Is it surprising to consider that the legendary heavy metal band Metallica has any relevance at all to compliance and ethics?
Is it surprising to consider that the legendary heavy metal band Metallica has any relevance at all to compliance and ethics?
Encouraging ethical decision-making is one of the main aspirations of any corporate compliance program. At both the employee and organizational level, it’s important to support and promote the choices that are most consistent with both explicit rules and implicit values. Individuals and corporations can demonstrate their principles-based identity through the choices they make.
Genuine commitment to making the most ethical decisions through the complex environment of inadequate information, lack of connection to consequences, competing interests, and limitations of belief systems/choice frameworks – just to name a few of the many risks inherent – is a critical component of a culture of compliance. Individual persistence to honor internal codes of ethics and moral convictions will scale up to create heuristics and habits across the organization that support responsibility and thoughtfulness rather than a culture of fear and habits reflecting limited vision.
Corporate culture is most effective when it is part of the organization’s origins. Compliance by force can never be fully effective at risk control or influencing corporate values. While organizations can and should always be looking to improve their standards and frameworks for compliance risk management, the most successful compliance programs will be rooted in the native culture of the company. For this reason thinking of compliance fundamentals from the beginning (such as described in this post or this post about start-ups, this post about founder-led business, or this post about small businesses) wherever possible gives the greatest chance of imbedding an authentic and engaging culture of compliance.
The above is especially true from a corporate social responsibility (CSR) perspective. CSR values adopted purely and un-authentically, just for competitive advantage or public relations attention, will not be convincing to all consumers or stakeholders, and therefore will not be sustainable. Companies that have some relation to or interest in political issues or social justice should recognize this early and often and incorporate activism and engagement into their company mission statements and values.
The chocolate business has long been plagued with associations with slavery and child labor. In the countries where manufacturers buy their cocoa beans, trading companies and farmers traditionally have engaged in exploitative and unfair business practices both between each other and in employing the work of slaves, many of them children. Chocolatiers have even claimed that producing chocolate without the use of slave labor at some point in the supply chain, however remote, is impossible to prove or accomplish. Instead, the industry has focused on shifting risk or responsibility for the use of slave labor or abusive trade partnerships by moving these decisions and relationships to third parties and offering ignorance or lack of control as a defense.
Tony’s Chocolonely, a Dutch confectionary company, offers an intriguing alternative to and challenge within this market. The eponymous Tony is actually Teun van de Keuken, a Dutch investigative reporter. In 2002, van de Keuken was working on a project about chocolate manufacturers. He determined that none of the manufacturers he studied that had signed the 2001 Harkin-Engel (aka Cocoa) Protocol, an international agreement intended to end child and forced labor in chocolate production, were in full compliance with the protocol’s requirements. Therefore, all the chocolate for sale by those candy companies (including Hershey’s, M&M Mars, Nestle, and Guittard) was, in van de Keuken’s view, an illegally-manufactured product.
In today’s fast-paced business world of innovation and advanced technologies, every company seems to offer the next in-demand disruption. Ever since the days of the dot-com boom and bust in the late 1990s and early 2000s, in the infancy of e-commerce and internet-based or networked products and services, companies have been striving to identify revolutionary items and ideas to market to consumers eagerly awaiting the next life-changing thing to buy. Start-ups in Silicon Valley and entrepreneurial communities all over the world want to develop the next iPhone that will transform every aspect of modern human life. Companies that provide services instead of making products all want to be the next Airbnb, the Uber of their industries, and so on.
But are those companies, and those goals of disruption for the sake of itself, anything to which companies should aspire? Companies in all business sectors are trying to emulate technology companies, and they may not be the best role models in terms of regulatory compliance, risk control frameworks, and business integrity fundamentals. Disruption and sustainability aren’t necessarily mutually exclusive, but many of the companies that were visible pioneers in the current wave of technological innovation and development cut ethical or foundational corners to focus on growth, sales, and branding. Companies in the new generation which seek to copy their success and single-minded commercial focus will run into legal and supervisory obstacles sooner rather than later, now that their predecessors have overstayed the honeymoon period of lax regulatory attention and are running afoul of legal, tax, and compliance concerns all over the world.
The start-up community’s response to public exposure of fraudulent or insufficient business practices – such as companies buying their own products to falsify sales success for partners and investors, or violating straightforward business operations rules like participating in mandatory state insurance programs to maintain company licensure – is to go on the defensive and blame the media. Worse yet, they want to claim stand-out corporate misconduct from their start-up peers are the exception, not the rule, and distance themselves from it, without doing any self-examination or risk assessment to feed-forward into their own continuous improvement.
