Effective Compliance Programs Reject Checklist Approach and Focus on Culture and Behavior


Organizations with the most effective compliance programs focus on the presence or absence of ethical behaviors to measure program effectiveness rather than on checklists itemizing the number of training courses, hotline calls or other compliance program elements according to LRN’s 2016 Program Effectiveness Index Report (PEI Report). The report also found that not enough companies take a values-based approach to mold employee behavior.

“All ethics and compliance programs focus on dissuading misconduct, ensuring it is reported when it occurs and preventing retaliation,” explained Mike Eichenwald, an advisory leader at LRN, in a press release. “The best way to measure the effectiveness of any ethics and compliance program is to look for the presence or absence of ethical behaviors across the organization – not of program elements,” he said.

“A lot of the meltdowns that have occurred in the last couple years involved corporations that had a code of conduct, training and many of the features of a good ethics and compliance program,” Susan Divers, a senior advisor at LRN, told The Anti-Corruption Report. “The problem,” she said, “was the ethics and compliance programs, while looking great on paper, were not working in practice.”

See our four-part series on measuring compliance: “Getting Started” (Aug. 2, 2017); “Seven Areas of Compliance to Measure” (Aug. 16, 2017); “How to Measure Quality” (Sep. 6, 2017); and “Gathering and Analyzing Data” (Sep. 20, 2017).

Methodology and Results

LRN’s Program Effectiveness Index measures three outcomes of workplace behavior: ethical decision-making, organizational justice and freedom of expression. LRN surveyed 556 ethics, compliance and legal experts from a variety of industries who were asked to rate their organizations on criteria such as whether high performers who violate their organization’s code of conduct are tolerated and whether managers sometimes act as if they are above the rules. Organizations ranged in size from under 500 full-time employees (12%) to more than 10,000 (38%). The majority of respondents were from organizations based in North America (79%); 13% were based in Europe, 4% headquartered in Latin America, 2% in Asia/Pacific and 1% in the Middle East.

Governance, culture and leadership influence organizational, as well as individual, behavior, according to the report. Just 49% of respondents indicated that the C-suite engages them while making strategic decisions, and only 45% reported that C-level executives consider ethical behavior a prerequisite for promotion.

The vast majority (93%) of respondents from organizations with high-performing programs reported that their organization recognizes that “living [its] values” strengthens its brand appeal, while just 49% or respondents from organizations with low-performing programs said the same. While 85% of respondents from high-performing programs reported that their C-suites hold leaders accountable for ethical behavior, just 53% of respondents from low-performing programs said the same.

Shifting away from silo-based approaches to an ethics and compliance focus, high-performing programs now actively involve other corporate departments in their efforts, LRN found. Middle managers at high-performing programs know they are accountable for assessing ethics and compliance risk for their business and teams, according to 74% of respondents, but their counterparts from companies with low-performing programs do not (just 48% of respondents reported that their middle managers were aware of this responsibility).

The most successful ethics and compliance programs communicate guidance and values through many channels on an ongoing basis, the report found. Communication strategies include discussions led by ethics and compliance, email campaigns, online education, internal social media and classroom-style education. LRN found that an emerging best practice is the development of simplified ethics and compliance policies that communicate expectations in a clear and concise manner. Shorter, more frequent training modules and facilitated workshops are more likely to be used at organizations with high-performing programs.

A Deeper Dive: Measuring Outcomes

LRN created the Program Effectiveness Index as an approach to measuring outcomes rather than just inventorying the components of an ethics and compliance program. Many ethics and evaluation surveys focus on inputs such as the number of policies, the existence of hotlines, the amount of training, the number of audits and so on as an indicator of effectiveness. But bells and whistles do not matter quite so much as good behavior. “The goal is to help E&C professionals better evaluate the impact of their programs by focusing their lens on the presence or absence of ethical behavior throughout the organization and across their operations,” the PEI Report noted.

Ethical Decision-Making

Ethical decision-making requires employees to make choices based on their values rather than mere expediency. “A company’s ethics and compliance team should be posing difficult questions when trying to measure ethical decision-making,” Divers said. For instance, she suggested, asking “how many times has the company turned down business or an acquisition or a joint venture or a sales representative because of ethical considerations?”

The PEI Report found that the C-suites of 73% of organizations with high-performing programs model values-based behavior, according to survey participants, while just 61% of the C-suites of low-performing programs do. The report also found that 67% of C-suites from high-performing organizations promote ethics without prompting as compared to just 40% from low-performing organizations.

Organizational Justice

Organizational justice obliges senior executives and high performers to be held to the same standards of conduct as other employees. “It is not uncommon for people to report that there is one set of rules for them and another set of rules for the high fliers,” Divers observed. “For instance, very successful sales people might gain immunity. Even though these high performers might have problems with their expense reports or give lavish gifts, companies frequently wink and nod and excuse the behavior because this individual is a “high performer”,” Divers noted.

“Basically, a company then is saying to its employees, ‘Yes, we have all of these ethical principles and everyone must abide by our code of conduct, but it’s subjective,’” Divers continued. “‘Because Jim produces $1 billion a year in sales, we are going to ignore his potentially unethical behavior.’” Although that is “not an uncommon scenario, it is very corrosive for trust and faith in the system,” Divers said.

The PEI Report found that C-suites at 51% of organizations with high-performing programs consider managers’ ethical behavior for performance reviews as a prerequisite for promotion while just 42% of C-suites at organizations with low-performing programs do the same.

Freedom of Expression

Freedom of expression encourages employees to raise concerns in an atmosphere of trust and respect. “The company that probably has fostered freedom of expression the most is GE,” Divers said, pointing to its system of open reporting.

