Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Ethical decision-making and hard choices

Encouraging ethical decision-making is one of the main aspirations of any corporate compliance program.  At both the employee and organizational level, it’s important to support and promote the choices that are most consistent with both explicit rules and implicit values.   Individuals and corporations can demonstrate their principles-based identity through the choices they make.

Genuine commitment to making the most ethical decisions through the complex environment of inadequate information, lack of connection to consequences, competing interests, and limitations of belief systems/choice frameworks – just to name a few of the many risks inherent – is a critical component of a culture of compliance.  Individual persistence to honor internal codes of ethics and moral convictions will scale up to create heuristics and habits across the organization that support responsibility and thoughtfulness rather than a culture of fear and habits reflecting limited vision.


Ben & Jerry’s CSR origins

Corporate culture is most effective when it Is part of the organization’s origins. Compliance by force can never be fully effective at risk control or influencing corporate values. While organizations can and should always be looking to improve their standards and frameworks for compliance risk management, the most successful compliance programs will be rooted in the native culture of the company. For this reason thinking of compliance fundamentals from the beginning (such as described in this post or this post about start-ups, this post about founder-led business, or this post about small businesses) wherever possible gives the greatest chance of imbedding an authentic and engaging culture of compliance.

The above is especially true from a corporate social responsibility (CSR) perspective. CSR values adopted purely and un-authentically, just for competitive advantage or public relations attention, will not be convincing to all consumers or stakeholders, and therefore will not be sustainable. Companies that have some relation to or interest in political issues or social justice should recognize this early and often and incorporate activism and engagement into their company mission statements and values.


Tony’s Chocolonely and a Roadmap for CSR principles

The chocolate business has long been plagued with associations with slavery and child labor. In the countries where manufacturers buy their cocoa beans, trading companies and farmers traditionally have engaged in exploitative and unfair business practices both between each other and in employing the work of slaves, many of them children. Chocolatiers have even claimed that producing chocolate without the use of slave labor at some point in the supply chain, however remote, is impossible to prove or accomplish. Instead, the industry has focused on shifting risk or responsibility for the use of slave labor or abusive trade partnerships by moving these decisions and relationships to third parties and offering ignorance or lack of control as a defense.

Tony’s Chocolonely, a Dutch confectionary company, offers an intriguing alternative to and challenge within this market. The eponymous Tony is actually Teun van de Keuken, a Dutch investigative reporter. In 2002, van de Keuken was working on a project about chocolate manufacturers. He determined that none of the manufacturers he studied that had signed the 2001 Harkin-Engel (aka Cocoa) Protocol, an international agreement intended to end child and forced labor in chocolate production, were in full compliance with the protocol’s requirements. Therefore, all the chocolate for sale by those candy companies (including Hershey’s, M&M Mars, Nestle, and Guittard) was, in van de Keuken’s view, an illegally-manufactured product.


Compliance challenges for start-ups in disruptive industries

In today’s fast-paced business world of innovation and advanced technologies, every company seems to offer the next in-demand disruption. Ever since the days of the dot-com boom and bust in the late 1990s and early 2000s, in the infancy of e-commerce and internet-based or networked products and services, companies have been striving to identify revolutionary items and ideas to market to consumers eagerly awaiting the next life-changing thing to buy. Start-ups in Silicon Valley and entrepreneurial communities all over the world want to develop the next iPhone that will transform every aspect of modern human life. Companies that provide services instead of making products all want to be the next Airbnb, the Uber of their industries, and so on.

But are those companies, and those goals of disruption for the sake of itself, anything to which companies should aspire? Companies in all business sectors are trying to emulate technology companies, and they may not be the best role models in terms of regulatory compliance, risk control frameworks, and business integrity fundamentals. Disruption and sustainability aren’t necessarily mutually exclusive, but many of the companies that were visible pioneers in the current wave of technological innovation and development cut ethical or foundational corners to focus on growth, sales, and branding. Companies in the new generation which seek to copy their success and single-minded commercial focus will run into legal and supervisory obstacles sooner rather than later, now that their predecessors have overstayed the honeymoon period of lax regulatory attention and are running afoul of legal, tax, and compliance concerns all over the world.

The start-up community’s response to public exposure of fraudulent or insufficient business practices – such as companies buying their own products to falsify sales success for partners and investors, or violating straightforward business operations rules like participating in mandatory state insurance programs to maintain company licensure – is to go on the defensive and blame the media. Worse yet, they want to claim stand-out corporate misconduct from their start-up peers are the exception, not the rule, and distance themselves from it, without doing any self-examination or risk assessment to feed-forward into their own continuous improvement.

