Defining “Effective” Ethics and Compliance Programs
The compliance profession faces many challenges. Some are more important than others. When it comes to evaluating performance, or measuring compliance programs, the profession has a steep uphill climb.
Unfortunately, measuring compliance programs and defining what an “effective” program is an issue that requires extensive research and analysis. Justice Potter Stewart’s famous words defining “obscenity” – “I know it when I see it,” just will not work when it comes to effective compliance programs.
The US Sentencing Commission has provided required elements of an “effective” compliance program; the Department of Justice has advanced the dialogue with its own approach and definition, as set forth in the FCPA Guidance and recently in the FCPA Pilot Program.
It is time now to develop a comprehensive focus on this specific issue. Everyone has an opinion when it comes to an “effective” program but no one has the research or the data to back it up.
If the compliance profession is to establish itself based on the associated subject matter expertise, then this issue needs to be addressed. Professional credibility depends on a more rigorous approach to the issue. Of course, social science research is not so easy, nor is it as if there is one answer to this difficult question but more needs to be accomplished in this area.
When you think of “effective” compliance, there are many potential characteristics that everyone can cite. For example, I can think of two easy ones – rates of reported misconduct in an organization; and standardized ethical culture survey questions. Both of these categories offer important insight into the overall effectiveness of a compliance program.
However, an important question is how do you isolate a particular compliance program element and tie it to a particular result. More employees who undergo training and certification does not necessarily mean that fewer employees will engage in misconduct.
Companies that have a code of conduct and communicate the code of conduct are likely to experience lower rates of misconduct than companies that do not have a code of conduct or communicate their code of conduct. This seems logical and provable.
Similarly, there has to be a way to measure characteristics of a culture that encourages reporting, notwithstanding the variance of actual rates of employee misconduct. In other words, there has to be a way to isolate whether or not employees trust an internal reporting system for misconduct.
These are all questions that need to be addressed and examined by the compliance profession with the help and support of research. Some organizations and academic institutions are beginning to address these issues but more is definitely needed. Compliance practitioners have a lot to contribute here and this is an area for compliance representatives to help support.
Ultimately, the compliance profession will be required to demonstrate its ability to critique its performance, bring some rigorous research to the table, and help establish some parameters around this key issue. In the end, it will help the compliance profession to establish itself as a credible entity in the corporate boardroom, in political circles, and in the corporate governance field.
Enterprises really cannot self-govern effectively. Senior management defines the processes and resources, including the processes that monitor compliance. Senior management in this respect creates the workplace where non-compliance and unethical behavior can happen. And senior executives understand all of this. Enterprise authoritative hierarchical decision making is the problem. Controls based on sound metrics and transparency should drive compliance along with processes designed simply to not allow non-compliance through proper checks. In manufacturing processes are improved to eliminate undesirable outcome. Same should be done with compliance. The other issue is corrupt leadership will punish whistle blowers. Look at HR records as a measure of compliance effectiveness as well.