However, the venture capital firms that are keeping these start-up companies striving toward their disruptive ambitions have a fiduciary duty to their funders to contain reputational risk that could stem from these companies’ public relations and legal problems. The “bad apples” theory cannot win the day in identifying why so much goes so wrong at so many start-ups that were once ambitious and backed by prestigious funders and now have failed, and are being sued by fraud, investigated for investor abuse, accused of forgery or inappropriate accounting practices, and have otherwise missed out on reaching disruption and instead fallen into disrepute.
In any business dominated by private companies getting rich quick, delving into areas which are within loopholes or blind-spots to current legal and regulatory enforcement agendas, transparency is the victim to innovation and doing things the right way, with respect to ethical concerns or compliance requirements that could pop up further down the road from the beginning, is subverted in favor of making money, attracting more investors, and bringing a product or service to market first and with the most attention. “Fake it till you make it” is a toxic approach to management and is no kind of leadership whatsoever. Ignoring legal and regulatory requirements cannot go on forever, as the many bans and service stoppages Uber has experienced in the last year well show. Companies may be able to grow quickly this way, but they cannot keep their business running or have much hope of holding onto their ill-gotten gains unless they tread carefully with regulators and supervisors from the start.
The cultural forces at work here are strong, and disconcerting. Founders with no experience as CEOs and even less experience as functional managers or ethical leaders are given millions of dollars by investors and pressured to be geniuses, redefine business and whatever it is they have to offer to the market in everything they ever do, and succeed at all costs. Liberties are taken, misrepresentations are made, and not every brilliant troublemaker with a crazy idea and a team of engineers turns out to be any good at actually running a legal, functioning, mature business.
The hope, supposedly, is that people will merely bend or flaunt the rules, and not break them, but who’s making the distinction? The moral hazard is great of creating an incentive for behavior that would even lead incrementally to a company that is not in simple compliance with the legal requirements for operating a business in the city, state, or country where it is located. Cautious onlookers assume that maybe if a few corners are cut at the beginning when things are small, it will all work out okay because by the time the company gets big, someone who likes paperwork or understands laws will stumble along and lend a hand. This is immature and short-sighted thinking.
Even if some philanthropic compliance officer did intervene, it would be too late to fix the cultural decay that grows at companies that do not have adequate business values and controls from the beginning. When people ask how it’s possible that business fraud and misconduct went on for years at some companies, or permeated every level of the organization seemingly without detection or interruption – this values void is the answer. To avoid a culture where cheating, misrepresenting, and making unethical decisions are all common, the foundations of the company must include cultural values where that conduct is expressly defined as unacceptable, and business governance structures to prevent, identify, and punish it when it happens.
For more on the challenges to ethical decision-making, and pitfalls for fraud and non-compliance, faced by start-ups, especially in the highly competitive advanced technology world of Silicon Valley, check out this article in Fortune from December 2016: The Ugly Unethical Underside of Silicon Valley.
For further thoughts on the challenges that start-ups and emerging enterprises face with prioritizing compliance risk management, see this post on Tinder’s corporate culture and the role compliance can play in fostering professionalism in start-ups. For practical tips, check out this post on compliance foundation must-haves for small businesses. And, check back next Wednesday, January 3, for a post on inexperienced (even if visionary) CEOs and the immature compliance cultures they cultivate by omission.
A successful and robust corporate compliance and ethics program will have a blended focus on rules-based and values-based controls. Taking an integrated approach to performance and conduct is necessary in order to facilitate awareness of and adherence to compliance risk management efforts and expectations. Rules and values cannot be separated, and should indeed be balanced together to make the most compelling call to action by employees and management.
Legal and regulatory guidelines and company policies and procedures form a clear foundation for the rules and make up the structural, mandatory portion of a compliance program. Deriving this from external and internal requirements is somewhat straightforward and can be accomplished with methodical planning and continuous updating and education.
Values, on the other hand, form the ethics discipline and come from the moral codes of individuals and the commitments to integrity made by the organizations within which they work. While more resistant to obsolescence than rules and regulations, values are far more challenging to identify and express, and even harder to imbed authentically and sustainability within a corporate culture. Values provide the voluntary motivation for doing the right thing at the right time for the right reason, despite forces or interests that may impede or work against that, and including when taking this action requires inaction.
Therefore successful compliance professionals will rely upon the basis provided by rules, while evoking the emotional and personal appeal of values. Providing incentives for inner success and enabling individuals to make ethical decisions and act with integrity gives purpose to employees and credibility to organizations.
The below TED/TEDx talks emphasize the importance of values-led people and organizations and the ways they impact society, interpret ethics, and define success.
