Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Corporate cultural change: Awareness and dialog, not training

This is the final entry in a series of five posts suggesting best practices for implementing corporate cultural change.  For an overview of all the tips on this subject, check out this preview postThe first post in the series was about tone and conduct at the top and the importance of operationalizing these. The second post discussed how to tangibly encourage organizational justice via consistent, visible investigation and enforcement efforts. The third post focused on policies to have in place, while last week’s post was about the procedures to complement and support those. Today, the fifth and last post in the series will provide ideas for how compliance programs can go beyond traditional training to create a culture which risks and values are addressed and integrated into awareness and communication efforts.

The last four posts have discussed the management controls and organizational structures that are important to implement in order to address needed cultural change and manage compliance risks. Motivating management to act as leadership and vice versa and then taking advantage of their fluency to leverage buy-in for enforcement efforts, policies, and procedures that will contribute to reform and improvement initiatives has been the focus so far. The final area for compliance and ethics professionals to take on in this process is employee and organizational education.

READ MORE

Ethical decision-making and hard choices

Encouraging ethical decision-making is one of the main aspirations of any corporate compliance program.  At both the employee and organizational level, it’s important to support and promote the choices that are most consistent with both explicit rules and implicit values.   Individuals and corporations can demonstrate their principles-based identity through the choices they make.

Genuine commitment to making the most ethical decisions through the complex environment of inadequate information, lack of connection to consequences, competing interests, and limitations of belief systems/choice frameworks – just to name a few of the many risks inherent – is a critical component of a culture of compliance.  Individual persistence to honor internal codes of ethics and moral convictions will scale up to create heuristics and habits across the organization that support responsibility and thoughtfulness rather than a culture of fear and habits reflecting limited vision.

READ MORE

MiFID II conduct principles and markets integrity

MiFID II – the second Markets in Financial Instruments Directive – became law across the European Union on January 3, 2018.  It’s intended to overhaul the entire supervisory framework for financial sector organizations who are in the EU, have clients in the EU, or wish to have access to or establish equivalency for the markets there.  Its predecessor law, MiFID I, became law in 2004 and was judged to have not stood the test of time in the aftermath of the global financial crisis.  Therefore the seven year drafting process – from 2010 to 2007 – that culminates in MiFID II implementation this year is aimed to set a higher regulatory standard for investment banks, broker-dealers, and other institutional market participants and their employees.

Much of the attention about MiFID II implementation has focused on the burden to organizations from financial costs, human capital and efforts, and changes in commercial strategy that will be required for firms to work toward compliance with the new laws.  The laws are thousands of pages long and touch nearly every area of the financial services markets.  Some of the major areas of focus in MiFID II are investment research, transaction reporting, and brokerage compensation arrangements.  However, the far reach of banking and securities markets activities into the economy means that laws intended to govern this sector have a broad and dramatic scope as well.

READ MORE

Selected TED/TEDx talks on values-led people and organizations

A successful and robust corporate compliance and ethics program will have a blended focus on rules-based and values-based controls. Taking an integrated approach to performance and conduct is necessary in order to facilitate awareness of and adherence to compliance risk management efforts and expectations. Rules and values cannot be separated, and should indeed be balanced together to make the most compelling call to action by employees and management.

Legal and regulatory guidelines and company policies and procedures form a clear foundation for the rules and make up the structural, mandatory portion of a compliance program. Deriving this from external and internal requirements is somewhat straightforward and can be accomplished with methodical planning and continuous updating and education.

Values, on the other hand, form the ethics discipline and come from the moral codes of individuals and the commitments to integrity made by the organizations within which they work. While more resistant to obsolescence than rules and regulations, values are far more challenging to identify and express, and even harder to imbed authentically and sustainability within a corporate culture. Values provide the voluntary motivation for doing the right thing at the right time for the right reason, despite forces or interests that may impede or work against that, and including when taking this action requires inaction.