However, the venture capital firms that are keeping these start-up companies striving toward their disruptive ambitions have a fiduciary duty to their funders to contain reputational risk that could stem from these companies’ public relations and legal problems. The “bad apples” theory cannot win the day in identifying why so much goes so wrong at so many start-ups that were once ambitious and backed by prestigious funders and now have failed, and are being sued by fraud, investigated for investor abuse, accused of forgery or inappropriate accounting practices, and have otherwise missed out on reaching disruption and instead fallen into disrepute.

In any business dominated by private companies getting rich quick, delving into areas which are within loopholes or blind-spots to current legal and regulatory enforcement agendas, transparency is the victim to innovation and doing things the right way, with respect to ethical concerns or compliance requirements that could pop up further down the road from the beginning, is subverted in favor of making money, attracting more investors, and bringing a product or service to market first and with the most attention. “Fake it till you make it” is a toxic approach to management and is no kind of leadership whatsoever. Ignoring legal and regulatory requirements cannot go on forever, as the many bans and service stoppages Uber has experienced in the last year well show. Companies may be able to grow quickly this way, but they cannot keep their business running or have much hope of holding onto their ill-gotten gains unless they tread carefully with regulators and supervisors from the start.

The cultural forces at work here are strong, and disconcerting. Founders with no experience as CEOs and even less experience as functional managers or ethical leaders are given millions of dollars by investors and pressured to be geniuses, redefine business and whatever it is they have to offer to the market in everything they ever do, and succeed at all costs. Liberties are taken, misrepresentations are made, and not every brilliant troublemaker with a crazy idea and a team of engineers turns out to be any good at actually running a legal, functioning, mature business.

The hope, supposedly, is that people will merely bend or flaunt the rules, and not break them, but who’s making the distinction? The moral hazard is great of creating an incentive for behavior that would even lead incrementally to a company that is not in simple compliance with the legal requirements for operating a business in the city, state, or country where it is located. Cautious onlookers assume that maybe if a few corners are cut at the beginning when things are small, it will all work out okay because by the time the company gets big, someone who likes paperwork or understands laws will stumble along and lend a hand. This is immature and short-sighted thinking.

Even if some philanthropic compliance officer did intervene, it would be too late to fix the cultural decay that grows at companies that do not have adequate business values and controls from the beginning. When people ask how it’s possible that business fraud and misconduct went on for years at some companies, or permeated every level of the organization seemingly without detection or interruption – this values void is the answer. To avoid a culture where cheating, misrepresenting, and making unethical decisions are all common, the foundations of the company must include cultural values where that conduct is expressly defined as unacceptable, and business governance structures to prevent, identify, and punish it when it happens.

For more on the challenges to ethical decision-making, and pitfalls for fraud and non-compliance, faced by start-ups, especially in the highly competitive advanced technology world of Silicon Valley, check out this article in Fortune from December 2016:  The Ugly Unethical Underside of Silicon Valley.

For further thoughts on the challenges that start-ups and emerging enterprises face with prioritizing compliance risk management, see this post on Tinder’s corporate culture and the role compliance can play in fostering professionalism in start-ups.  For practical tips, check out this post on compliance foundation must-haves for small businesses. And, check back next Wednesday, January 3, for a post on inexperienced (even if visionary) CEOs and the immature compliance cultures they cultivate by omission.


Selected TED/TEDx talks on values-led people and organizations

A successful and robust corporate compliance and ethics program will have a blended focus on rules-based and values-based controls. Taking an integrated approach to performance and conduct is necessary in order to facilitate awareness of and adherence to compliance risk management efforts and expectations. Rules and values cannot be separated, and should indeed be balanced together to make the most compelling call to action by employees and management.

Legal and regulatory guidelines and company policies and procedures form a clear foundation for the rules and make up the structural, mandatory portion of a compliance program. Deriving this from external and internal requirements is somewhat straightforward and can be accomplished with methodical planning and continuous updating and education.

Values, on the other hand, form the ethics discipline and come from the moral codes of individuals and the commitments to integrity made by the organizations within which they work. While more resistant to obsolescence than rules and regulations, values are far more challenging to identify and express, and even harder to imbed authentically and sustainability within a corporate culture. Values provide the voluntary motivation for doing the right thing at the right time for the right reason, despite forces or interests that may impede or work against that, and including when taking this action requires inaction.

