Please take a read through this article that Ellen M. Hunt, Melanie Sponholz, MSPT, CCEP, CHC, CHPC and I authored for the Society of Corporate Compliance and Ethics (SCCE)’s CEP Magazine to learn how to manage program scope creep, including how to communicate your program brand, how to evaluate opportunities and how to say “no.”
Our article compares scope creep to the boiling frog effect. No frogs were harmed in the writing of this article, although I am sure one or two croaked…
SUNDAY, JANUARY 9, 2022
Is your organization using annual performance goals to support ethics and compliance?
It is that time of year when employees are mapping out their goals and objectives for the year ahead. Goal setting is one way in which you can help ensure alignment and focus on ethics and compliance by having leaders, managers and supervisors include one or more goals relating to how they will help move the program forward using their role and responsibility. In case you missed it before, here is a short piece I put together for the SCCE blog last year with some examples of goals to consider. What other goals would you recommend to help build and sustain a culture of integrity, ethics and compliance?
SUNDAY, DECEMBER 26, 2021
How would your helpline answer the question of “can gas station employees smoke at gas stations?”
A few months ago, I was filling up my car at a gas station near my house and noticed two gas station employees standing outside smoking in fairly close proximity to the gas pumps. As with any gas station, there were multiple safety signs prohibiting smoking and the use of open flames (for pretty obvious reasons – Google “orange mocha frappuccino” if in doubt). I decided to report the matter to the very large and well known gas station company since it seemed like a valid safety concern and I asked what their policy was. Here is the verbatim email response I received: “We’re sorry your experience during your visit didn’t live up to your expectations. Please know I have forwarded the details of this incident to all appropriate parties in an effort to implement any possible improvements. Thank you for allowing me the opportunity to assist you.”
I appreciate that this person seems to have taken action by sharing the concerns raised with other stakeholders, but the response didn’t “close the loop” on the policy question. I get why most companies don’t give any information about disciplinary actions against individuals or risking exposing themselves to potential claims or lawsuits, but this type of canned response didn’t answer my question about whether the policy is that smoking is not allowed (a) only if right at the gasoline pump or (b) on the gas station property.
Are your reporting channels set up in such a way that any questions asked by a reporter that can be reasonably answered without creating or exposing the organization to significant risk or liability will actually be answered? A helpline that does not answer questions is going not to be experienced by most reporters (employees or otherwise) as helpful.
SUNDAY, DECEMBER 19, 2021
What are five common myths about #ethics and #compliance and what’s the real scoop behind these myths?
Check out this short article I wrote for NotMe Solutions’ newsletter to learn more about these five myths and why we need to put people at the center of ethics and compliance programs. What other myths would you add to the list?
SUNDAY, DECEMBER 12, 2021
Speaking Up And Tangled Holiday Lights
Sometimes when someone speaks up, they will present a collection of facts, perceptions and emotions that are all tangled up like the holiday lights when I take them out of the box (no matter how carefully I put them away the prior year). As investigators, it is on us to carefully untangle and sort the information, as best we can, into what are facts, what are perceptions and what are emotions. It doesn’t mean that we will ignore the perceptions or emotions, but we have to ensure we are mindful of the different data that we receive and how we treat it. Decisions should be based on facts, but seeing and hearing the emotions and perceptions will help employees be, and feel, seen and heard, and help to make speaking up a repeated part of a culture and not a one time activity.
SUNDAY, DECEMBER 5, 2021
Is your organization’s ethics and compliance program conducting effective employee surveys?
I skipped my #sundaymorningcompliancetip last week to enjoy the #Thanksgiving holiday weekend (and will probably, and intentionally, skip a few more with the upcoming holidays); however, I’ll make up for it this week by sharing “eight tips for an effective ethics and compliance survey.” Many thanks to the Society of Corporate Compliance and Ethics (SCCE) CEP magazine team for publishing this piece in their latest edition: https://bit.ly/31h9lNu
What additional tips would you add for how to make a survey effective? What other ways do you get employee feedback?
SUNDAY, NOVEMBER 28, 2021
Do customers kill your business because you offer a generous return policy?
