Diagnosing a Compliance “Failure”
Life is filled with ups and downs. Compliance officers know this and are familiar with riding the roller coaster. Compliance “failures” are inevitable.
If you look at any company’s internal investigation case mix, you will see a laundry list of compliance problems, most of which center around human resource issues. That is to be expected.
The internal investigation case mix is only the tip of the iceberg – one “data point” as professionals like to say. The more interesting analysis occurs when you consider the cause of a significant compliance failure – a sophisticated fraud scheme, kickbacks from suppliers, an export control violation, suspected foreign bribery, or possible antitrust collusion.
When these events appear on the radar screen, the board and senior management sit up in their chairs. People start to ask questions. Board members and senior management turn to the Compliance Officer and ask ”How could this happen?”
Interestingly, the Board and senior management never ask themselves “How could I/we let this happen?” Self-analysis quickly turns into projected questions for the Compliance Officer.
The truth be told – the responsibility lies at the feet of the people asking the question, including the Compliance Officer. The question that each should ask, “What could we have done better?”
The sign of a confident person is the ability to ask that question, acknowledge its importance, and answer the question honestly. Some companies (a few) have a culture which encourages such questions, recognizing that the inquiry is not designed to lay blame but is intended to encourage dialogue and improve performance.
Too often, the response to a compliance “failure,” is pushed down to the Compliance Officer. The Board and senior management will instruct the Compliance Officer to increase his/her vigilance, report back to the Board and senior management on what happened and why.
In my view, the analysis of a compliance “failure” starts at the top and works its way down. The Board needs to ask a fundamental question – Are we exercising proper oversight and monitoring of the compliance function? As part of that question, the Board needs to review its interactions with senior management and the Compliance Officer, its support of the compliance program, and its attention to compliance program requirements.
The Board should be able to identify a number of areas where they can improve. The “buck starts and stops at the Board.” If the Board discovers that senior managers failed to carry out their directions, the Board needs to understand why and take action. Similarly, if the Compliance Officer failed to carry out orders, then the Board has to act.
In most cases, the Board’s failure was a lack of attention or a lack of questioning. That is a common symptom of a failing compliance program. If the Board does not attend to the issue, it is hard for a company as a whole to attend to the issue.
It is an unfortunate occurrence in corporate governance when a compliance “failure” occurs. It is compounded by a failure of the company to honestly examine the causes of the failure and why deficiencies were not addressed.
Excellent post, Michael! All significant change is the result of both conflict and failure. Ethical failures can either destroy a company or make it stronger. The key to the latter is engagement and self-reflection at the top, followed by both analysis and action.