Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Last week on Compliance Culture

Check out last week’s posts on Compliance Culture, in case you missed or want to revisit them.

Many thanks for reading!

READ MORE

Selected TED/TEDx talks by Dan Ariely on honesty, motivation, and choice

Dan Ariely is a professor of psychology and behavioral economics. He is well-known for his books in these fields as well as for his popular and admired TED talks. Ariely is an extremely effective communicator because his observations incorporate both psychology and business, blending the internal and external motivators for behavior. In this spirit, Ariely is able to debunk assumptions about conduct and provide explanations for instincts, two powerful sets of insights for compliance and ethics.

  • Meaning in Labor: Perhaps people’s assumptions about why we work and what we value most in our work cultures are wrong. Maturing from an idea that most people would rather not work and only do so to make money helps to show that a search for meaning (much as described by Holocaust survivor and psychologist Viktor Frankl in his work on existential analysis) is the most powerful and provocative driver of human labor and achievement. Simply put, meaning gives motivation, and having a purpose to the work performed encourages people to invest in it. The idea of giving purposeful work a priority that is equal to or even sometimes greater than profitable work is novel and challenging. However, this speaks directly to the importance of a robust compliance culture and a corporate identity that promotes ethical decision-making and acting with integrity. These values drive meaningful engagement and therefore can contribute to a more positive working environment and sustainable business.

 

  • Money Changes Everything: Taking the suggestion of the importance of meaning as the true driver behind human behavior (both inside and outside of work) forward, what then is the true impact of money? Clearly the power of money is a timeless and universal notion, but perhaps its actual effect on human behavior is not so straightforward. Money changes the tone of all interactions; adding the financial element to these relationships is transformative and perhaps demotivating. Therefore how do people’s decision-making processes and motivations change between their conduct in their private life, where money is not inherently a factor, and work life, where everyone is paid to be engaged together? Interestingly, this talk was delivered at Burning Man, where exchange of money is mostly not permitted.

 

  • The Unexpected Joys and Problems with Creation: The sense of accomplishment from successfully problem-solving and completing a difficult task may actually be the key motivation behind doing challenging or unpleasant things. The harder something is to do, the prouder people feel about persisting and doing it. Further, the sense that other people will feel this pride too or that the difficult work can benefit others is also a motivating factor. Not only does the altruistic sentiment make people more motivated, it may also make them more honest, as the force of “prosocial behavior” encourages people to engage in better behavior for a common good. This has obvious implications for compliance; a corporate culture which positions integrity and ethics as a core value and rewards it visibly will speak collectively to all these motivations and therefore drive productivity and engagement.

 

  • Self Control: Another important and interesting area of Ariely’s scholarship is in the study of self control. Self control can often be the interference between our long-term goals and our short-term desires, or our internal instincts and the external factors they face. Facing the trade-offs implied by these dichotomies is challenging. This often leads to over-emphasizing present impact of the decision-making over the future consequences. Encouraging people to consider and not discount the considerations of the future is very important for directing the impulse of self control into a more balanced and sustainable influence.

 

  • Temptations and Self Control: Continuing on the theme of struggling to balance current interests with more remote future outcomes, this lecture encourages people to understand what creates the gap in their self control. With this insight in mind, the trade-off becomes more manageable to consider in a more holistic way. Motivations to value future priorities or avoid future problems could include targeted rewards and using rationality against instinct to adjust gain-loss perceptions. This is easily applicable in the corporate environment, where performance evaluations and business strategies should be designed with both short and long term effect analyses in mind. This way, growth will be sustainable and values will be maintained.

 

Ariely’s presentations on people’s choices – including whether to lie or cheat, or not to – go directly to the meaning of why people do what they do, and what factors exist that may change or impact that. Organizational and individual integrity can be sourced back to these motivations for honesty and self-control, and therefore the studied application of Ariely’s insights to a compliance and ethics program is very valuable.

READ MORE

Round-up on compliance issues in sports

Sports and business are close partners all over the world. From this intimate relationship between athletics and commerce comes a huge variety of compliance issues. Huge revenues are made by individuals and organizations connected to all sorts of sporting events, ranging from professional leagues in the United States to the Olympics or other international competitions, and everything in between. For fans, there are demands from all directions for their attention and money. For organizations such as league administrations and companies that work servicing the sports industry, ethical issues are aplenty in their consumer and trade practices.