Therefore successful compliance professionals will rely upon the basis provided by rules, while evoking the emotional and personal appeal of values. Providing incentives for inner success and enabling individuals to make ethical decisions and act with integrity gives purpose to employees and credibility to organizations.

The below TED/TEDx talks emphasize the importance of values-led people and organizations and the ways they impact society, interpret ethics, and define success.

  • Why we need core values (James Franklin) – Similar to earlier TED/TEDx lectures shared on this blog, ethics in organizations and society in general begin with individuals. In order for individuals to define the internal moral registers and inform their ethical perspectives based upon them, they need to establish personal core values first. Adopting core values – inalienable individual ideas about right and wrong – is crucial in approaching life and work with purpose and conviction. Understanding core values helps to move on from failures productively, build on successes sustainably, and improve all relationships and ambitions. Individuals as well as the communities in which they live and organizations in which they work can all benefit from planning and mission statements which are grounded in individual articulated core values.

  • The transformative power of values at work (Mika Korhonen) – Well-meaning human resources managers and consultants can too easily lose the root of employee motivation and awareness efforts – that employees are people too. The person an employee is outside of work, and the values he or she possesses in private life, must be leveraged in the workplace to create genuine engagement in both compliance culture and in daily work in general. Leadership and growth requires resilience to change, endurance through adversity, and cultural and social flexibility. All of these competencies are grounded in personal values which are practiced and supported on a daily basis in the workplace. Creating a positive, values-based environment enables a workplace that is productive and prepared to focus on positive impact consistent with ethics and integrity.

  • Happiness – building a values led organization (Esther McMorris) – Ethical motivation is one of the distinctions between management and leadership. Managers who do not embrace a values-driven purpose do not establish credibility as leaders. On the other hand, ethical leadership that models exemplary conduct, supports integrity, and takes action against dishonesty or malfeasance, strikes an effective path toward engaged and effective management. Managers who are also leaders can approach their employees and partners with respect and purpose, allowing individuals to be true to the values that guide them. In this environment, true engagement and satisfaction is possible, giving way to happiness through values-led work

  • Values change everything (Itzhak Fisher) – Culture, values, and leadership are the foundation of all change in life, work, and society. When all three of these are approached together with a strong ethical predisposition, then the resulting change can be directed positively and productively. In instances where integrity is lacking, however, and these three forces are not in balance, then change is negative and feels disruptive, scary, and threatening. Transforming and adapting are inevitable. Surviving these, however, and sustaining through them with the individual and the organization’s identities intact, can be done in reliance upon strong values and the purpose that comes from them.

  • The power of why and value driven behavior (Martha Kold Bakkevig) – A lot of change in life and business is motivated by external forces – competitive pressures, evolving regulatory requirements, new stakeholder expectations, political or economic trends. These changes happen to, or despite, people and organizations. However, it’s also possible that these changes can come from an internal, organic motivation as well, a dedication to evolve for the sake of disrupting the status quo and servicing the values that drive one’s purpose and ambition.

Values-led people and organizations will form a culture of compliance with the strongest incentives for ethical decision-making and a prevailing emphasis on integrity, purpose, and inner success. Taken together with a strong controls framework to incorporate rules-based compliance foundations, an emphasis on values will give credibility and authenticity to corporate governance and strategy.


7 Habits for compliance professionals

Stephen R. Covey was one of the most prominent authors of leadership, self-improvement, and motivational books and speeches of the 20th century. Though the businessman, author, educator, and speaker passed away in 2012, his well-known writings are still influential and insightful for the current generation of managers, students, and thinkers. The teachings from Covey’s books can be applied in many fields of life – business, family, religion, and community, lending heavily to his continued popularity with a wide variety of people. Not simply positioned as self-help, Covey emphasized ethics and distinct definitions of both values and principles, as separate concepts that independently influence people’s behaviors and decision-making.

Due to these emphases, Covey’s writing is specifically interesting and useful for compliance professionals looking for a novel way to approach imbedding into a corporate culture both individual values – which one could see as ethics or morality – and organizational principles – which one could see as compliance program requirements and goals. Covey’s teachings often touch upon the value of inner success, rejecting external competitive measures as the true sign of achievement in favor of emphasizing personal mission statements and progressive goal-setting to allow an individual or an organization to go from immature dependence, through self-sufficient independence, into the higher state of functioning interdependence with others. This strategic vision has a high affinity with the sort of planning compliance officers must do to encourage a successful culture of compliance.

