This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.
The compliance profession faces many challenges. Some are more important than others. When it comes to evaluating performance or measuring compliance programs, the profession faces a steep uphill climb.
Unfortunately, measuring compliance programs and defining what an “effective” program is is an issue that requires extensive research and analysis. Justice Potter Stewart’s famous words defining “obscenity” – “I know it when I see it,” just will not work when it comes to effective compliance programs.
The U.S. Sentencing Commission has provided required elements of an “effective” compliance program; the Department of Justice has advanced the dialogue with its own approach and definition, as set forth in the FCPA Guidance and recently in the FCPA Pilot Program.
It is time now to develop a comprehensive focus on this specific issue. Everyone has an opinion when it comes to an “effective” program, but no one has the research or the data to back it up.
If the compliance profession is to establish itself based on the associated subject matter expertise, then this issue needs to be addressed. Professional credibility depends on a more rigorous approach to the issue. Of course, social science research is not so easy, nor is there is one answer to this difficult question, but more needs to be accomplished in this area.
When you think of “effective” compliance, there are many potential characteristics everyone can cite. For example, I can think of two easy ones: rates of reported misconduct in an organization and standardized ethical culture survey questions. Both of these categories offer important insight into the overall effectiveness of a compliance program.
There’s an important question to consider, however: how do you isolate a particular compliance program element and tie it to a particular result? Having more employees who undergo training and obtain certification does not necessarily mean that fewer employees will engage in misconduct.
Companies that have a code of conduct and communicate the code of conduct are likely to experience lower rates of misconduct than companies that do not have a code of conduct or communicate their code of conduct. This seems logical and provable.
Similarly, there has to be a way to measure characteristics of a culture that encourages reporting, notwithstanding the variance of actual rates of employee misconduct. In other words, there has to be a way to isolate whether or not employees trust an internal reporting system for misconduct.
These are all questions that need to be addressed and examined by the compliance profession with the help and support of research. Some organizations and academic institutions are beginning to address these issues, but more is definitely needed. Compliance practitioners have a lot to contribute here, and this is an area for compliance representatives to help support.
Ultimately, the compliance profession will be required to demonstrate its ability to critique its performance, bring some rigorous research to the table and help establish some parameters around this key issue. In the end, it will help the compliance profession to establish itself as a credible entity in the corporate boardroom, in political circles and in the corporate governance field.