  • Doping has been a hot topic in competitive sports since the public controversies over the use of performance-enhancing substances in baseball in the 1990s and early 2000s. Since then, revelations surrounding high-profile athletes and even national athletic programs that have engaged in doping have been unrelenting. The one constant is that testing and ongoing oversight programs seem to be unable to effectively eliminate doping practices. Agencies charged with oversight over doping testing are often insufficiently supervised or resourced. In the meantime, the doping trade is continually innovating and moving into new markets, such as Ethiopia:  Inside the doping hotspot of Ethiopia: dodgy testing and EPO over the counter
  • The summer’s heavily reported-on transfer of Neymar from FC Barcelona to Paris Saint-Germain has opened up the black box of transfer protocol among elite football players and their clubs and managers. Uefa, European football’s governing body, faced tremendous public, club, and league pressure to scrutinize the trade and contract negotiations for fair play considerations. As record-breaking deals are being made by clubs, transfer rules and good faith conduct in those deals are being questioned more closely than ever:  Record Neymar transfer threatens to shake up elite football
  • The system of discipline employed by the NCAA is well-known by all college football fans. These disciplinary actions range from probation from eligibility and bans from playing in championship bowl games to restrictions on recruiting and reductions in scholarship funding. However, is this discipline fairly applied or effective in reducing or eliminating future violations? Public opinion has long been that the NCAA singles out certain institutions for sanctions while turning a blind eye to others, possibly based upon how much attention the discipline will get in the media – so is the real purpose of the discipline not really deterrence, but just naming and shaming? The efficacy of the discipline in doing much more than causing embarrassment is uncertain, throwing the whole enforcement scheme into question:  How Damaging is Probation?
  • The NFL has been the subject of ongoing academic and medical criticism for its handling of the medical issues surrounding repetitive head injuries suffered by players. Studies in brains from deceased players indicate overwhelming evidence of damage consistent with chronic traumatic encephalopathy (CTE), a disease which impats the brain with devastating consequences, similar to Alzheimer’s. The NFL has historically pushed back against the evidence and even refused to let players see their medical records, with their defensive motivations clear – football is big business, and if people are afraid to let kids play football, or feel it is immoral to do so, because of concussion issues, then the future of that business is in doubt:  Head Games: The Moral Calculus of Football and CTE
  • As sports and business go together, so do sports and another major revenue exploiter: gambling. While the rules of athletic bodies often prevent players from gambling to avoid match-setting, it can’t be ignored that the tone of much of the culture around watching sports, at least, is dominated by betting companies. Gambling advertising regulations in sport are certain to be considered in response to the obvious commercial pressures that come from these advertisements which are splashed all over stadium interiors and television broadcasts:  High stakes for gambling firms as pressure grows to curb role in sport

Like the markets and the economies of the world, sports are becoming increasingly globalized as well. As athletes move around the world from one country to the next to work and compete, and as business standards are translated across cultures, expectations and norms become all the more complicated. The business of sports is sure to be a growth area for compliance considerations as the entertainment aspect of athletics continues to expand.

READ MORE

Patagonia’s social responsibility and targeted political engagement as corporate values

The famous outdoor industry retailer Patagonia has a bold and defining mission statement: “Build the best product, cause no unnecessary harm, use business to inspire and implement solutions to the environmental crisis.” In this, a company which makes its profits off selling products to people who wish to explore and enjoy the outdoors has linked its strategy, growth, and indeed reason for existing, to respecting and protecting that environment. Patagonia’s reputation has been cultivated in the public eye to carefully coincide with this intention.

In recent times, however, Patagonia has grown much more quickly than its previously modest expectations, pursuing revenues wherever consumer demand takes the company and stepping up their competition. This has been driven largely by the fact that consumers who have an affinity for the environment and its protection also, logically, are interested in driving their spending power toward companies that they feel share this value. Millennial customers are highly motivated by companies which model social, cultural, and, especially relevant in the case of Patagonia, environmental values. With the vast array of consumer choices that the retail industry offers, both in products and in outlets to purchase these products, cheapest price or easiest availability is no longer the only or the loudest driver of buying power.