Return policies, in theory, could kill companies in terms of inventory and financial impact, but they don’t. Return policies hope no one will return anything but make it safe for customers that do want to return an item and specifically address an actual or perceived risk for the customer in terms of choosing to buy. While theoretically risky, I haven’t heard of any companies being inundated with frivolous or bad faith returns that have had a material financial or other impact on the company. If a product or service is so bad that many customers are returning the item, then they are highlighting a bigger problem and the problem is not with the customers. No one would retaliate against a customer or align with other sellers to blacklist a customer for returning an item in good faith.
Just as customer return policies don’t kill your business, having employees speak up also won’t kill your business. If anyone ever tells you “you have to be careful about encouraging or – heaven forbid – rewarding people who speak up, because people will just create issues and make stuff up,” ask that person if their organization has a customer return policy and the impact that has had on business. The occasional customer may return something under questionable circumstances and the occasional employee might report something under questionable circumstances too, but we don’t kill customer return policies or assume that all customers have bad motivations or only bring frivolous matters. Organizations trust that most customers won’t abuse the return policy and those same organizations should trust that employees won’t abuse the speak up process.
Customer return policies and speak up cultures for employees will only help your organization (including financially). Treat your employees as you do customers (with trust and respect) and employees will take care of the customers. Nordstrom’s return policy says “We’ll always do our best to take care of customers—our philosophy is to deal with them fairly and reasonably. We have long believed that when we treat our customers fairly, they in turn are fair with us.” How would your organization’s business, brand and culture improve if you treated employees like Nordstrom customers?
SUNDAY, NOVEMBER 21, 2021
Has anyone actually fully read and understood the terms of the Apple End User License Agreement?
I’m guessing very few – if any – of the many people with Apple devices who have clicked the box that says something to the effect of “I hereby certify I have read and understood the following terms in their entirety” have actually read the terms. I haven’t fully read the terms and likely never will, but like many other Apple users I will happily click the little box to access my device or account.
If the last step in your compliance e-learning course requires someone to certify and electronically sign a statement saying “I hereby certify I have read and understood the X policy in its entirety” then recognize that people are not likely reading the policy (especially if it is written in legalese) and are simply clicking “yes” because they want the pain of e-learning to be over. If you want employees to know, understand and abide by your standards and policies, then find ways that will meet employees where they are and explain to them in human terms what they need to know for their particular role (also make it safe for people to say they don’t understand a policy without making them feel stupid or bad). If you are tracking and reporting out on the percentage of employees who have provided a written/electronic acknowledgement don’t fool yourself or anyone else that having a high percentage means you have a strong or effective program – it likely just means you have a large percentage of employees who have clicked a check box because they were forced to or to end some other pain.
And, if you have read and understood this post in it’s entirety, please click the “like” and/or “share” buttons below. If you haven’t read or understood this post in it’s entirety, please still click the “like” and/or “share” buttons below.
SUNDAY, NOVEMBER 14, 2021
What does your organization tell employees about why you have an ethics and compliance program?
While it is true that regulators expect organizations to have a well designed and effective ethics and compliance program, that is not the only reason as to why an organization should have an ethics and compliance program. There are many other reasons, including as examples: (1) ensuring the corporate mission statement and values are more than words; (2) supporting and helping employees/other stakeholders and valuing/seeing them as people; and (3) as many studies have shown, to be a more financially successful organization with reduced OpEx and increased ROA (amongst other financial metrics). Telling employees that the only, or main, reason you take ethics and compliance seriously is keep regulators at bay will signal to employees and other stakeholders that your organization is reluctantly embracing ethics and compliance to avoid bad things (fines, penalties and negative media coverage) because “it has to,” and not choosing ethics and compliance for the many benefits they provide to employees, stakeholders, society and the organization itself. If you want employees to “buy into” ethics and compliance then they need to see that the organization does the same – an organization that only embraces ethics and compliance because “it has to” should not be surprised if employees show the same approach to the organization’s ethics and compliance program.
SUNDAY, OCTOBER 24, 2021
Does your compliance program see the human stories behind data?
Actionable and measurable data can help monitor how your organization’s ethics and compliance is doing, and also help measure if initiatives and strategies are effective and working. While hotline data, for example, can be helpful for tracking and reporting to the Board and other stakeholders, it is important to not lose sight of the human stories and experiences behind those numbers (our aim should be more than to “not lose sight of the human stories” and instead to see and hear them clearly). Only looking at whether the data is in line (or not) with benchmarking averages will fail to see the people who’s stories and experiences are behind that data (and the impact on those people). The numbers and data are ways in which you can assess if you have an effective program to support and help your employees and other people, but don’t forget that an effective program should serve, and see, the people who it is meant to help and not just see them as statistics or data points.
