We all want an effective compliance program in our organization. As you design, implement, and operate your compliance programs, I would suggest first that our goal is to build a program around Ethics, Compliance, and Risk. I suspect this is obvious to most readers, but in a future blog post, I will explore why I think Compliance without Ethics or Risk does not make sense. For now, I want to discuss how to improve your program, particularly in light of the April 30, 2019 US Department of Justice guidance regarding Corporate Compliance programs. I am sure we are all well aware of the DOJ guidance. For clarity of reading, I will reiterate the key principle here. The US DOJ challenges us all to answer three simple questions:
- Is the program well designed?
- Is the program effectively implemented?
- Does the compliance program actually work in practice?
In regard to the first two points, while they are important they are not the focus of this post. Designing a program is important, and as the leader of GAN Integrity, I am passionate about effectively implemented programs. But for now, let’s focus on the third question: Does the compliance program actually work in practice?
Building an Effective Compliance Program
As you look to craft the best possible Ethics and Compliance program that actually works in practice, it is vital to keep in mind the need to go beyond simply putting the right policies in place and urging senior leadership to lead from the top. Take a thoughtful approach to ensure that your compliance program is effective. Are the elements of your program having the positive effect you intended? Are the concepts you are discussing with your stakeholders actually being understood? Is behavior changing? If so, how do you know?
Traditional A/B testing methodologies are not generally available in these circumstances, and at this stage, contextually meaningful benchmarks are similarly not available or of limited use. On top of that, many Compliance and Ethics programs lack robust dashboards, long-term trend analysis, regression analysis, and longitudinal studies. While these tactics might be routine exercises for other departments in your organization, they should not be foreign to the compliance team. Let’s explore a few simple steps you can take to implement a feedback process that ensures you can assess, understand, and continuously improve the effectiveness of your Ethics and Compliance program.
Step 1: Deploy a Compliance Customer Satisfaction Survey
At the heart of every effective compliance program is stakeholder engagement. Compliance can be enforced with a heavy hand and rigorous well-designed workflows, thoughtful checklists, mandatory progressive training, and rigorous enforcement. All of these steps are important, but I would put forward that to take a program to the next level requires engagement. What if you thought of the Ethics and Compliance function as something everyone wanted to engage with, enjoyed engaging with, and even looked forward to? The first step in building an effective program is embracing this attitude and seeking to learn from every interaction with your stakeholders to continuously improve the experience. I suggest that a great place to start is with a Compliance Customer Satisfaction Survey that is administered after every engagement with the compliance function. A few questions, embedded in an email, that can vet the experience of the end-user—something the compliance team can use to continuously improve the program; after each e-learning session; every policy affirmation; each request to approve a 3rd party supplier; each request to clear a conflict of interest. After each of these interactions, the stakeholder should receive a simple survey to collect insights into program effectiveness and engagement. A continuous stream of insights that can we used to tweak and adjust the program to ensure that it is constantly getting better. We all need to make sure that our respective compliance programs are easy to work with, understandable, and engaging; that they are effective.
I would contend that as in other parts of our business (like marketing or sales) the pulse check on improving engagement with a process, program, product, or offering is to survey the “customers”. In this case, the customers are our stakeholders; employees, suppliers, partners, and distributors. They should all provide feedback on improving the program. Armed with that input we are well-positioned continuously make the right changes and exceed expectations. With simple survey data, regression analysis can show you which populations within your stakeholder base you are successfully engaging with, and where you may need to make changes. Is low engagement correlated with a particular plant or region? With a set of roles? Management vs. individual contributors? Is engagement gender-biased? Better programs are grounded in data and with better understanding, you can iterate and improve!
Step 2: Ensure Stakeholder Understanding
The next element of program effectiveness centers on understanding; ensuring that stakeholders across your enterprise understand the key concepts and principles of your policies. Everyone takes the e-learning and reads the policy, but are they gaining an understanding of the policies? Or are they paging through your training, or running the video on their laptop while scrolling through Instagram on their phones? My suggestion here is simple. At the 3, 6, and 9-month marks following the deployment of a new policy (and the taking of the accompanying e-learning) randomly administer an anonymous short quiz to stakeholders. The goal is not to assess an individual's knowledge, but to assess the effectiveness of the program and how well the organization in general understands the principles of your policies. A short five-question quiz, administered via email, at a randomly selected statistically significant cross-section of stakeholders not only gives you a snapshot but will also give you tangible and actionable feedback to improve your policy deployment and accompanying e-learning. Armed with this valuable information, you can affect real behavioral change across the organization.
Step 3: Ask a Simple Question
As the final step, I propose that each month a small but statistically significant randomly selected set of stakeholders should be asked a simple question; “Are you aware of any violation of any company policy, regulation, or law?” A simple email with an in-email question allows you to proactively check the compliance pulse of the organization. This, of course, supplements the whistleblower program that every enterprise already runs. Instead of waiting for a brave soul to report, you should be proactively reaching out to a cross-section and probing with a single simple question. While it is unlikely that this process will uncover broad issues, it serves as another part of the program, a proactive step, and a step that will help keep Compliance and Ethics at the forefront of your enterprise’s thoughts.
No Compliance and Ethics program is perfect, and every program can be improved. I believe the three steps outlined above can supplement a traditional program to improve effectiveness and put the program on a path of continuous improvement, getting you one step closer to the elusive promise of an effective compliance program.
Adapting Your TPRM Program to Internal and External Change
How an Ethical Culture Can Drive Better Business Performance
Building Trust and Engagement in the Investigations Process