Patagonia has hereby achieved the special mix of corporate ambition and conscience. The company is not just an outdoors products retailer, though it still may be thought of as that by many. Instead, it has grown into a green venture capital fund, a food producer, book and film publisher, and a political activism organization that is willing to take on the US government on environmental protection and conservation causes.

Being a company that believes in something, and being rewarded with consumer loyalty, interest, and purchasing power for it, is a powerful message for compliance programs. Creating a serious, genuine corporate image based on values and then selling that image to customers as much as any other product is a huge ambition and a dynamic identity for the organization. Companies must develop corporate cultures which drive what they do with a specificity beyond pursuing sales and dominating product markets. They must recruit leaders who embody this, reinforce this honestly with their employees, and offer integrity in this message to the consumers who will trust them with their loyalty in return.

Hereby, companies such as Patagonia can become not only revenue leaders in their industries but also corporate role models to their peers and competitors. While seeking to directly motivate positive change at the publicly traded titans of industry may be biting off too much to chew, organizations can grow themselves strategically so that their own corporate impact is bigger and better.

In Patagonia’s case, relying on direct-to-consumer business via their own stores and website means that they can take their growth and values ambitions directly to their customers and feed-forward based upon the reception they receive. This is a powerful engagement opportunity for a brand and building a political and social consciousness that is informed by it means that the company can shape itself into the type of organization its customers admire and with which they want to be associated. While Patagonia cannot force political action or change at the highest level on its own, as a company it can be forward-looking and progressive in a time when its consumers appreciate and desire these values. Hopefully, Patagonia can also be an example to other companies to raise the competitive standard for corporate cultures and relevant, genuine social responsibility as a core business value. If that is effectively accomplished, then productive change for the collective can be well within reach.

For more about the power of Patagonia’s corporate social conscious, check out Abe Streep’s story on Outside Online.

READ MORE

The changing nature of, and expectations for, trust

Discussions of trust and honesty are popping up everywhere in the public discourse. From disputes over what constitutes “fake news” to discussions involving “alternative facts,” the current culture is obsessed with the struggle to determine what’s really real. Who can be believed, and why? How does anyone know for sure? The objective of establishing trust in an environment where the goalpost of the truth seems to be constantly in motion is challenging and even frustrating. However, in such an atmosphere, a flight to quality for integrity in ethical character and decision-making is needed more than ever.

  • The ubiquity of the internet makes it a powerful force in the overall assessment of trust in society. Concerns about security and privacy are a constant in the remote digital interactions of the internet, where much can be done and said anonymously. Advancements in technology promise to embed the internet and its connections further into the daily experiences of individuals and organizations. But does the internet hurt or help trust? At the very least, it seems that the nature of trust will be seen as evermore fluid, as the internet empowers the world yet suffers from countless security insufficiencies that set credibility and honesty on edge:  The Fate of Online Trust in the Next Decade
  • Compliance programs that are overly rules-based, focusing on preventing behavior defined as criminal or illegal and fine-tuned by enforcement standards, may prove inadequate for restoring trust in institutions. The public does not want to see that unethical behavior is only a problem if it involves breaking an existing rule or law. Indeed, a huge part of the compliance discipline is the aspirational aspect, where the controls seek to address the discrepancy that can exist between what is legal and what an organization wants to consider acceptable. Rather than going heavy on the rules-based approach, a values-based approach can be much more meaningful, giving the reassurance that the compliance program seeks to identify root causes and inspire ethical conduct, rather than just enforce rules and protect management from liability:  ‘Criminalized’ compliance may backfire in quest for better Wall Street cultures
  • Ten years on from the start of the global financial crisis in 2008, many observers are left underwhelmed by assessing the true change that has happened in its aftermath. Fundamental shifts in conduct and business practices were needed to truly reform the financial services sector and make the supervisory efforts over it effective. A major challenge in the recovery from the crisis was how to make the system more resilient, to withstand another crisis the same as or worse than before. However, perhaps more important was the effort to restore public trust in the industry, which could only be accomplished by taking a deep dive into the causes of the crisis and doing hard work across many organizations to address the reasons why and why not forever. While the regulators have made lots of new rules, and banks have been publicly shamed and put through the rigors of new testing and requirements that are seemingly without end, the markets don’t seem to trust that anything has really changed for the better – and maybe the public shouldn’t believe it either:  Markets Don’t Trust Banks, and They’re Right
  • So how to restore that public trust which has been violated and lost? Stronger governance is the first step, to weed out the problems which still exist and will take time to address effectively, like corruption, cybersecurity, and differences in reporting regimes. Injecting clarity into a truly integrated system which is more consistent and allows for comprehensive monitoring will help also to let the public know that supervisors are looking in the right places. These system overhauls and others should help to create markets and networks which are more likely to foster and support financial stability in the future:  Ten Powerful Actions To Restore Public Trust And Confidence In The Global Economy
  • As the advancements of technology constantly outpace regulatory and legal frameworks intended to control them, what implications do biometrics innovations have for trust? Data privacy concerns prevent many people from engaging in newer technologies, but what will happen when traditional authentication of identity is no longer available? Social media, AI such as facial recognition, and other advanced means of identification and verification are on their way, and all the problems of inclusion, access, and security that challenge their trustworthiness are coming with them:  The evolution of identity: trust, inclusivity, biometrics and beyond