SUNDAY, OCTOBER 17, 2021
What Can Beatrix Potter’s Peter Rabbit Tell Us About Effective Stories for Encouraging Ethical and Compliant Behavior?
My kids are really into reading Peter Rabbit at the moment. Peter’s mother tells him and his siblings not to go steal/eat vegetables from Mr McGregor’s garden because Peter’s “father had an accident there, he was put in a pie by Mrs. McGregor” (by “accident,” she means murdered and eaten 😳). This story was effective in deterring Peter’s siblings from going to the garden, but it was not effective – for whatever reason – in deterring Peter (perhaps the rewards outweighed the risks for him or perhaps the story wasn’t told in a way that really resonated with him).
There are several studies that show stories are effective in helping adults learn and remember, and stories can be incredibly powerful in helping employees learn about ethics and compliance in real life terms; however, we have to ensure that the stories are relevant, relatable and will have the desired impact. I used to think that ethics and compliance stories from the headlines were the most effective way of helping people learn, but many people struggle to connect with the story of a C-suite wrongdoer they have never met who has been fined millions of dollars (an amount most of us will never come close to having). Stories from within an organization can have a much bigger impact since they are more relevant and relatable, but don’t assume that all employees will be impacted the same way (even if the story seems like it should have an impact). There will be Peter’s in every organization and we need to find ways and stories to connect and engage with them.
SUNDAY, OCTOBER 10, 2021
What can Netflix’s Squid Game teach us about ethics and compliance? [No plot spoilers, but don’t read if you want to be super cautious]
- Incentives matter. What incentives do you offer to people? How much do the incentives motivate them and what are people motivated/permitted to do to achieve the incentive? Is your Compensation team only looking at how much people are paid or looking at the potential and actual impact of your incentive structures on behaviors?
- Ethical fading is real and can happen fast. Ethical fading is like intending to eat one or two spoonfuls of ice cream and before you know it, the tub is empty.
- Pressure drives behavior and people to do things they wouldn’t normally do. Check out the ECI survey from early 2020 on how pressure impacts ethical behavior.
- People look to others for what is acceptable (or not acceptable). Policies are helpful, but people will look at what other people are doing and what people are getting away with to determine what the actual (versus written) standards are.
- Undisclosed conflicts of interest rarely end well and often get found out. If you have an actual, suspected or even the appearance of a conflict of interest, disclose it.
- Zero tolerance policies can be harsh. Use sparingly, proportionately and intentionally. Showing tolerance for behaviors prohibited by zero tolerance policies will indicate some actual level of tolerance and undermine the “zero tolerance” position.
- Not ethics and compliance related, but the exchange rate for USD to South Korean Won is around $1 to KRW1,185 (yes, like you, I Googled that). And no, I don’t know what type of cell phone one of the characters had, if the character had a portable charger or how on earth his battery lasted so long.
SUNDAY, OCTOBER 3, 2021
Is your organization’s ethics and compliance program more focused on being average than best in class?
I am a big believer in benchmarking – data from various public sources can help you size up your ethics and compliance program and provide ideas/insight for where you need to improve/invest in your organization’s program. However, it is important to make sure you understand (a) what the benchmark data is telling you and (b) what the aspirations are for your program. If you want a best in class program, but obsess about ensuring your metrics are in line with the averages reported by benchmarks (i.e. number of reports per 100 employees or average number of anonymous reporting rates) then you are aiming for safety amongst the middle of the pack (I’m not saying that’s bad, but it isn’t best in class) and also not using the benchmarked data effectively. Benchmarking is a useful and productive exercise, but don’t confuse the benchmark “average” with being the “gold standard” that you have to be in line with. It is hard to say you have a best in class program if all your metrics indicate “average.”
SUNDAY, SEPTEMBER 26, 2021
Is your organization mindful about whether new or updated policies are aiming to drive incremental or transformational change?
