A pure rules-based approach to compliance is direct and clear-cut, but by design lacks emotional or personal engagement. Following rules of all kinds – legal, community-based, household; practical, austere, illogical – is a social norm most humans are taught from their earliest memories. Despite this, many of them do not do it very well even with the best intentions, and still more never intend to attempt adherence.
To have any expectation that rules will be credible and inspire understanding and respect, there must be an authentic and compelling “why,” a purpose that people feels relates to them and calls for their commitment. Many laws are so deeply linked to societal expectations and taboos that the majority of people do not need to be persuaded to appreciate them – restrictions against pre-meditated murder, property theft, and abuse of animals for example. Those who remain unconvinced these acts should be prohibited and punished are not likely to view violating laws as something offensive or damaging either.
Sincere attempts to reach individuals who are antipathetic toward all rules, however few or rare they may actually be in society, with a rationale rooted in values are not likely to prevail. In general a values-based approach can be very powerful and evocative, but in order for it to hold personal appeal it must strike a difficult balance between universal relatability and individual accountability. All organizations should define their values and position their strategy and public branding within that set of principles, but this is delicate. If the values are too specific then they will be exclusionary rather than engaging, appealing only to a core group of true believers rather than attracting a wider audience. If the values are too broad, however, then they will be superficial and ring empty – again preventing individuals from attaching to them and being their standard bearers.
An especially effective tactic for bridging this gap is to make corporate values a living artifact which reflect the organization as it grows and changes along with business and society. In an ambitious and forward-looking organization, the profile and strategy will evolve and so should the outlook of what matters most in defining its purpose. Using a rules-based approach to provide both the floor and the roof for the terms of the corporate mission statement, values can fill the space between and invite everyone – employees, partners, stakeholders alike – inside.
There are many mechanisms through which corporate compliance programs can appeal to employees to make the connection between rules and values. Inspiring voluntary compliance, where employees feel aware of and responsible for the values of the compliance program and connect to them individually, adds weight to the mandatory compliance expected by the rules. Increasing the relatability of the requirements with principles behind them gives people incentive to sign on and go along with the compliance program. Compliance programs can aim to encourage ongoing employee adhesion to the organization’s values-based approach in the following ways, ranging from the lightest touch to the heaviest:
- Nudges: Simply put, make it possible for employees to make ethical choices by expressing values that promote this and building decision-points into the processes they encounter in their working experiences which reflect those values. Business strategy should coincide with business values, and if it does not, then actions such as setting new standards client acceptance or exiting and reassessing product offerings or market participation are natural consequences of trying to bring the two together. In order for employees to make choices that reflect both individual and organizational integrity, the procedures and standards within which they work should facilitate and support this type of decision-making. Doing the right thing should always be accessible and indeed prompted.
- Codes: While nudges make values implicit and leave the decision ultimately in the employee’s hands, in codes values are explicit and expectations for adherence to them are formalized. Codes can take a variety of formats, and in some industries regulatory requirements may dictate their scope and even content, but generally speaking, the more concise and accessible the better. Employees at all levels should be able to read, understand, and engage with the code, whether it dictates ethics, conduct, or both, and they should be able to retrieve, review, and ask questions about it whenever they want. A code document should be updated on an ad-hoc basis and reviewed regularly, and it should be seen as a living record of the specific values of the organization which underlie all other policies and procedures in place.
- Attestations: Once a code is available, employees can be asked to attest to their compliance with it. This can take a very simple form, even just a one-liner of “I attest that I have been in compliance with the requirements set forth in the Code as of the below date.” This can be done once per year (or other regular period of choice) or on an ad-hoc basis. Asking an employee to attest to adherence prompts self-reflection and may also create a space for questions or dilemma discussions, which are important tools for ensuring awareness.
- Warnings: Warnings may sound punitive, but in reality they can just be reminders. Unlike attestations, which look backwards and ask employees to self-assess based on their past behavior, warnings would accompany present choices or activities. For example, an expense claim form might include a statement on it reminding the submitter that the data on the form should be accurately and honestly reported, and that there are certain expenses which may not be reimbursable or permitted. Providing these warnings at the time the employee is going to take action that checks compliance values brings together all the previous methods – it provides a nudge, makes expectations explicit, and directly asks the employee to consider ethical obligations when making choices in the course of the task.
- Oaths: Oaths take the most advanced step of ensuring that employees comply with the ethical and compliance expectations of their profession by asking that they voluntarily submit to discipline should they violate these. This submission is by taking an oath and signing it, typically with witnesses and even a level of formalization or ceremony in order to underscore the significance of the commitment and the seriousness of trespassing against it with future misconduct. A very interesting example of a professional oath is the Banker’s Oath in the Netherlands, which is intended to restore trust in the financial sector and banks specifically by requiring that every Dutch employee take an oath to comply with uniform ethical guidelines. To read more about the Banker’s Oath, visit the website of the Dutch independent organization Foundation for Banking Ethics Enforcement (FBEE).
The above methods for encouraging voluntary compliance can be employed by compliance professionals simply and powerfully in routine compliance communications and awareness initiatives. Reminding employees of values – the purpose – helps to heighten the credibility and appeal of rules – the requirement – and provide a mission perspective to their engagement in the compliance program.