Therefore successful compliance professionals will rely upon the basis provided by rules, while evoking the emotional and personal appeal of values. Providing incentives for inner success and enabling individuals to make ethical decisions and act with integrity gives purpose to employees and credibility to organizations.

The below TED/TEDx talks emphasize the importance of values-led people and organizations and the ways they impact society, interpret ethics, and define success.

  • Why we need core values (James Franklin) – Similar to earlier TED/TEDx lectures shared on this blog, ethics in organizations and society in general begin with individuals. In order for individuals to define the internal moral registers and inform their ethical perspectives based upon them, they need to establish personal core values first. Adopting core values – inalienable individual ideas about right and wrong – is crucial in approaching life and work with purpose and conviction. Understanding core values helps to move on from failures productively, build on successes sustainably, and improve all relationships and ambitions. Individuals as well as the communities in which they live and organizations in which they work can all benefit from planning and mission statements which are grounded in individual articulated core values.

  • The transformative power of values at work (Mika Korhonen) – Well-meaning human resources managers and consultants can too easily lose the root of employee motivation and awareness efforts – that employees are people too. The person an employee is outside of work, and the values he or she possesses in private life, must be leveraged in the workplace to create genuine engagement in both compliance culture and in daily work in general. Leadership and growth requires resilience to change, endurance through adversity, and cultural and social flexibility. All of these competencies are grounded in personal values which are practiced and supported on a daily basis in the workplace. Creating a positive, values-based environment enables a workplace that is productive and prepared to focus on positive impact consistent with ethics and integrity.

  • Happiness – building a values led organization (Esther McMorris) – Ethical motivation is one of the distinctions between management and leadership. Managers who do not embrace a values-driven purpose do not establish credibility as leaders. On the other hand, ethical leadership that models exemplary conduct, supports integrity, and takes action against dishonesty or malfeasance, strikes an effective path toward engaged and effective management. Managers who are also leaders can approach their employees and partners with respect and purpose, allowing individuals to be true to the values that guide them. In this environment, true engagement and satisfaction is possible, giving way to happiness through values-led work

  • Values change everything (Itzhak Fisher) – Culture, values, and leadership are the foundation of all change in life, work, and society. When all three of these are approached together with a strong ethical predisposition, then the resulting change can be directed positively and productively. In instances where integrity is lacking, however, and these three forces are not in balance, then change is negative and feels disruptive, scary, and threatening. Transforming and adapting are inevitable. Surviving these, however, and sustaining through them with the individual and the organization’s identities intact, can be done in reliance upon strong values and the purpose that comes from them.

  • The power of why and value driven behavior (Martha Kold Bakkevig) – A lot of change in life and business is motivated by external forces – competitive pressures, evolving regulatory requirements, new stakeholder expectations, political or economic trends. These changes happen to, or despite, people and organizations. However, it’s also possible that these changes can come from an internal, organic motivation as well, a dedication to evolve for the sake of disrupting the status quo and servicing the values that drive one’s purpose and ambition.

Values-led people and organizations will form a culture of compliance with the strongest incentives for ethical decision-making and a prevailing emphasis on integrity, purpose, and inner success. Taken together with a strong controls framework to incorporate rules-based compliance foundations, an emphasis on values will give credibility and authenticity to corporate governance and strategy.

READ MORE

How to make voluntary engagement with compliance values meaningful

A pure rules-based approach to compliance is direct and clear-cut, but by design lacks emotional or personal engagement. Following rules of all kinds – legal, community-based, household; practical, austere, illogical – is a social norm most humans are taught from their earliest memories. Despite this, many of them do not do it very well even with the best intentions, and still more never intend to attempt adherence.

To have any expectation that rules will be credible and inspire understanding and respect, there must be an authentic and compelling “why,” a purpose that people feels relates to them and calls for their commitment. Many laws are so deeply linked to societal expectations and taboos that the majority of people do not need to be persuaded to appreciate them – restrictions against pre-meditated murder, property theft, and abuse of animals for example. Those who remain unconvinced these acts should be prohibited and punished are not likely to view violating laws as something offensive or damaging either.