Values-led people and organizations will form a culture of compliance with the strongest incentives for ethical decision-making and a prevailing emphasis on integrity, purpose, and inner success. Taken together with a strong controls framework to incorporate rules-based compliance foundations, an emphasis on values will give credibility and authenticity to corporate governance and strategy.
Stephen R. Covey was one of the most prominent authors of leadership, self-improvement, and motivational books and speeches of the 20th century. Though the businessman, author, educator, and speaker passed away in 2012, his well-known writings are still influential and insightful for the current generation of managers, students, and thinkers. The teachings from Covey’s books can be applied in many fields of life – business, family, religion, and community, lending heavily to his continued popularity with a wide variety of people. Not simply positioned as self-help, Covey emphasized ethics and distinct definitions of both values and principles, as separate concepts that independently influence people’s behaviors and decision-making.
Due to these emphases, Covey’s writing is specifically interesting and useful for compliance professionals looking for a novel way to approach imbedding into a corporate culture both individual values – which one could see as ethics or morality – and organizational principles – which one could see as compliance program requirements and goals. Covey’s teachings often touch upon the value of inner success, rejecting external competitive measures as the true sign of achievement in favor of emphasizing personal mission statements and progressive goal-setting to allow an individual or an organization to go from immature dependence, through self-sufficient independence, into the higher state of functioning interdependence with others. This strategic vision has a high affinity with the sort of planning compliance officers must do to encourage a successful culture of compliance.
Arguably, Covey’s best-known book is the worldwide best-seller The 7 Habits of Highly Effective People. This book is not only a worldwide best-seller that gains new fans every year for its simple and timeless insights on how to work toward, achieve, and sustain inner success, but it is also the Covey book which is most applicable for compliance professionals to study and take into consideration in the course of their work.
Taken individually, each of the 7 Habits endorses values and principles and encourages conduct in support of those, which are useful for compliance risk awareness both in planning program priorities by the compliance officer as well as encouraging awareness and fostering integrity for individuals and organizations.
Steven R. Covey’s famous 7 Habits, annotated with suggestions for their applicability to corporate compliance and ethics programs, are as follows:
For an in-depth look at Stephen R. Covey’s work and legacy, check out this official website maintained by the Covey Family. And for an entertaining take on the book, watch this animated book review of The 7 Habits of Highly Effective People.
A pure rules-based approach to compliance is direct and clear-cut, but by design lacks emotional or personal engagement. Following rules of all kinds – legal, community-based, household; practical, austere, illogical – is a social norm most humans are taught from their earliest memories. Despite this, many of them do not do it very well even with the best intentions, and still more never intend to attempt adherence.
To have any expectation that rules will be credible and inspire understanding and respect, there must be an authentic and compelling “why,” a purpose that people feels relates to them and calls for their commitment. Many laws are so deeply linked to societal expectations and taboos that the majority of people do not need to be persuaded to appreciate them – restrictions against pre-meditated murder, property theft, and abuse of animals for example. Those who remain unconvinced these acts should be prohibited and punished are not likely to view violating laws as something offensive or damaging either.
Sincere attempts to reach individuals who are antipathetic toward all rules, however few or rare they may actually be in society, with a rationale rooted in values are not likely to prevail. In general a values-based approach can be very powerful and evocative, but in order for it to hold personal appeal it must strike a difficult balance between universal relatability and individual accountability. All organizations should define their values and position their strategy and public branding within that set of principles, but this is delicate. If the values are too specific then they will be exclusionary rather than engaging, appealing only to a core group of true believers rather than attracting a wider audience. If the values are too broad, however, then they will be superficial and ring empty – again preventing individuals from attaching to them and being their standard bearers.
An especially effective tactic for bridging this gap is to make corporate values a living artifact which reflect the organization as it grows and changes along with business and society. In an ambitious and forward-looking organization, the profile and strategy will evolve and so should the outlook of what matters most in defining its purpose. Using a rules-based approach to provide both the floor and the roof for the terms of the corporate mission statement, values can fill the space between and invite everyone – employees, partners, stakeholders alike – inside.
There are many mechanisms through which corporate compliance programs can appeal to employees to make the connection between rules and values. Inspiring voluntary compliance, where employees feel aware of and responsible for the values of the compliance program and connect to them individually, adds weight to the mandatory compliance expected by the rules. Increasing the relatability of the requirements with principles behind them gives people incentive to sign on and go along with the compliance program. Compliance programs can aim to encourage ongoing employee adhesion to the organization’s values-based approach in the following ways, ranging from the lightest touch to the heaviest:
The above methods for encouraging voluntary compliance can be employed by compliance professionals simply and powerfully in routine compliance communications and awareness initiatives. Reminding employees of values – the purpose – helps to heighten the credibility and appeal of rules – the requirement – and provide a mission perspective to their engagement in the compliance program.