Compliance with rules, regulations and the law should be a given within corporate workforces – should be, but isn't. Cases of inappropriate and illegal actions at companies of all kinds have emerged regularly and are arguably more important for a company's bottom line and reputation than ever. Businesses should take an active interest in preventing these kinds of situations from emerging within their own ranks, and that means not just creating well-researched and appropriate codes of conduct but also backing them up with corporate compliance programs.
"Designing a compliance program that works means creating frameworks that will stop issues before they start."
From training and orientation to everyday rules and potentially the initiation of corporate investigations, these plans should cover every potential eventuality. Employee malfeasance can take many forms, and no organization wants to end up unprepared for issues that emerge. Designing a compliance program that works means getting into the minds of potential violators of rules or the law, and creating frameworks that will stop the possible issues before they start.
Where does modern compliance begin?
As the Harvard Business Review pointed out, the era of modern comprehensive compliance programs goes back to the 1990s. When the U.S. Sentencing Commission offered leniency to organizations that enforce rules internally, organizations were quick to build up these capabilities. Unfortunately, this history shows a potential downfall of such programs: If companies are mainly creating codes of conduct to receive lenient sentencing in serious cases, and to place blame on employees who commit violations of the rules, they may be more motivated to appear compliant than to truly police themselves and their workers.
HBR reported that by 2008, the Department of Justice realized some organizations were creating programs that were by the book and not particularly effective. Employees, not taking the rules or training seriously, continued to commit actions in violation of codes of conduct, even when they were frequently briefed on regulations.
When the DOJ followed up with research on compliance in 2015, it found many organizations are judging their processes based on how many employees have taken training, rather than whether the sessions have had any sort of greater lasting impact. Organizations performing pro forma compliance monitoring and prevention may be undermined by workers who keep on committing crimes large and small.
What motivates misconduct?
The MIT Sloan Management Review recently delved into cultures of non-compliance and rule-breaking, explaining that massive scandals such as Volkswagen and Wells Fargo's recent troubles are difficult to prevent when workers are able to rationalize even the highest-level violations of relevant rules. People may default to direct pressure placed on them, even when the conclusions they come to run counter to good practices.
For instance, MIT Sloan pointed to the Wells Fargo fake-account incident. The employees who opened the improper accounts felt it was necessary to stoop to such practices in light of the demands placed on them by sales leaders. This pressure overrode everything they had learned in compliance programs, and they rationalized their decision. The day-to-day reality of the work environment made it hard for them to see any way out of their situation, other than cheating the system.
MIT Sloan recommended changing the nature of modern compliance programs to ensure behavior and decision-making on employees' behalf are both being taken into account. When internal processes are designed to favor honesty, rather than the kind of all-or-nothing culture seen at Wells Fargo, workers are better positioned to make good decisions for themselves and the company.
How do leaders know plans are working?
Measuring the actual impact of a compliance program is essential but challenging. The Department of Health and Human Services Office of Inspector General released some suggestions about measuring the ongoing impact of compliance programs in an early 2017 report. However, the authors of the report clarified that they were not issuing a standard – compliance programs are too varied to measure with a single set of criteria.
The list of possible practices contained a few of the aforementioned metrics that have been deemed inappropriate on their own, such as studying the completion rates of training seminars. However, the sheer volume of possibilities shows how in-depth companies can go in assessing whether they have the right processes for their particular needs. Alignment of corporate incentives and discipline records with stated compliance program guidelines, investigation into potential retaliation against whistleblowers and investigation of compliance's role in promotions may prove instructive.
Where do investigations fit in?
Turning compliance from rote words on a page into an actual way of doing business will take action and enforcement from company leadership. That's where compliance investigations flourish. Making contact with an external investigations partner is a way to add this capability. Upon the first sense that malfeasance may be occurring within a company, businesses can reach out to such a third party to take an in-depth look at internal issues. Investigations address both specific incidents and overall cultures of misconduct that have taken hold.
Working with third-party investigators is an intermediate step that may yield more helpful results than going directly to law enforcement. While police are devoted solely to investigating particular crimes, compliance investigators can spend more time and resources determining the situation within an organization's ranks. The conditions that lead to improper employee behavior are pervasive and long-lasting, and an investigator can spend time getting to the root of the problem, with a careful eye towards improving the unique business controls for each company to "harden the target.".
From fraud and mismanagement to harassment and other kinds of improper conduct, compliance violations take many forms. Whether the rules being violated are company policies, industry guidelines or actual laws, investigations are a way to see how far problems have come and prevent situations from escalating. When organizations need compliance policies that go beyond the basics, backing up the rules with third-party investigations could prove essential.