Sincere attempts to reach individuals who are antipathetic toward all rules, however few or rare they may actually be in society, with a rationale rooted in values are not likely to prevail. In general a values-based approach can be very powerful and evocative, but in order for it to hold personal appeal it must strike a difficult balance between universal relatability and individual accountability. All organizations should define their values and position their strategy and public branding within that set of principles, but this is delicate. If the values are too specific then they will be exclusionary rather than engaging, appealing only to a core group of true believers rather than attracting a wider audience. If the values are too broad, however, then they will be superficial and ring empty – again preventing individuals from attaching to them and being their standard bearers.

An especially effective tactic for bridging this gap is to make corporate values a living artifact which reflect the organization as it grows and changes along with business and society. In an ambitious and forward-looking organization, the profile and strategy will evolve and so should the outlook of what matters most in defining its purpose. Using a rules-based approach to provide both the floor and the roof for the terms of the corporate mission statement, values can fill the space between and invite everyone – employees, partners, stakeholders alike – inside.

There are many mechanisms through which corporate compliance programs can appeal to employees to make the connection between rules and values. Inspiring voluntary compliance, where employees feel aware of and responsible for the values of the compliance program and connect to them individually, adds weight to the mandatory compliance expected by the rules. Increasing the relatability of the requirements with principles behind them gives people incentive to sign on and go along with the compliance program. Compliance programs can aim to encourage ongoing employee adhesion to the organization’s values-based approach in the following ways, ranging from the lightest touch to the heaviest:

  • Nudges: Simply put, make it possible for employees to make ethical choices by expressing values that promote this and building decision-points into the processes they encounter in their working experiences which reflect those values. Business strategy should coincide with business values, and if it does not, then actions such as setting new standards client acceptance or exiting and reassessing product offerings or market participation are natural consequences of trying to bring the two together. In order for employees to make choices that reflect both individual and organizational integrity, the procedures and standards within which they work should facilitate and support this type of decision-making. Doing the right thing should always be accessible and indeed prompted.
  • Codes: While nudges make values implicit and leave the decision ultimately in the employee’s hands, in codes values are explicit and expectations for adherence to them are formalized. Codes can take a variety of formats, and in some industries regulatory requirements may dictate their scope and even content, but generally speaking, the more concise and accessible the better. Employees at all levels should be able to read, understand, and engage with the code, whether it dictates ethics, conduct, or both, and they should be able to retrieve, review, and ask questions about it whenever they want. A code document should be updated on an ad-hoc basis and reviewed regularly, and it should be seen as a living record of the specific values of the organization which underlie all other policies and procedures in place.
  • Attestations: Once a code is available, employees can be asked to attest to their compliance with it. This can take a very simple form, even just a one-liner of “I attest that I have been in compliance with the requirements set forth in the Code as of the below date.” This can be done once per year (or other regular period of choice) or on an ad-hoc basis. Asking an employee to attest to adherence prompts self-reflection and may also create a space for questions or dilemma discussions, which are important tools for ensuring awareness.
  • Warnings: Warnings may sound punitive, but in reality they can just be reminders. Unlike attestations, which look backwards and ask employees to self-assess based on their past behavior, warnings would accompany present choices or activities. For example, an expense claim form might include a statement on it reminding the submitter that the data on the form should be accurately and honestly reported, and that there are certain expenses which may not be reimbursable or permitted. Providing these warnings at the time the employee is going to take action that checks compliance values brings together all the previous methods – it provides a nudge, makes expectations explicit, and directly asks the employee to consider ethical obligations when making choices in the course of the task.
  • Oaths: Oaths take the most advanced step of ensuring that employees comply with the ethical and compliance expectations of their profession by asking that they voluntarily submit to discipline should they violate these. This submission is by taking an oath and signing it, typically with witnesses and even a level of formalization or ceremony in order to underscore the significance of the commitment and the seriousness of trespassing against it with future misconduct. A very interesting example of a professional oath is the Banker’s Oath in the Netherlands, which is intended to restore trust in the financial sector and banks specifically by requiring that every Dutch employee take an oath to comply with uniform ethical guidelines. To read more about the Banker’s Oath, visit the website of the Dutch independent organization Foundation for Banking Ethics Enforcement (FBEE).

