Corporate ethics and compliance officers already understand that maintaining a corporate culture of compliance is crucial both to stay in the good graces of regulators and for the business to perform well in today’s economy.
We’ve already explored this idea in several ways, such as how to lay the foundations for an ethical culture and the practical steps a compliance officer can take to develop a compliance culture. Today let’s tackle another practical challenge: how does one assess your company’s current culture of compliance, or the lack thereof?
After all, assessing your current corporate culture is crucial to the success of the compliance program. An understanding of the culture and all its weak spots can inform the policies and procedures you should implement to improve compliance. That includes better insight into which specific policies or procedures can be leveraged to maximum effect — the “force multipliers” for changing culture, if you will.
Regular assessments of corporate culture can help to justify the investments you ask senior executives to make in the compliance program; and they’re valuable evidence to provide to regulators who might ask for proof that your company does try to take “tone at the top” and “culture of compliance” seriously.
So what warning signs should a compliance officer look for? How does one search for those signals?
Signs of an Unhealthy Corporate Compliance Culture
An unhealthy compliance culture can manifest in all sorts of ways. Several warning signs, however, are more specific and worrisome than others. For example:
Lack of trust or integrity. If employees have a cynical attitude about management’s objectives or statements, that means they don’t believe what management says — including its statements about core values, ethical priorities, and fair business practices. It’s then a short jump for employees to start making their own judgments about what’s permissible conduct, and your corporate culture unravels.
Actions don’t align with words. This is the management-level version of the previous warning sign. When senior executives take actions that contradict the values and priorities they preach, employees see the real message: that it’s OK to ignore ethical principles in favor of lucrative, self-serving actions.
Little or no leadership buy-in. If leaders don’t include the compliance officer in important debates, or don’t embrace “compliance by design” as they set strategic objectives, that says compliance is a sideshow, not part of the corporate culture.
Reduced compliance budget. Nothing reflects corporate commitment like money; budget support matters. Moreover, if your company is coming off of a corporate integrity agreement with regulators, and management then cuts the compliance budget — that’s a clear (and disappointing) sign that compliance is not a high priority.
Misconduct brushed under the rug. This is a more specific corollary to the “actions don’t align with words” warning above. If companies don’t hold offenders accountable for their misconduct, that can be a body blow to employees’ trust in management’s statements about ethics and culture.
How to Measure Compliance Culture in Your Organization
Most compliance officers either already know, or have directly experienced, the warning signs above. Those warning signs, however, only tell you that you might have a problem with the compliance culture in your organization — they don’t necessarily tell you how severe that “culture deficit” might actually be.
Compliance officers still need to measure the current state of the compliance culture as best you can. How? Several techniques can help.
Conduct regular employee surveys. Never underestimate the value of simply asking employees how they feel about the corporate culture. Ask questions such as “Have you been asked to do something unethical?” and “Have you seen others engage in unethical practices?” Work with your HR team or outside consultants to craft questions that give the best insights. Conduct those surveys regularly, to measure the change in employee sentiment over time.
Measure retention rates. Employees can also provide valuable intelligence even as they walk out the door. Study which groups of employees (by gender, geographic location, job function, and other characteristics) have the highest turnover, and which ones have the lowest. Use exit interviews to solicit information about what misconduct they’ve seen, and whether any specific incidents drove the employee to leave.
Review eNPS scores. The Employer Net Promoter Score (eNPS) is a metric companies can use to measure employee loyalty and engagement, similar to the Net Promoter Score that measures the same for a company’s customers. The score ranges from -100 (terrible) to 100 (excellent), although a more typical score is 10 to 30.
Study internal whistleblower data. See what employees are complaining about. Especially look for warning signs such as allegations of retaliation or “this is the second time I’ve called and nothing is happening!” outbursts. Complaints about retaliation or that the company isn’t responsive say more about the corporate culture than about the underlying misconduct itself; pay attention when you hear them.
Questions to Evaluate the Organization
Aside from all those specific warning signs and compliance metrics that compliance officers should use, there’s also a bigger picture compliance officers should try to see: a holistic sense of whether the organization has fundamental elements in place to support compliance — the infrastructure for a strong culture of compliance, if you will.
To see that larger picture, compliance officers can ask several important questions.
- Does leadership support compliance initiatives?
- Do we have a system for safe, anonymous communication in place, and is it being used?
- Does the compliance program have enough support and investment to function properly?
- Are we using an independent party to conduct compliance investigations?
- Is the leadership team trained adequately on promoting a compliance culture?
When all those elements are in place, compliance officers have a much better chance of driving the corporate culture toward that higher state of compliance you want to achieve. They are the forces, tools, processes, and leadership that you need after assessing the state of your corporate culture, to shore up parts of the organization that are weak and to fortify those parts that are already strong.
Then your culture of compliance is going on the right path.
Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.