Organizations must grapple with the fluid nature of trust and the expectations around it, in order to have any hope of inspiring trust and faith as cultural norms both inside and outside the office.

READ MORE

Creating employee awareness for cybersecurity risk management

Cybersecurity is one of the major risk areas for businesses of all sizes and a frequent examination and enforcement priority for regulators. The challenges posed by cybersecurity are diverse and serious – data privacy, breaches of sensitive customer or employee information, business continuity, reputational risk due to information leaks or data loss, physical and financial damage to IT network or infrastructure, and more.

Addressing these threats posed by possible cyberattacks or security weaknesses is very important for organizations, but all protective measures rely upon engagement of employees in accomplishing this objective. Obtaining this engagement requires effective communication to employees to raise their awareness and encourage their understanding of the daily objective at hand.

  • Make relevant policies accessible, relatable, and easy to understand: In order for employees to understand their responsibilities in a cybersecurity program, the governing policies and procedures must be simple and straightforward. The policies should be easy to locate on the organization’s intranet or in the policies manual or employee handbook. They should be written in plain English and provide the essential information and guidance necessary for employees to understand what they must do to protect the company and themselves. Individual objectives and obligations should be highlighted and reinforced by line managers.
  • Connect cybersecurity program to stakeholder commitments: For all employees who are not IT professionals, the risks inherent to and controls necessary for cybersecurity may seem abstract. However, there are fundamental organizational values which can be concretely attached to the objectives of a cybersecurity program. Taking the privacy of customer and/or employee data seriously is not an esoteric concept; this is important to every employee on a personal level. Being trustworthy and transparent about this goal, likewise, is something everyone can support for the good of the organization. Establish a connection between the goals of the cybersecurity program and the company’s stakeholders such as customers, business partners, and regulators/supervisors. Emphasizing these duties will enable employees to see how important cybersecurity controls are to those relationships.
  • Set expectations for personal responsibility: As with all compliance risk topics, the tone at the top is critical to establishing the mood in the middle and the buzz at the bottom. Employees will not become prioritize a topic unless leadership clearly and sensibly advocates for its importance. Senior management should express that each person working in an organization has individual accountability for protecting the company from cybersecurity risks and attacks. An employee’s responsibilities may seem minor or not worth publicizing, but these practical measures are often the most fundamental in keeping the organization’s IT systems secure.
  • Emphasize conduct and basic good practices: Every compliance program begins at the beginning. The building blocks of security protections must be strong starting at the most fundamental measures. Advanced protocols and encryption methods are not the message to take to the general employee population. Rather, focus on their own individual conduct and best daily practices, such as caution with data handling to avoid human error like inadvertent e-mails or lost devices and files. It is imperative that the workforce understands and takes responsibility for managing these simple, widespread risks from their own behavior.
  • Publicize successes and take action on failures: The organizational message of open seriousness about cybersecurity risks should be consistent. When there are successes – such as proactive identification and remediation of a security weakness without a data breach, or improvement in employee conduct around reporting phishing emails – publicize them and discuss them. Positive reinforcement is key. However, when there are failures – such as the detection of an unauthorized intrusion or a string of employees losing laptops and flash drives – then these too should be communicated broadly and acted upon promptly. In this case it is not negative reinforcement but rather directed analysis to improve in the areas which current evidence shows need the most work.