The above methods for encouraging voluntary compliance can be employed by compliance professionals simply and powerfully in routine compliance communications and awareness initiatives. Reminding employees of values – the purpose – helps to heighten the credibility and appeal of rules – the requirement – and provide a mission perspective to their engagement in the compliance program.

READ MORE

Tips for improving employee accountability in compliance programs

The most ambitious culture of compliance paired with the most robust controls framework still cannot succeed without employee adherence. Employees who don’t know the correct thing to do, or those who make an unethical or non-compliant decision despite knowing, can be addressed with awareness communication in the first case or remedial action in the second case.

However, the more frequent and challenging scenario is that employees have received information about compliance risk management priorities and ethical culture at their organization. They understand this information well enough and maybe even admire the aims of the compliance program, but there’s a problem – they don’t see themselves as having an active role in it.

The best efforts of compliance programs will always be overcome by apathetic or unengaged employees who don’t see themselves as having personal compliance responsibilities. In cybersecurity, for example, the best IT systems with the most up-to-date risk controls structure will still be defeated by an employee who falls for a phishing scheme or leaves behind an unsecured laptop in a public place. Some mistakes are unavoidable, of course, just like some risks can only be mitigated or accepted. However, many other errors, acts of misconduct, or risk factors can be prevented with the appropriate individual vigilance and diligence.

So how can a corporate compliance program emphasize to employees that individual responsibility is the fundamental defense in any risk and control framework? Too many solutions from management or consultancy rely heavily on data solutions and systems approaches to addressing compliance risk. The logic goes: failures of existing compliance programs to prevent ever-evolving fraud and misconduct are unfortunately not unusual, so why not simply blame human misjudgment or incompetence for inadequate controls and therefore just automate processes whenever possible?

The above is a cynical and defeatist attitude toward corporate compliance; if management or its advisors decides that corporate compliance will fail, then it certainly will do so. However, removing the obstacles to individual responsibility is an important step to empowering organizational integrity. Outsourcing or digitalizing analysis and advisory work is an artificial, external solution. It may expedite or simplify some aspects of working with compliance risk management, but it cannot ever be as effective as a values-based approach that creates a corporate culture where good judgment and ethical decision-making are incentivized and supported.

Indeed the first, and probably best, solution for raising the standard of compliance programs and their controls is to promote employee engagement in these across all levels of the organization. This starts with individual accountability, which compliance professionals and senior management can nudge employees toward embracing these ways:

