It’s Your Culture, Stupid: It’s Impossible to Control Your Way to Compliance

A True Tale of Transformation and the “Control” Myth

We were a global, multibillion-dollar specialty chemical company. We had some of the most experienced, highly credentialed and dedicated health, safety and environmental (HSE) professionals in the industry. We had a wall-shelf full of policies, procedures and manuals on every HSE law and best practice under the sun. We performed extensive HSE training, and we ensured that all manufacturing personnel maintained government-mandated certifications. Every year, we spent hundreds of thousands of dollars on HSE audits of our chemical plants around the world and invested millions more in HSE improvements. We were also one of the most dangerous chemical companies in the world to work for with an uncomfortably high percentage of employees injured or killed on the job every year.

This changed when Gary Cook took over as CEO.

Within two years after Gary took the helm, our company’s safety performance ranking went from the bottom to the top of the chemical industry. Here’s the thing, though: We didn’t change one policy, procedure or guidance document. Instead, we changed our culture.

Parts 2, 3, 4 and 5 of this series focused on key compliance and ethics program attributes that “enable” compliance. They are essential, but insufficient by themselves to avoid the bear traps[1]. If they were sufficient, the health care industry would not have paid over $40 billion in fines over the last 20 years for corrupt business practices.

Had you toured the corporate offices of Pfizer, Siemens, Merck, Johnson & Johnson, Novartis and dozens of other marquee companies before they were being caught by the bear traps, I’m confident you would have been impressed by the volume of policies, procedures and codes of conduct on their shelves. You would have been awestruck by the quality of their compliance training programs and the vast number of highly credentialed, dedicated compliance and ethics professionals. But, as each of these firms and thousands more have discovered the hard way, you cannot “control” your way to compliance.

For compliance and ethics professionals like me, this is a hard pill to swallow. Like many of you, I’ve toiled for decades to build world-class compliance and ethics programs only to observe that it’s all just window dressing absent a strong ethical culture.

Fundamental Behavioral Drivers

To build and sustain a strong ethical culture, you must first understand and harness the forces that drive behavior in organizations. These are illustrated in the organizational behavior distribution curve diagram below.

In this graph, the Y axis represents the number of people behaving in a particular way. The X axis demarcates various behavioral boundaries:

• Ideal, defined by full compliance with applicable company, legal and ethical standards and behavior that promote harmony, teamwork and engagement.
• Organizational, defined by company policies and procedures.
• Industry, defined by industry ethics standards.
• Legal, defined by the law.
• Catastrophic, defined by corrupt business practices that put both the individuals involved and the enterprise at material risk of a significant enforcement action.

The curve drawn on the graph is the kind of plot you might see in an organization with a fairly strong ethical culture where the vast majority of employees are in the “acceptable behavior zone” and where there are no employees in the “catastrophic behavior zone.” However, such an organizational behavior profile does not happen spontaneously. It takes work to achieve it, because there is a constant pressure to cheat, or strain placed on employees to perform. This powerful, unrelenting force always pushes toward the “unacceptable” and “catastrophic” behavior zones, not because people are wicked, but because it is always easier, faster and cheaper to achieve performance goals by violating rather than following the rules.

It’s always easier to sell a drug by promoting it off label for multiple uses than it is to market it for a narrow, approved indication. It’s always easier to sell a medical device by paying a kickback to a health care professional than it is to compete for the business on quality and price. Company structures and systems like the ones described in Parts 2 through 5 of this series are designed to oppose this pressure to cheat. But, as experience has shown, they do not drive behavior – hence the dotted line in the diagram.

Instead, the primary behavioral drivers that have the potential of opposing the constant pressure to cheat are individual attributes and social dynamics.

Individual Attributes and Social Dynamics

I believe we all have a free will. Regardless of the magnitude of the strain placed on us to perform, we can each choose to do our jobs in the “acceptable behavior zone.” Whether we have the capacity to do this depends on the degree to which we:

• know the rules,
• have a desire to follow the rules,
• choose to follow the rules even when it is hard and
• make a habit of always following the rules.

However, decades of scientific research has shown that more often than not, individual attributes are overwhelmed by two powerful social dynamics: response to authority and conformity to social norms. I’ll spare you a description of the groundbreaking experiments revealing this aspect of human behavior and merely refer you to the work of Solomon Asch and Stanley Milgram, who showed that the vast majority of us will do what the boss says and go along to get along, even if we think doing so is wrong.

However, the power of social dynamics can be also be harnessed to promote ethical behavior. The single most important factor that determines whether this happens is the character of an organization’s leaders. If, like Gary Cook, corporate executives exploit their authority for good, a strong, sustained ethical culture will emerge in which employees self-police and act in accordance with the rules. But if corporate executives and directors get this wrong by putting too much strain on the organization to perform and they fail to exploit the power of social dynamics to induce individuals to follow the rules, the outcome is as predictable as it is catastrophic: 100 percent of the time, such leaders will find themselves at the helm of a criminal organization with a behavioral distribution curve looking like the one below.

This is the phenomenon that has been repeating itself for decades in the health care industry, delivering thousands of firms and business professionals into the bear traps. The next time you read about a health care company paying a hefty fine or signing a corporate integrity agreement, don’t look to their compliance department for accountability; look to the company’s C-suite and its board of directors.

These observations present both a challenge and an opportunity for us compliance professionals. In addition to building and operationalizing effective internal controls, to succeed in our mission of promoting ethical business practices, we must find a way to reach our leaders. We must help them understand that if they have a genuine desire to avoid the bear traps, they need to exploit the vast power of social dynamics for good.

Specifically, we must persuade our leaders to strive for financial performance without inducing criminal conduct. We must help them understand that they cannot outsource compliance to others in the organization. Instead, our leaders must exhibit a passionate, relentless, uncompromising commitment to operating in accordance with the law and applicable industry standards. This is what Gary Cook did to drive safety performance at a dangerous chemical company many years ago. And, as Gary demonstrated, it is the most reliable and potent means to drive behavior in any organization. People follow the leader, not the policy.

I must confess that for over 20 years, I’ve had only limited success in my attempts to coach and train corporate executives to be strong ethical leaders. In addition to being ambitious and highly intelligent, most CEOs and other corporate executives I’ve worked with were also exceedingly arrogant and unwilling to heed the advice of compliance professionals, let alone examine and improve their ethical leadership skills. In virtually every case, their primary focus was on their own survival and short-term financial metrics. Very few devoted the energy necessary to become strong ethical leaders capable of building and sustaining a strong ethical culture.

The difficulty of coaching executives to be strong ethical leaders does not diminish the importance of trying. Regardless of how daunting this task might be, we compliance professionals must find a way to persuade our leaders to get in the game and to play it well to ensure all our work to create a sound compliance and ethics program is not in vain.

[1] As mentioned in part 1, the term “bear traps” as used herein refers to the anti-kickback statute (AKS), the False Claims Act (FCA), the Physician Self-Referral Law (aka the Stark Law), the Civil Monetary Penalties Law (CMP) or the Eliminating Kickbacks in Recovery Act (EKRA). Enforcement actions pursuant to these laws against thousands of individuals and companies in the health care sector have resulted in incarcerations and tens of billions of dollars in fines.