With all the broad landscape of cybersecurity risks in view, and the methods and objectives of cyberattackers evolving continually, control frameworks for cybersecurity will remain an ongoing project in compliance programs.   Creating and maintaining basic employee awareness of and sensitivity to these risks is crucial to ensure that all other controls can be as effective as possible

READ MORE

This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: Employee awareness and cybersecurity
  • Tuesday: The current status of trust
  • Wednesday: Patagonia and the branding of social responsibility
  • Thursday: Compliance and sports
  • Friday: Insights by Dan Ariely on honesty, motivation, and choice

Don’t miss it!

READ MORE

Last week on Compliance Culture

Check out last week’s posts on Compliance Culture, in case you missed or want to revisit them.

Many thanks for reading!

READ MORE

Selected Frontline documentaries on financial crisis and compliance

Frontline is a documentary series that has been broadcast by PBS since 1983. The series covers a broad range of social, political, and historical topics. Among these documentary programs have been several episodes that have covered financial crises or compliance issues in the markets or at organizations. These topics range from the 2008 global financial crisis to an overview of corruption and unethical behaviour on Wall Street to fraudulent and misleading practices within specific companies that contributed to market instability and economic collapse.

  • To Catch A Trader and insider trading – This 2014 episode covers the history of SAC Capital Advisors, a group of hedge funds founded in 1992 by Steven A. Cohen which was very successful for many years but declined after numerous investigations by the US Securities and Exchange Commission for insider trading. Several former traders were indicted by the US Department of Justice and the firm itself pled guilty to insider trading charges, subsequently shrinking away after returning external investors’ money to them and divesting the rest of its capital. SAC Capital Advisors no longer exists as of 2016, but the divestment process is ongoing and continues to raise questions about conflicts of interest and ethical practices at the firm. As for Cohen himself, he runs what was once SAC Capital Advisors as a family office and remains active in the financial industry despite his failure to supervise at SAC.

 

  • Dot Con and financial markets fraud during the dotcom bubble – From 2002, this episode looks at the “dotcom bubble” of the late 1990s, when the financial markets were crazy for new internet companies and their IPOs were aggressively marketed to the investing public. At the time this was a totally new frontier and the growth of the bubble was fuelled by aggressive allocation practices in the IPO process. Did the eagerness to exploit this new market tip over into fraudulent or misleading handling of the IPOs? In the rush to take companies public, risks were certainly ignored or unknowingly assumed by investors. Transparency in the marketplace was really lacking, and no one wanted to miss on profits to slow down and question whether what was going on was appropriate or advisable. This is a formula which is bound to repeat over and over again in future financial market advances and collapses.

 

  • Inside the Meltdown and the causes of the 2008 global financial crisis – This 2009 documentary starts with the seeds of fear that were sown in late 2007 about the effect that the bursting housing bubble would have on Wall Street investment firms. Saddled with bad debt and hounded by rumors of instability, in 2008 financial organizations began to decline and collapse precipitously. First Bear Sterns, and then Fannie Mae and Freddie Mac, failed and needed rescue. Then finally in September 2008 came Lehman Brothers – and from the Treasury Secretary Henry Paulson, who was subject to immense political pressure and criticism from the handling of prior crises, there came no bailout. In the aftermath of this, the financial crisis unfolded and ensued. Questions still remain about how this happened so quickly and severely, who caused or could have avoided it, and whether the plans to fix it and avoid it happening again have been effective.

 

  • Money, Power and Wall Street and the effects of the 2008 global financial crisis – In a sense picking up where the previous documentary left off, this 2013 episode looks at the often problematic efforts to recover from the financial crisis. In the many efforts to repair the global economy and strengthen the system to withstand future crises that are similar or more several, the financial markets and the governments that regulate and supervise them have struggled against themselves and each other. With investors and taxpayers all over the world on the hook for the risk and the bill, bold decisions as well as failures to act have characterized the rescue and rebuilding process, and continue to raise doubts about the resilience for the future.