  • Walk the walk: Senior management should weave a thread of the corporate cultural values throughout all matters that touch an employee’s working life. This needs to be consistent and visible. Communication should be simple and straightforward, practical and not preachy, but it should express and reinforce the cultural values. In HR matters, for example, transparency should be communicated and modeled. Employees must see the corporate cultural values explicitly expressed as they experience corporate administration across the organization. This brings the values from mere words to a living system in which they are participants.
  • Nudge with timely reminders: Regulatory, legal, and policy requirements change rapidly. Employees that are trained regularly should be respected for what they already know; heavy-handed instruction can be seen as condescending. However, reminders upon key messaging events (anniversaries, completion of investigations, or announcements of strategies) or updates when there are new guidelines or expectations are critical. These reminders can act as nudges toward appropriate behavior for individuals whose attention may have moved on or whose understanding was out of date.
  • Work against culture of fear: People often think about speaking up in the workplace in terms of following an internal escalation process or being a whistleblower. To some people, speaking up by challenging an established procedure or an experienced colleague may seem unprofessional or presumptuous. The possibility of being opposed or facing retribution can be very scary for employees who might want to express uncertainty or ask questions. Corporate compliance programs have a responsibility to create a culture where speaking up routinely is safe and supported. A relationship-based approach to business compliance advisory is a great first step toward combating the fear factor and helping employees to speak up to check understanding or challenge practices. Involved employees are more likely to be accountable ones.
  • Actively address accountability gaps: When it is evident that an employee or group of employees do not embrace accountability in compliance risk management, address it, but not punitively. Open discussion can be mutually beneficial. Take the opportunity to express that individual responsibility is expected, and also to listen to the limitations or uncertainties that may provide an explanation for why it’s missing.
  • Insist on consequences: Disciplinary action is never the intended outcome for any employee-management relationship. Ideally everyone would want to and be able to do the right things all the time, but clearly mistakes and misconduct happen. Good people/bad people dichotomies are classic but not necessarily helpful. In reality, it’s most important to establish from the beginning that consequences for doing the wrong thing exist and will be enforced fairly and meaningfully.

There will always be people in organizations who either are in need of training or resourcing attention (wanting to do the right thing but not being properly equipped) or people who are not cultural fits (wanting to do the wrong thing despite organizational priorities). Engaging these people where possible is critical, just as holding all others accountable for their actions and responsibilities is the frontline defense most important to compliance risk management.

READ MORE

The five branches of ethics as applied to compliance principles

Compliance and ethics are related but separate disciplines. In a professional setting each one relies heavily upon the principles and practices of the other, while still maintaining its own distinct character.

Compliance concerns not necessarily the intuitive or collective ideas about right and wrong, nor the legal bright lines about what is permissible or prohibited, but rather the decision points between all of these. The function of compliance in a practical sense is to adjust or create conditions to choices in order to analyze or bridge the gap between good and bad, yes and no. In compliance, ethics provides the values-based approach, while the legal and regulatory guidance provides the rules-based approach. The work of the compliance professional is to attempt to reconcile the two and in that work create a second set of connections, this time between that which is legally acceptable or not, and that which is deemed ethically appropriate or not.

Very simply put, ethics, on the other hand, refers to the standards of behavior by individuals or organizations and the moral principles governing the conducting of an activity by the same. This is a values-based approach to “right” and “wrong,” or what is good for people and the society in which they live and work. The concept of right and wrong behavior is fundamental to ethics and acts as a systematic discipline in order to guide decisions on how to act.

Ethics draws its foundations from five branches, each one of which is useful to inform a practical and discipline perspective for a corporate compliance program.

  • Normative ethics contemplates the questions which arise in consider how one should act morally, in line with the norms and expectations of society or a community/organization in which the actions are taken. What are the different interests at stake and what are the potential consequences and outcomes of the possible actions to be taken? This view is very helpful in ethical decision-making and designing defense strategies to encourage identifying and choosing good decisions while discouraging and removing incentives or rationales for bad decisions.
  • Meta ethics focuses on what morality actually is and means – in general as well as in context. This involves the careful analysis of the level of understanding about moral considerations as well as an analysis of the situational status and scope of it. This approach is imperative for defining a values-based culture and corresponding corporate identity and business strategy. These values must be organic and intrinsic from the beginning in order for them to truly imbed as genuine. If they are imposed upon the business culture with no respect for what original standards were set for the organization at its inception, then a values-based approach to a culture of compliance will not permeate the company’s actions- customer service, product design, hiring and retaining employees – and a strong tone at the top cannot succeed.
  • Applied ethics goes in-depth into the practicality of really using ethical theory in order to analyze actual moral issues in both private and public life. The practical skills inherent for this discipline are incredibly useful for creating the dialogs that support compliance awareness. Taking a critical look at real-life moral issues that would be encountered in one’s personal time or on an everyday basis at work is a very useful way to get comfortable with approaching ethical dilemmas. Dilemma analysis and discussion is key for encouraging a robust culture of compliance at all organizational levels.
  • Moral ethics is the philosophical area of ethics that centers on defining, choosing, and suggesting behavior with classifications of “right” and “wrong” in mind. This practice is the most directly influential in determining standards and expectations for conduct. Elevating moral conduct by clearly defining it as a corporate cultural norm is imperative for encouraging employees to value it as such as well. Senior leadership should genuinely demonstrate this as well, acting as good conduct role models to embody the cultural values and categorizations for understanding the difference between right and wrong and making good choices within that dichotomy.
  • Finally, descriptive ethics is the study of attitudes of individuals or groups of people aimed at characterizing and understanding their beliefs. The objectives of this branch of ethics are very important for compliance risk management because they help to expose heuristics and routines in play that may encourage or hinder ethical decision-making and the cultivation of strong compliance themes within the corporate values. This is crucial for providing positive support for organizational and employee integrity.