Arguably, Covey’s best-known book is the worldwide best-seller The 7 Habits of Highly Effective People. This book is not only a worldwide best-seller that gains new fans every year for its simple and timeless insights on how to work toward, achieve, and sustain inner success, but it is also the Covey book which is most applicable for compliance professionals to study and take into consideration in the course of their work.

Taken individually, each of the 7 Habits endorses values and principles and encourages conduct in support of those, which are useful for compliance risk awareness both in planning program priorities by the compliance officer as well as encouraging awareness and fostering integrity for individuals and organizations.

Steven R. Covey’s famous 7 Habits, annotated with suggestions for their applicability to corporate compliance and ethics programs, are as follows:

  1. Be Proactive – This is the first of three Habits that focus on maturing from dependence to independence, a process also referred to by Covey as self-mastery. This Habit introduces the concepts of Circle of Influence, one’s effective community – in a business perspective, partners, stakeholders, and clients or served parties – and Circle of Concern, where problems happen and dysfunction or distrust can stymy success and achievement.
  2. Begin with the End in Mind – Simply put, this Habit calls upon individuals and organizations to be devoted planners. Once the plan is set, apply with dedication to following it, in on-going and careful review of its efficacy and currency. Planning is a fundamental component of any successful compliance program. Setting goals and priorities for the program is necessary to encourage informed business buy-in and checking these goals and priorities on a continuous basis helps to keep them grounded in reality and responsive to evolving business and regulatory demands.
  3. Put First Things First – This Habit identifies the difference between leadership and management, a crucial dichotomy for the encouragement of both ethical leadership and adequate supervision, which are equally necessary in order to model conduct expectations and ensure progress in one’s mission. Covey says that leadership in society requires personal vision and for the individual to embrace the importance of character ethic, or internal personal qualities such as ethics, honesty, and loyalty, rather than personality ethic, or external personal qualities such as popularity or other short-term human interaction traits.
  4. Think WinWin – This is the first of three Habits that focus on interdependence, offering tips for working with others. In a service function such as compliance, working together effectively to establish a consistent and open relationship-based approach to risk management is crucial. Likewise, it is important for individuals to appreciate the importance of interdependence also, to see that their individual actions are significant in the overall scheme of the compliance program and to appreciate the importance of accountability, driving them to discuss dilemmas and enhance understanding. Finally, from an organizational perspective interdependence is also very important, driving home the cultural significance of corporate social responsibility and even political engagement in establishing corporate values and creating an identity and purpose in society.
  5. See First to Understand, Then to be Understood – This Habit focuses on the importance of listening for genuine understanding in order to build trust and promote personal credibility. Of particular importance are the Greek philosophy concepts of Ethos, the trust individuals inspire or in Covey’s words their Emotional Bank Accounts; Pathos, aligning and communicating with others and their own emotional trust; and Logos, the reasoning that must be included in communicating with and considering the trustworthiness of others, while projecting your own. Check back in the future for an blog post dedicated to the important concept of Emotional Bank Accounts.
  6. Synergize – This Habit reinforces the key interdependent competency of teamwork. Set goals together and achieve and maintain them together as well. In compliance terms, establishing trust and transparency as key values requires a cooperative commitment to supporting these individual values in the organizational principles that are established, be it via a corporate mission statement or through business strategy and growth plans.
  7. Sharpen the Saw – This final Habit focuses on personal and interpersonal continuous improvement. Balance is key to contended success in both life and business; no achievement attained with disrespect for resources it requires can be sustainable. In order to be truly successful, renewal and sustainability are the most important priorities. Continuous improvement for a compliance program or a company’s corporate values requires continuing risk re-assessments and a rolling plan for how to implement and refine compliance planning and communication.

For an in-depth look at Stephen R. Covey’s work and legacy, check out this official website maintained by the Covey Family. And for an entertaining take on the book, watch this animated book review of The 7 Habits of Highly Effective People.


How to make voluntary engagement with compliance values meaningful

A pure rules-based approach to compliance is direct and clear-cut, but by design lacks emotional or personal engagement. Following rules of all kinds – legal, community-based, household; practical, austere, illogical – is a social norm most humans are taught from their earliest memories. Despite this, many of them do not do it very well even with the best intentions, and still more never intend to attempt adherence.

To have any expectation that rules will be credible and inspire understanding and respect, there must be an authentic and compelling “why,” a purpose that people feels relates to them and calls for their commitment. Many laws are so deeply linked to societal expectations and taboos that the majority of people do not need to be persuaded to appreciate them – restrictions against pre-meditated murder, property theft, and abuse of animals for example. Those who remain unconvinced these acts should be prohibited and punished are not likely to view violating laws as something offensive or damaging either.