I’ve had several conversations recently about change management, and enjoyed reading about incremental versus transformational change in Lisa Beth Lentini Walker and Stef Tschida’s book, “Raise Your Game, Not Your Voice.” It got me thinking how new or updated policies can either bring about incremental or transformational change, and why it is so important that ethics and compliance professionals are aware of how much change, and what changes, any new or updated policies bring (or hope to bring). Sometimes big, transformational changes are needed, but those can be hard to introduce in a way that will be well received and followed in practice. Policies that introduce incremental change can be easier to roll out and get people to change their behaviors to meet the changed standard(s), but may not be appropriate if big changes are needed. Neither is particularly right or wrong, but it is important to understand how much and what change is desired (and likely to be achieved) and how to achieve the desired change in a way that employees won’t resent. What may seem like an incremental change to the policy drafter may in fact result in transformational change for employees who need to comply with policies – socialize policies with employees who will be potentially impacted and get their feedback (and hopefully buy in) to intentionally decide whether you should pursue incremental or transformational change with your policies.
SUNDAY, SEPTEMBER 19, 2021
Does your organization think about people when it comes to risk management?
Does your organization’s risk management program look like this – identify risks, train on the risks and then monitor the risks (including data from your hotline and other KPIs)? That all sounds good, but it ignores the fact that risks can either be amplified, mitigated or otherwise influenced by employees or other people who work with your organization (i.e. employees of third parties). It is important to identify who are the people that touch upon particular risks and see them as key to an effective risk management program. Rather than training all employees on all risks, seek to understand which employees touch upon a particular risk and what that risk means for that person’s role and then provide training specific to how that risk manifests and needs to be managed. It is not enough, for example, to say that “anti-bribery” is a risk (which is far too broad and more a risk category rather than an actual risk) without identifying what that means in practice for your employees and what they can do in their respective roles to help detect, manage and mitigate the risk.
SUNDAY, SEPTEMBER 12, 2021
Does your organization know who and when a third party is a competitor?
Athletes at a club level can be competitors, but can be on the same team (and not competitors) when it comes to national level (and vice versa). Who is a competitor is not always a static concept and there can be certain situations where the same person/entity can be a competitor in one instance and not in another. Someone can be a supplier or customer in one instance, but a competitor in a different instance – it’s not always as easy as sports to identify the difference. Athletes figure this out so they don’t pass to another athlete when they are competitors and it is important that employees understand when a third party is a competitor and when they aren’t and act accordingly.
SUNDAY, AUGUST 29, 2021
As I’ve previously shared, I think the moment an employee speaks up is an opportunity to either build or destroy trust depending on how the organization responds and the employee’s experience. Demonstrating empathy and seeing the reporter as a person are fundamentally basic ways to demonstrate to your employees that you listen and care when they speak up. Humanizing ethics and compliance (including the speak up process) make simple sense when you recognize that we are dealing with people and not just rules and regulations.
Many thanks to Adam Turteltaub CCEP, CHC for kindly letting me join him on one of his Society of Corporate Compliance and Ethics (SCCE) podcast episodes where I got to talk about this topic in more detail. Here is a link to the episode and check out the other great content while you are there – https://lnkd.in/dpZfZEpC
What do you think? Does showing empathy present any real risks? If you don’t show empathy, how does your speak up process (including your helpline) ensure psychological safety to support and encourage people to speak up?
SUNDAY, AUGUST 22, 2021
Should you look at getting an ethics and compliance certification or accreditation?
I have had a number of conversations recently with people looking for advice on whether to pursue various certifications to help them in their careers as ethics and compliance professionals. My answer is a very lawyerly “it depends.” Certifications take varying amounts of time, money and effort to obtain, so you should make sure you have a good reason for pursuing a particular certification and know if the certification will help you towards your longer-term career goals. I think it is healthy to continuously learn and stretch yourself and certifications (and the studying and learning in pursuit of the certification) can be useful for your overall growth, but I would be wary of those that will certify you as an “expert” if no real prior knowledge or experience is necessary and if the course is short in length. Invest in your career and your development, and think intentionally about whether a particular certification will make a difference in your career (some definitely will, but depends on what you want from your career).
SUNDAY, AUGUST 15, 2021
Does your organization think about diversity, equity and inclusion when it comes to ethics and compliance trainings and communications?