Given the above, there are great affinities between the principles of ethics and those of compliance. The two disciplines share prolifically in their application in life in general and specifically in the workplace. It is very useful for compliance professionals to have some foundation in the discipline of ethics and an understanding of the practical application of its system of principles.

READ MORE

Using ethical dilemmas for creating a compliance training dialog

For effective compliance training, learners must be prepared to discuss and challenge dilemmas independently and with others. The details of specific policies, directives, and regulations can quickly become very dry and irrelevant, whether the audience is made up of compliance officers, senior managers, or new starters. To prevent topic fatigue and keep important compliance training vivid and engaging for those attending awareness sessions, it is important to encourage discussion. An active participant will think, care, and learn more than one who is just watching the clock for the end of the program.

One way to spark discussion that can be employed at all levels is using ethical dilemmas. This is effective either as a stand-alone program, where attendees are introduced to ethical dilemmas and spend time in groups discussing their ideas and views, or as an icebreaker to a content session, to grab the audience’s attention and test their knowledge from the beginning. This can provide an approach to then thinking about the practical handling of compliance subject which is both easy and enjoyable.

Considering and responding to ethical dilemmas helps learners to build fluency with ethical decision-making and evaluating potential conflicts of interest, especially in balance with their own possible interests. Giving meaning to the impact of behavior and choice is significant for establishing cultural values that emphasize individual responsibility and integrity. Dilemma analysis involves several simple but thought-provoking steps following the prompt:

  • What is the ethical question?
  • What personal values are relevant in considering this ethical question?
  • Who are the parties with interests in this dilemma?
  • What are their interests and how do they conflict?
  • How can the ethical question be answered and what are the potential consequences?
  • What is the decision in response to the ethical question?
  • Is the choice that came from the decision-making process of the dilemma possible/practical to do in light of all considerations and consequences?

Ethical dilemmas used as such for prompts in compliance training should be universal and straightforward. In general, dilemmas used to teach this style of thinking to beginners or to instigate audience participation in at the start of a session should not focus on specific employee responsibilities or business functions. For very advanced and targeted audiences it may be acceptable to give a anonymized example of a dilemma they may come across in their work, but for the most part, daily life dilemmas are more relatable and more fun to discuss, regardless of the experience level of the participants.

Some examples of simple dilemmas that can be analyzed as described are:

  • You are meeting some friends at a standing room-only concert and arrive late. As you approach the venue you walk past your friends, who are got there early and are waiting near the front of the line. They tell you they have been there for almost two hours and invite you to join them where they are in the line, even though the end of the line is very far behind them.
  • Your company has been considering some wellness initiatives to offer to employees as benefits but hasn’t contacted any providers yet. Your roommate just finished yoga teacher training and wants to get experience as a corporate instructor.
  • You are taking an exam after studying hard for days to prepare and attending every class the entire term. However, you woke up this morning with a terrible cold and can’t focus. You know the professor will not allow a rescheduled or make-up test. There is no proctor in the room and you have all of your course material with you.
  • You and your partner have a joint bank account where you are both named. Your partner is one week into a two week trip abroad when a letter comes from the bank. You have to fill out and return a form with both your and your partner’s signatures. If you don’t return the form within two business days you will not be able to use your credit card.
  • You are taking your relative to an urgent doctor’s appointment. The parking lot is quite busy but all three of the parking spots designated for disabled drivers are empty. Your relative has no problem walking, but you are already five minutes late for the appointment.