Sincere attempts to reach individuals who are antipathetic toward all rules, however few or rare they may actually be in society, with a rationale rooted in values are not likely to prevail. In general a values-based approach can be very powerful and evocative, but in order for it to hold personal appeal it must strike a difficult balance between universal relatability and individual accountability. All organizations should define their values and position their strategy and public branding within that set of principles, but this is delicate. If the values are too specific then they will be exclusionary rather than engaging, appealing only to a core group of true believers rather than attracting a wider audience. If the values are too broad, however, then they will be superficial and ring empty – again preventing individuals from attaching to them and being their standard bearers.

An especially effective tactic for bridging this gap is to make corporate values a living artifact which reflect the organization as it grows and changes along with business and society. In an ambitious and forward-looking organization, the profile and strategy will evolve and so should the outlook of what matters most in defining its purpose. Using a rules-based approach to provide both the floor and the roof for the terms of the corporate mission statement, values can fill the space between and invite everyone – employees, partners, stakeholders alike – inside.

There are many mechanisms through which corporate compliance programs can appeal to employees to make the connection between rules and values. Inspiring voluntary compliance, where employees feel aware of and responsible for the values of the compliance program and connect to them individually, adds weight to the mandatory compliance expected by the rules. Increasing the relatability of the requirements with principles behind them gives people incentive to sign on and go along with the compliance program. Compliance programs can aim to encourage ongoing employee adhesion to the organization’s values-based approach in the following ways, ranging from the lightest touch to the heaviest:

  • Nudges: Simply put, make it possible for employees to make ethical choices by expressing values that promote this and building decision-points into the processes they encounter in their working experiences which reflect those values. Business strategy should coincide with business values, and if it does not, then actions such as setting new standards client acceptance or exiting and reassessing product offerings or market participation are natural consequences of trying to bring the two together. In order for employees to make choices that reflect both individual and organizational integrity, the procedures and standards within which they work should facilitate and support this type of decision-making. Doing the right thing should always be accessible and indeed prompted.
  • Codes: While nudges make values implicit and leave the decision ultimately in the employee’s hands, in codes values are explicit and expectations for adherence to them are formalized. Codes can take a variety of formats, and in some industries regulatory requirements may dictate their scope and even content, but generally speaking, the more concise and accessible the better. Employees at all levels should be able to read, understand, and engage with the code, whether it dictates ethics, conduct, or both, and they should be able to retrieve, review, and ask questions about it whenever they want. A code document should be updated on an ad-hoc basis and reviewed regularly, and it should be seen as a living record of the specific values of the organization which underlie all other policies and procedures in place.
  • Attestations: Once a code is available, employees can be asked to attest to their compliance with it. This can take a very simple form, even just a one-liner of “I attest that I have been in compliance with the requirements set forth in the Code as of the below date.” This can be done once per year (or other regular period of choice) or on an ad-hoc basis. Asking an employee to attest to adherence prompts self-reflection and may also create a space for questions or dilemma discussions, which are important tools for ensuring awareness.
  • Warnings: Warnings may sound punitive, but in reality they can just be reminders. Unlike attestations, which look backwards and ask employees to self-assess based on their past behavior, warnings would accompany present choices or activities. For example, an expense claim form might include a statement on it reminding the submitter that the data on the form should be accurately and honestly reported, and that there are certain expenses which may not be reimbursable or permitted. Providing these warnings at the time the employee is going to take action that checks compliance values brings together all the previous methods – it provides a nudge, makes expectations explicit, and directly asks the employee to consider ethical obligations when making choices in the course of the task.
  • Oaths: Oaths take the most advanced step of ensuring that employees comply with the ethical and compliance expectations of their profession by asking that they voluntarily submit to discipline should they violate these. This submission is by taking an oath and signing it, typically with witnesses and even a level of formalization or ceremony in order to underscore the significance of the commitment and the seriousness of trespassing against it with future misconduct. A very interesting example of a professional oath is the Banker’s Oath in the Netherlands, which is intended to restore trust in the financial sector and banks specifically by requiring that every Dutch employee take an oath to comply with uniform ethical guidelines. To read more about the Banker’s Oath, visit the website of the Dutch independent organization Foundation for Banking Ethics Enforcement (FBEE).

The above methods for encouraging voluntary compliance can be employed by compliance professionals simply and powerfully in routine compliance communications and awareness initiatives. Reminding employees of values – the purpose – helps to heighten the credibility and appeal of rules – the requirement – and provide a mission perspective to their engagement in the compliance program.