“Compliance.” “Ethics.” “Audit.” These three little words have different meanings and elicit varying reactions from company to company. In some organizations, “compliance” carries negative connotations, “ethics” brings to mind boring presentations and hearing “audit” instills fear. But in other firms, these words, and the critical functions they represent in the company, are so woven into the fabric of the organization that they carry no more fear or angst than hearing “IT” or “operations.”
And those meanings and reactions (even the negative ones) are generally quite different today than they were 15 to 20 years ago, even in the same organizations. As the regulatory and legislative landscape has changed over the years, more and more organizations have come to embrace the compliance, ethics and audit functions rather than treating those functions as painful and unwelcome requirements. That is to say, rather than treating those responsibilities as necessary evils, organizations are choosing to embrace them as welcome allies.
That is a powerful shift. For years, there has been talk about the need for organizations to adopt and foster a culture of compliance and to create a tone from the highest levels of the company about the need to not only follow the letter of the law, but to live and promote the spirit of the law.
What is a culture of compliance?
A culture of compliance can be defined as encouraging employees to always do what’s right, whether or not anyone is looking. When employees at any level of an organization understand what’s expected of them, believe that firm leaders embody those same principles and know that doing the right thing is the only acceptable way to handle day-to-day responsibilities or situational issues, it can lead to all kinds of positive results:
- Employees will feel safer and more comfortable, leading to higher job satisfaction and lower turnover.
- Clients will be treated right and will want their friends and family to experience the same great treatment, leading to increased sales.
- Mid-level management will know that their actions and direction have the support of those above them in the corporate hierarchy.
Everyone wins when companies successfully create, live and breathe compliance and ethics.
Baking compliance, ethics and audit into the corporate pie
Knowing that compliance is important, helpful and needed is one thing; actually making it so commonplace that it’s not even given a second thought is a separate challenge and, frankly, it’s one that some organizations have done really well at while others still struggle.
There are things every one of us does every day that we are required to do by law, but we aren’t thinking about the law when we do them; the element of compliance with the law probably doesn’t even come to mind because the actions are so ingrained in our lives.
Take wearing seat belts as an example. I am old enough to remember driving before seat belts were required, and I remember the challenge initially of having to remember to put my seat belt on in the car. Complying seemed frustrating and constraining. Fast forward more than 20 years later: I put my seat belt on automatically when I get in the car. I don’t do it with any conscious thought about the law behind it; I don’t grumble and complain about how much easier driving was before seat belt use was mandated; I don’t not put on my seat belt if nobody is looking. It’s just something I do now automatically when I get in the car, and I’m betting most people would echo that.
Is comparing seat belt laws to compliance laws and regulations a bit of an oversimplification? Maybe. But, the principles of compliance and ethics for businesses need to be approached the same way. Companies that have been very successful in implementing a compliance culture and a compliant tone from the top have gotten to the point where following policies is just something everybody does at work, every day, without even having to think about the laws or rules behind those policies and procedures. Their employees do what’s expected and what’s right, even when nobody is looking.
Finding the right ingredients for the corporate pie
If you’re starting with a brand new organization, you have a clean slate (or a clean mixing bowl, if you will) and can start fresh with policies and procedures in which compliance is just an integral part.
Existing firms likely have some corporate governance, compliance, risk and audit functions in place already, so the threshold challenge is assessing what’s already in place and determining its adequacy or shortcomings.
Here’s the shortlist of ingredients needed to bake compliance, ethics and audit into the corporate pie:
- Personnel. When it comes to “tone from the top,” an organization has to have the right leaders. Start with effective leaders who aren’t afraid to take the ethical route and the right approach, even if it may not be the most financially rewarding route. The same holds true for rank-and-file employees; hiring a warm body to fill a role is not an option for companies with successful compliance cultures. Employees need to share leadership’s vision and commitment; employees (or leaders) who cut corners inappropriately may not belong in the organization.
- Communication. Even with the right leaders, your corporate compliance pie may fall flat if the lines of communication are not effective. Employees at every level of the organization need to know leadership’s expectations and commitment to doing things the right way. “Compliance” and “ethics” also must move beyond being simply words used in annual meetings and parroted by mid-level managers but not put into action. The spirit behind compliance, the need to do things the right way because it’s the right way, should be covered in some fashion during every employee meeting and in every employee memo. The approach for successful communications needs to be more about “This is how compliance is helping…” rather than “We are doing this because compliance says we must.”
- Automated processes. This “ingredient” is all about making things easier for employees. When doing certain tasks is onerous, it’s tough to reach 100 percent compliance. Making processes and workflows easier through automation is one of the easiest ways to help make compliance just part of the routine. For example, every organization wants and needs some level of control over marketing materials and communications with the public. A paper-based or an email-based approval process is fraught with the potential for processing and recordkeeping errors even in the smallest company; in large organizations, such an approach is just not scalable. Delays, paper-shuffling and mistakes can all contribute to personnel viewing compliance negatively.Automating the process and approval workflows makes everyone’s jobs easier. There are many ways to use automation to help build an effective culture of compliance, including using it for policy and procedures or code of ethics manual attestations and updates, legal holds, audit workflows and more. Simplify processes for employees and watch as compliance improves along with employees’ views of compliance requirements.
- Appropriate resource allocation. Sprinkle resources liberally and stir into the corporate batter. While the goal is to ultimately make compliance, ethics and audit processes part of everything that goes on in the company, firms still need to have dedicated resources handling compliance, audit and corporate governance functions.
When these departments are stretched too thinly, even firms with the best of intentions can end up in hot water because something was missed or overlooked. Adding more personnel and allocating more dollars to compliance is not a guarantee that the organization will never face litigation or regulatory action, of course, but it provides some added insurance. Appropriate staffing for compliance, audit and corporate governance also makes it clear to regulators, the public and the rest of the organization that the company values and expects employees to do things the right way, every time.
Conclusion
The sea change in corporate regulation for every industry has pushed compliance and corporate governance more to the forefront, which ultimately benefits everyone.
To remain successful and compliant, organizations must “bake” compliance, ethics and audit right into the corporate “pie,” making those functions part of every aspect of the business. By adding the right resources, making compliance part of the everyday lexicon and making the act of complying easier on employees, companies that are not already there will get to a place where employees don’t make a conscious distinction between something they do because it’s required by law and something they do because it’s the right thing.