Chief Ethics and Compliance Officers – Reasonable Expectations
Chief Ethics and Compliance Officers are giddy these days – the push for empowerment: independence and resources is continuing to succeed. Of course, the transformation will take time.
Corporate boards and senior executives have to be educated and convinced that increasing compliance spending is a priority. Given all of the competing concerns, this is no easy task.
In arguing their respective cases, CECOs have to be careful. Most importantly, they have to be honest. They have to reveal the dirty little secret behind the compliance profession and an effective compliance program – there are no guarantees of compliance with a business code or the law.
Compliance officers operate in a world with no guarantees. They cannot avail themselves of Benjamin Franklin’s wisdom — “In this world nothing can be said to be certain, except death and taxes.” To the contrary, an effective compliance program is only a means to reduce risk. There are no guarantees of “success” if the measure is the occurrence of a code and/or legal violation.
This all sounds like a profound grasp of the obvious, but there is more to my point here — the board, senior managers, shareholders and stakeholders all need to understand this reality.
We are forgetting the most important person who needs to understand this reality – the CECO. It is a reality that they need to acknowledge and accept. CECOs are perfectionists and they expect the same from their companies. CECOs have to be careful not to judge themselves and their companies on such a standard. If they do, they are doomed to fall short.
Like Donna Boehme and Tom Fox, two compliance professionals who I respect, the concept of rogue employee is a myth. Compliance violations rarely, if ever, occur because one actor alone decides to ignore or violate the Code of Conduct and/or the law.
In almost every case, a company’s first reaction to a possible violation is to isolate the bad actor and limit the damage to the rouge employee explanation. That is a clear mistake. Instead, companies need to ask the question – what in our corporate culture and compliance program contributed to the actor(s) decision to violate the code of conduct and/or the law.
CECOs know that these are difficult but important questions that need to be answered. It is an important inquiry that will require an honest self-assessment and improvements to the compliance program. The continuous improvement loop is an important tool to use to identify weaknesses in a compliance program and implement reforms. In doing so, CECOs have to judge their compliance program and their efforts with reasonable expectations. Violations are bound to occur – an effective compliance program is the best – and only – way to minimize those risks.