 

  • The Warning and failure to regulate the derivatives market – This 2009 documentary looks at the financial crisis not from the perspective of the firms that weakened the market or collapsed within it, but from one segment, the derivatives market. This market is mysterious and key regulators took a hands-off position in investigating or managing it. The fears were that regulating the market could lead to financial crisis; it’s possible that not regulating it was one of the key causes of the downturn, in the end. These complex dynamics which prevented changes in the risky derivatives market still exist in governments and the markets today. Failing to change or move on from these to close the regulatory gap suggests that future crises are inevitable.

 

These are only just some Frontline episodes from over the years of the program that have touched on historically important events and issues relating to financial crisis and corporate compliance. These compelling documentaries provide a rich and informative, yet accessible, view into the complex and wide range of these topics.

READ MORE

Round-up on the ethics of the Internet of Things

The Internet of Things refers to physical devices which are inter-networked and can share and store data between themselves. This includes things such as televisions, cars, buildings, and other objects that have network-connected technology inside that allow these objects to be accessed and controlled remotely via computer-based networks. This also includes systems that operate in this way, such as smart homes, grids, and cities. These things can be identified and operated individually but also are part of the interconnected system and can have co-dependencies.

There are obvious ethical issues with a highly connected and complex system such as the Internet of Things, where tremendous amounts of data are stored and shared and ultimately used in often mysterious or unclear ways – certainly to improve the intelligence of the Internet of Things and make it operate more efficiently, but also potentially for malicious or dishonest purposes.   Security vulnerabilities in a system which is remotely accessible are also an alarming risk, as unauthorized intrusions or destructive attacks could render everyday items such as cars or door locks inoperable or turn items such as smart houses or transportation networks against their users.

  • The technology that drives the Internet of Things has grown explosively, and legal and compliance frameworks have not been able to keep pace. Questions of liability that arise from cyberattacks on the Internet of Things and rules of responsibility governing companies working within this space are largely undefined. The Internet of Things may bring change to society similar to that of the Industrial Revolution. A thoughtful view on regulations and ethical guidance to protect privacy and security from the earliest design point in the industry is crucial: The Internet of Things Needs a Code of Ethics
  • Among all the fears of artificial intelligence and sentient, unfriendly robots with autonomous weapons, the real risk of the Internet of Things will still lie in the hands of humans. Hackers are a big threat to the system’s security and this risk must be taken seriously, with organizations investing in controls to prevent and mitigate attacks, intrusions, and disruptions that could damage devices, harm people, and interrupt business operations: Why Hackers Will Become a Significant Threat to the Internet of Things
  • The data produced in the Internet of Things is a major security and privacy consideration. Users of these interconnected devices may not realize how much information the devices have about them and their activities. The Roomba, a small robot home vacuum, was an early-comer to this market. The company that makes it, iRobot, has said it hopes to make money from selling maps of users’ living rooms to other companies. Using customer data for profit from a third-party is nothing new in the internet company world, but there are many questions of privacy, notice, and consent which remain to be answered: The Internet of Things is a data farm, Roomba won’t be its only profiteer
  • Cybersecurity fears about the Internet of Things extend to the U.S. government as well, where legislators have proposed to make sure that smart devices can receive security updates like traditional computers. Lawmakers also seek to prevent manufacturers from hard-coding passwords into their system tools that can be manipulated by hackers to take control of the related devices. The U.S. government is just as interested in the objects of the Internet of Things as consumers are, and safeguarding against present and future risks from them is top of mind: Two U.S. lawmakers think the government has a new cybersecurity problem: The Internet of Things
  • So what does all this mean for the future of the Internet of Things? Will the risks of it slow its growth or it will it continue to advance in both complexity and connectivity, its risks unchecked or outpacing the frameworks created to control against them? It appears likely that the value and appeal of connection, and the fear of not being able to function and communicate, will outweigh the desire to want to withdraw from it for safety and privacy purposes: The Internet of Things Connectivity Binge: What Are the Implications?

The intelligence and complexity of the Internet of Things will continue to grow as consumer applications become more in demand and commonplace. The need for strong security standards and clear customer protections will expand in kind. Privacy, safety, and control are all ethical concerns which compliance programs at the companies working on the Internet of Things will have to consider prominently in future risk assessments and strategic plans.

READ MORE