Choosing simple prompts like the ones suggested above will allow the learners to be more creative and perhaps to even engage in discussion with themselves. The facts may be straightforward, but the huge array of perspectives and outcomes that people can suggest is always impressive. By keeping the dilemma prompt at a level everyone can understand regardless of his or her own background and initial interest, the dialog can be truly inclusive. This allows the person who is running the training session to fall into the role of a true facilitator, which offers the enriching experience of watching individuals converse organically on these provocative questions.

READ MORE

Communication strategies for increasing employee engagement in compliance programs

Every compliance professional’s strategic annual plan will include seeking increased employee engagement in and attention to the organization’s compliance program. Communication strategies must be carefully devised with the goal in mind of making compliance vivid and interesting to employees. The compliance message can quickly become routine and dry: sign an attestation, request pre-approval, complete a checklist. This sort of messaging alienates employees rather than engaging them. They have only a small function in the compliance operations this way. Nothing is learned or shared, they are just doing a “tick the box” type exercise.

Instead, the true aspiration of the compliance messaging is that employees take interest, learn something new, ask questions, and feel connected to the story of the organization’s compliance program. This is accomplished via effective and appealing communication that speaks to all audiences and sets a new, compelling tone.

  • Key moment messaging: Compliance is highly relatable to current events and new stories. Therefore compliance communications should take full advantage of key moment messaging opportunities. Relate communication topics to outside events to make the objectives of the compliance program even more concrete. For example, if there is a major earthquake somewhere in the world and your office is located in Southern California, take that opportunity to engage with employees about disaster recovery and business continuity policies and procedures. Their interest will already be heightened and the necessity of the information will be at its most tangible.
  • Positive reinforcement: Start with a kudos, congratulations, or positive sentiment. Any action that needs to be taken or improvement that needs to be made based upon the communication will be much better received if the message gets off to a welcoming start. Set a productive tone by thanking employees for their participation in the last request or calling out good insights or high engagement. Then build off that encouragement to bring in the next steps needed and issue the call to action.
  • Branding: Branding and marketing are now important considerations across all business lines and functions. Compliance is not immune to this, as messages from so many sources fight among themselves for precious attention and airtime from employees. Therefore compliance professionals must carefully consider branding options that will maintain the substantive content of their communications yet be adequately branded to be appealing. Using humor or a catchy, fun theme to introduce the communication, before getting to the meat of the message, can provoke curiosity and prompt engagement. Don’t take it too far and make it a joke – but a little bit of amusement can go a long way.
  • Give visuals/shortcuts: On a similar note, think about making simple takeaways from the communication, however complex its overall message. One way to do this is to provide a visual, like an example of a new form that has to be filled as standard procedure, or a chart showing results on an initiative over previous periods and projected future results. If a visual is not applicable, try using acronyms or slogans that will work as mnemonics to help people remember your message and keep the meaning in mind.
  • Make it interactive: The best way to engage employees in compliance communications is to concretely incorporate them in it. Make the messages interactive for them. Ask an open-ended question and promote any responses received so that employees know the request for input is credible. Take a poll or offer a quiz. This way, employees can share in the mission and the effort by weighing in themselves, which allows them to personalize the message and be more likely to remember it.

To interest and appeal to all employees, compliance communications should not be generic or routine. Taking advantage of opportunities to make compliance relatable, and capitalizing on human interest or emotional connections that can be made, will help to make the mission of the compliance program much more interesting and effective.