“Open reporting involves looking beyond a hotline and training managers to focus on the issues that employees raise and to triage those issues so they are dealt with correctly,” Divers explained. “Ultimately, only a small percentage of complaints or issues come in through a company’s hotline. Plenty of issues are raised directly by employees to their managers, though.”

The PEI Report found that 61% of middle managers at companies with high-performing programs deal effectively with ethics and compliance concerns raised by their team, while just 54% of middle managers at companies with low-performing programs do.

See “Experts at GE and LRN Say Think Globally, Act Locally to Build a Stronger Global Compliance Program” (Jan. 13, 2016).

Integrating Core Values in Behavioral Terms

“Successful companies integrate organizational core values by expressing them in behavioral terms,” Divers observed. For instance, she said, “many companies now are mentioning sanitized but real-life scenarios that actually happened rather than just reciting statutory prohibitions against bribery. Revising training to focus on actual scenarios that had occurred helps employees understand what can happen and how to make the right choices. That is much more effective training than a long list of ‘don’t do this, don’t do that,’” Divers maintained.

“More companies are also connecting their employees with a sense of the company’s purpose beyond just improving its balance sheet,” Divers noted. Southwest Airlines, for example, “really focuses on connecting people with a clear sense of its purpose with its corporate slogan, ‘Without a heart, it’s just a machine,’” Divers said. “Southwest has understood its mission in human terms,” she continued. “Southwest is here to connect people with their loved ones. The company amplifies their mission by posting videos on its websites with examples of employees going above and beyond,” Divers noted. “It does not prevent employees from going above and beyond, and actually encourages them to do so.”

“If a company tells the story of what a person did, the company is really modeling that behavior as well,” Divers said. “Increasingly,” she continued, “companies are starting to identify and call out employees who have displayed courage ethically navigated a challenging situation.” For example, she noted that AECOM, an infrastructure firm at which she used to work, would feature middle managers who had made ethical, albeit difficult decisions impacting the business.  “They walked away from opportunities that violated their ethics,” she explained.

“A number of CEOs have said that how their companies do business is as important as the results they achieve,” Divers explained. She noted that this approach is consistent with an increased emphasis on sustainability that has taken place over the past decade or so. “Companies acknowledge that they could exploit the environment to save or make money, but that is not a sustainable model and it is not a model that people feel proud to operate in,” Divers said. “Increasingly, it is no longer a model that people – whether employees or shareholders or the communities in which companies operate or the government – will tolerate,” she continued.

The same evolution has taken place with respect to bribery and corruption. Today, “people will not tolerate the exploitation of their social institutions by greedy politicians or rapacious business people,” Divers said.

See “Creating a Values-Based Compliance Code and Recruiting Compliance Champions to Spread the Message” (Nov. 4, 2015).

Improve Training

“The U.S. government’s emphasis has moved from seeking a perfect program that has all of the required elements – but may not be doing much in practice – to asking questions about how programs are implemented. Merely issuing a code of conduct once a year and making employees certify that they have read it is counterproductive and provides a false sense of security,” she asserted.

Companies might try to avoid a tendency to recite laundry lists of applicable statutes and their prohibitions. “It is surprising how many companies still insist that employees chain themselves to desks for an hour-long lecture on some compliance topic,” Divers observed, “that is not an effective way to train people.”

“Holding live discussions with the ethics and compliance team or with managers trained on ethics and compliance issues, addressing real-life examples in a given business unit are more engaging and effective,” Divers said. “Training should be mobile-friendly and sufficiently brief so that people can learn in convenient and shorter time periods.”

See “Benchmarking Compliance Training With Kim Urbanchuk of Airbus” (Sep. 6, 2017).

Drop Legalese From Policies

One way to make corporate policies more accessible to employees is by removing dry legal language from them. “Most policies are written in legal jargon so it is very hard for employees to understand them,” Divers noted. Indeed, the PEI Report found that just 62% of organizations from low-performing organizations have compliance policies that are clear and easily understood by employees, while 80% of organizations with high-performing programs have clear, easily understood policies.

“Leading-edge companies like Eli Lilly have invested a tremendous amount of time and effort in making their policies accessible to people and making them values-driven and behavior-driven, rather than long summaries of laws and regulations,” Divers noted.

Indeed, Eli Lilly’s code of conduct – published in what the company calls the Red Book – is short and straightforward. Coming in at just 8 pages (including plenty of visuals and white space), it identifies the corporate mission (making medicine) and its values (integrity, excellence and respect for people) succinctly.

Undertake an Organizational MRI

“Our research shows that companies that embrace a values-based leadership model with a mission substantially outperform, over the long run, companies that do not,” Divers said. A company can inspire commitment to ethical behavior by commissioning what she calls an “organizational MRI.” LRN “applies qualitative and quantitative tools to develop a heat map of areas and even operations needing additional scrutiny,” she explained.

Employees might be asked through surveys and then through focus groups about levels of trust in their organization. “We do not just ask, ‘Is there a lot of trust in this organization?’” Divers explained. “Instead, we pose searching questions that are behaviorally driven,” she said. “We might ask whether people feel comfortable sharing new ideas in meetings or if they are comfortable challenging someone who is their organizational superior,” Divers continued.

Companies do not have to develop a value-focused ethics-driven business model all at once, Divers noted. “They already have a code of conduct in place,” she observed. “They just need to bring it to life.” A good place to start is by focusing on values and mission and by making these more accessible to employees.

See “Six Steps to Revitalize the Company Compliance Code” (Aug. 20, 2014).