Like many catch phrases, “zero tolerance” obscures more than it explains and hurts more than it helps. Rather than adopting zero-tolerance policies, corporate compliance should take a lesson from fields like manufacturing and strive for processes and cultures of continuous improvement.
A leader who advocates “zero tolerance” is either a knave or a fool.
In the public sphere, zero tolerance has resulted in a second grader suspended for biting his Pop Tart into the shape of a gun, a 4-year-old placed on in-school suspension for hugging a teacher and a D.C. resident with no criminal record threatened with a year in jail for having an inoperable shotgun shell in his own home.
The impact in the private sector of well-intentioned but ill-conceived zero-tolerance policies may be less spectacular, but just as harmful:
- Zero tolerance encourages a culture of deception and cheating. Normal people in normal situations will ignore or cover up petty mistakes/infractions having disproportionately severe consequences. Over time, indifference and cover-ups can spread to more severe wrongdoing.
- Zero tolerance demoralizes your best people while encouraging your worst. Zero-tolerance policies are rarely evenly enforced. Disproportionate punishments and favoritism turn off or turn away motivated, moral employees while creating an environment in which the dishonest thrive.
- Zero tolerance leads to bad decisions. Sound decision-making rests on accurate information. A culture of deception and demoralization masks the unfavorable news managers must receive to manage rationally. Moreover, when challenged regarding a bad decision, a manager may embellish or fabricate justifications, entrenching the decision and fostering further deception and demoralization.
Zero tolerance sounds good to politicians, academics and activists – people who benefit from staking out the moral high ground, but who generally dodge the consequences of the get-tough policies they advocate.
The Real World Requires Tolerance – An FCPA Example
The real world is imperfect. Humans are imperfect. And imperfection requires tolerance.
For corporate compliance purposes, however, “tolerance” does not mean a lack of standards or failure to impose consequences for failing to adhere to standards. Rather, “tolerance” needs to be understood in an engineering sense, meaning an essential part of businesses processes and cultures that are dedicated to continuous improvement. As these processes and cultures improve – as they become more transparent and consistent – the degree of “tolerance” will narrow.
This message appears to be sinking in even within federal enforcement bodies. In enforcing the anti-fraud provisions of the U.S. Foreign Corrupt Practices Act (FCPA), for example, the Department of Justice (DOJ) recently announced a pilot program to “promote both transparency and accountability… [by granting] those voluntarily disclosing a reduction of up to 50 percent below the low end of the applicable U.S. Sentencing Guidelines fine range.” In addition, the DOJ will not generally require appointment of a monitor, and where those same conditions are met, the DOJ will consider a declination of prosecution.
Three Key Steps for Your Own Company
The DOJ’s pilot program may help a business make the best of a bad situation. But compliance should first work to avoid the circumstances that required self-disclosure in the first place.
How should you do this?
Begin with three simple (but not easy) steps:
- Define your compliance processes. In a surprising number of cases, even sophisticated global companies fail to define compliance processes properly. At the least, you should flowchart them, showing steps, decision points, input/output documents, decision-making authority/accountability and audit. Beware escalating decision-making to someone with a loftier title but no more information or expertise than the person below.
- Combine audit with statistical-control analysis. Audits should not only spot noncompliance, but also help uncover the root causes of such noncompliance. Designing audit processes so they enable statistical-control analysis will help you determine whether a problem has arisen from a special cause (e.g., one apple in the bushel went rotten) or a general cause (e.g., we are picking rotten apples, or placing sound apples in a moldy bushel-basket). Treating special causes like general causes, and vice versa, can be worse than doing nothing.
- Favor swift-and-certain over severe penalties. The trend in deterrence research finds that swift-and-certain penalties better deter misbehavior than severe penalties. The DOJ’s pilot program reflects this trend. Noncompliance that involves law-breaking will always require special consideration, but for a wide range of internal compliance violations, lesser sanctions quickly and consistently imposed can produce a better long-run outcome for the business than “lowering the boom” every once in a while.