Filmmaker Lisa Valencia-Svensson asked the question of “who is telling whose stories to whom, and why?” more than a decade ago, but it is still – and perhaps more so – relevant today. Ethics and compliance should go hand in hand with DE&I and I think one way that can happen is to be mindful about images and pictures you include as part of any ethics and compliance (or other) training or messages. I like including visuals and pictures in my presentations and training materials – I think they can make a presentation more engaging and I sometimes tie them into analogies that I use to help adults learn. Most of the time, I will use stock/online images from PowerPoint; however, I find it can be a real struggle at times to find pictures involving much, if any, diversity. People other than white males are significantly under represented when you search for pictures involving professional jobs. Type in “leader” and you will need to do a lot of scrolling to find any pictures of women or African American, Latino or Asian people. Type in “CEO” and all 50 of the first 50 pictures with people in them are male. Type in “attorney,” “CFO,” “scientist,” “athlete” or try your own search terms and see how much these pictures are lacking in diversity. Presentations become part of the story being told in your organization, so make sure you consciously think about whose story is being told (and whose story is not being told) by the pictures and images you include in trainings and communications.
SUNDAY, AUGUST 8, 2021
Does your organization’s ethics and compliance program understand the difference between complicated and complexity?
I often hear people use the terms “complicated” and “complex” as synonymous, but this is, I believe, a mistake (Stanley McChrystal’s “Team Of Teams” does a much better job explaining this distinction than my post will). Something that is complicated (take a car engine or a mechanical watch) may be difficult to understand, but involves predictability and if a part is changed or removed it will not be able to work as expected. Something that is complex often involves interdependence on other things as part of a system and can also adapt even if parts or elements of it are removed. So what’s the connection to ethics and compliance? If wrongdoing has occurred in an organization, it is important to understand if the root cause is a matter of complexity or complicatedness so that the right steps and actions can be taken to address the root cause. Removing an employee for wrongdoing may not solve an issue if the behavior will continue even without that employee there (that suggests the issue may be one of complexity). Understanding the nature of the root cause is critical to be able to stop/treat and prevent the issue happening again.
SUNDAY, AUGUST 1, 2021
Does your organization understand the difference between “data security” and “data privacy”?
Data security and data privacy are both important, but are not the same concept. Not sure how they are different? Think about it this way – Magneto’s prison cell in the X-Men movie is (or, spoiler alert for X-2, was at least intended to be) secure, but is not private. Simply because data is secure doesn’t mean it is necessarily being kept private. It is important to make sure your organization understand what data needs to be secure, private or both.
SUNDAY, JULY 25, 2021
Does your organization’s Code of Conduct give employees the direction they need?
Ever tried to get around New York with a map of Boston or around London with a map of Los Angeles? A map of Boston works well for someone trying to navigate Boston, but doesn’t mean it will have the same value for someone trying to navigate another city because it isn’t designed for that purpose. Your Code of Conduct should be your organization’s “ethical map” that gives direction to your employees about the organization’s ethical values and principles and helps them to navigate potentially difficult or ethical situations that they may encounter in your organization. There is a lot to be learned by benchmarking and looking at the Codes of other organizations, but you can’t just copy another Code or just use something “generic”/“off the shelf” (you could, but it would be a waste) because that is the same as trying to navigate a city with a map of a different city. Having a Code of Conduct is not enough – you need to have a Code of Conduct that will guide your employees at your organization.
SUNDAY, JULY 18, 2021
Is your organization’s ethics and compliance program more focused on the perfectly worded message or the most effective message?
I am currently teaching my 6 year old daughter to learn how to ride her bike. After taking 4 hours of e-learning and certifying that she has read and understood the policy on “how to safely ride your bike,” I am confident she should now know how to ride her bike. To ensure ongoing engagement and commitment, she also signed an acknowledgment that she understands that violating our cycling rules may result in disciplinary action, up to and including no TV for a week. She is super excited about cycling.
While I am actually helping my daughter learn to ride her bike this summer, we did none of the above. I’m not a cycling instructor and have no experience teaching a kid to ride a bike, but I am taking my best shot at it and my less than perfect teaching is more effective than putting her in front of a screen and thinking she would learn that way. In the same way, managers and supervisors don’t need to be ethics and compliance experts to help employees or have a positive impact on your culture of ethics and compliance. Having managers and supervisors regularly talk about ethics and compliance (even if the message isn’t perfect) makes a positive and lasting impact. A less than perfect message from an employee’s direct manager (which can be based on an outline/talking points from ethics and compliance) is much more effective, personal and likely to resonate with employees than staring at a computer screen or certifying about policies. E-learnings, polices and certification are important and can have a role that adds value to your program, but they cannot replace the role of managers and supervisors.