READ MORE

The Office and culture of non-compliance

The Office is a very popular US television comedy series, based on a UK series of the same name. It follows the daily lives of the employees working in the Scranton branch office of a paper company. Filmed as a “mockumentary,” to imitate the style of a documentary, the show features many “interviews” with the employees and management. While it does address things in their private lives and personal relationships between the characters, most of the action of the show occurs in the workplace and is based around the dynamic of the characters as colleagues and employees.

In this light, the show offers many interesting insights and tropes about the experiences of working in a small or branch office, with an eccentric boss and idiosyncratic colleagues, dealing with policies from head office and the challenges of working together effectively. Scenarios relevant to compliance are touched upon often in the series, frequently showing examples of very poor management practices or problematic cultural values.

  • “Sexual Harassment” (Season 2, Episode 2): In this episode, the office’s HR personnel are providing sexual harassment refresher training and reviewing policies after an incident at corporate headquarters. Instead of setting a tone at the top to reinforce how important a respectful and safe working environment should be, and how inappropriate harassing behavior of any kind is, the manager Michael Scott has a tantrum and makes light of the importance of the policies. He never embraces his duty as a leader to model positive behavior; even when he defends one of his staff against the rude joke of another, it is accompanied by an improper comment of his own, as he misses the opportunity to step up and reinforce a culture of compliance.

 

  • “WUPHF.com” (Season 7, Episode 9): In the cold open of this episode, the power goes out in the office and the server goes down. Instead of having reliable disaster recovery procedures on hand or a controls framework that would enable business continuity in this sort of situation, the staff must resort to guessing the password as a group. Obviously this is not advisable in light of critical cybersecurity concerns which face all businesses today, especially small offices such as this one which might be assumed to have weaker controls and be targeted by intruders hoping to gain access to the larger company network.

 

Actually, the “WUPHF.com” episode, in its entirety, is another good example of poor compliance practices. Ryan Howard, with Michael’s encouragement and financial backing, claims that he has devised a web-based messaging system called WUPHF.com. In reality, Ryan is committing a fraud, in that the website does not function (despite his attempts to advertise to the contrary) and the only purpose for it is to try to sell off the domain name. Instead of uncovering and disclosing this fraud, and protecting the other investors, Michael backs Ryan. Though he later withdraws his support for Ryan, the fraud is allowed to continue because Michael does not step up and see beyond the conflict of interest posed by his personal relationship with Ryan in order to act on behalf of the investors as he could do.

 

  • Scott’s Tots (Season 6, Episode 12): In surely one of the more cringe-worthy moments for Michael Scott – that’s saying a lot – he fails to keep the promise he made years before to pay college tuition for a group of lower-income children. Upon their high school graduation, he must confess that he has not upheld the duty to them that he created with his promise. Instead, he apologies and tries to give them batteries as a conciliatory gesture. Apart from the terrible awkwardness of the concept itself (this episode aired in December 2009, deep within the global financial crisis, an uncomfortable time to try to address financial fraud humorously), it’s unfortunate, and a sign of weak leadership, that Michael doesn’t seem to acknowledge at all the reliance upon his integrity he created by making that commitment.

 

  • The Incentive (Season 8, Episode 2): In the absence of Michael Scott, his former employee and now new office branch manager Andy Bernard is proving that the apple doesn’t fall far from the tree when it comes to insufficiently ethical leadership. Andy finds himself at a loss for how to motivate his employees and decides to create a points-based incentive system to encourage their performance. Rather than appealing to their values or accepting lower performance in exchange for more sustainable and strategic efforts, Andy chooses a management method which will yield only short-term, temporary improvement or engagement.

From the above it is abundantly clear that The Office does not depict a corporate culture of compliance or a values-based approach to business strategy. Rather, it shows a company that is run, at least in the Scranton branch, with an ethos of non-compliance in the workplace.

READ MORE