Where and how to start your culture conversations

Q. What advice do you have for building a culture of compliance across all business areas or functions in a company, so that leaders automatically consider compliance risk in business decisions as they are being made? —Kelley

Amii: My answer to this is simple but not easy. You are describing a self-governing compliance culture—the nirvana that everyone in our profession aspires to. To achieve this, you need a CEO that understands and is thoroughly committed to the ethical stewardship of the organization. Nothing substitutes for a compliance advocate at the top of the ladder. When a company has a CEO that “gets compliance and ethics,” it often follows that the compliance officer is on equal footing with other executives at the company in terms of influence, resources, and compensation—and these factors powerfully drive all decisions and activity in an organization.

If you are fortunate enough to be in this position: (1) never leave, and (2) partner with the CEO to educate and integrate a healthy marriage of business processes with proportionate risk identification and mitigation strategies for known risks. Have regular and thoughtful dialogue about emerging risks, so that stakeholders know when to come to you for guidance.

If you are not sure whether your CEO understands your role, test the waters to find out. Meet 1:1 with the CEO to specifically discuss his or her view of the business strategy and key risks and then work with the CEO to point out where you should have ongoing discussions around compliance and the impact on the business. It’s important to frame and educate in terms of the impact to the business and its employees and shareholders. And it’s always a good idea to find other executive sponsors in the organization and create compliance wins in those areas to build momentum and your credibility. It will be a bit more uphill of a climb if you don’t have the CEO support to start, but this describes most of our colleagues’ daily work and is what makes compliance a noble profession.

Q. I have some underperforming members on my team but not so underperforming that I want to see them out of the organization. I am having a hard time motivating one particular individual … any advice on how to handle this on a day-to-day basis? —Samantha

Amii: Motivating others is one of the top 5 challenges that managers face in the workplace. Leadership theorist John Adair has posited a 50/50 rule—that 50 percent of a person’s motivation comes from within and 50 percent comes from the work environment. Focus on the 50 percent of motivation that is created by the work environment.

Understand that people are motivated by different things. For some, external factors are important, such as wealth, perks, status, and position. For others, motivation is more about intrinsic factors, such as feeling satisfied, having control over their work, enjoying a sense of challenge, feeling valued, or realizing their potential. What motivates someone may well fall somewhere between intrinsic and external factors.

Leadership assessment tools can help identify the sources of motivation for employees—and you can also simply ask them.

Find a good time to sit down with your employee, provide feedback, and elicit the employee’s best thinking on the situation. Give specific examples of his or her underperforming work and share the impact this has on you and the team. Ask your employee for input. How does he or she relate to the work? What are the employee’s likes and dislikes? Is the employee aware of the impact of his or her behavior? How does this employee like to be recognized? Share the impact that the employee’s behavior may have on his or her future opportunities. My leadership mantra: Be kind, clear, fair, and firm. Good luck!

Q. Third-party risk management is a big deal in my company these days. I’m supposed to be vetting not only my third parties, but also my third parties’ third parties, etc. How do I know where to stop? At what point have I demonstrated both to my bosses and, in essence, to regulators that I’ve done enough? —Richard

Amii: Third-party risk management is a huge investment for companies, especially those with a global footprint. If there were a logical stopping point to third-party due diligence, there would be an ISO certification you could sign up for.

This is an area that will continue to evolve over time—and I expect it only to increase to greater and greater expectations as technology enables deeper process checks. For now, I would talk to compliance colleagues in your industry (or an expert consultant, if you have the budget), and look to commonly accepted practices to serve as a comparator to define how much is enough.

Sexual harassment training has been a big topic at our meetings recently. Our company has branches in a number of different states and I know some states are looking to pass legislation to regulate harassment training and policies. What’s a best-practices way to look at a one-size-fits-all harassment training program that’s going to keep us compliant in any number of locations? —Gregg

Amii: When you have employees located in multiple states, compliance with state sexual harassment training standards presents a challenge. Some companies simply opt to go with the most stringent standard to ensure compliance. New York and California currently lead the pack, so—depending on where your employees are located—you could start by looking at those requirements. You will want to verify that the standard you choose encompasses all other state requirements that your company is subject to.

Given varying state law requirements, many large organizations will hire a third-party sexual harassment training vendor that will tailor employees’ training assignments to the laws of their governing state. This approach helps to avoid “overtraining” and is often appreciated in industries where a significant population of non-exempt employees cannot participate in training as part of their normal work schedule and must incur overtime (such as 24/7 call centers and distribution/manufacturing environments).

Given the complexity and organizational investment required, I expect that one day we will see federal legislation unifying sexual harassment training requirements.

Q. Having a lot of trouble getting along with my boss. I know this isn’t really a compliance-related question, but any advice on how to move forward in a situation like this? I’d like two extend an olive branch but not sure exactly how to do it. —Jeremy

Amii: We rarely get the boss we think we deserve. Know you are not alone and kudos to you for wanting to make it better.

Without knowing further details about the points of disagreement, it sounds like your boss may be aware of the tension as well. It’s always best to step up and prepare for what I call a crucial conversation. Start by thinking about the outcome you want.

If you can’t point to anything specific and things just feel awkward, your desired outcome may be simply to open the lines of communication. To do this you need to create a safety zone for your boss to give you feedback. Pick a time and place where you have privacy and won’t be rushed (Friday afternoons can work well). Here are some suggestions for structuring the conversation:

1. Start by sharing your intent: You value your working relationship and want to have the best one possible.

2. Share what you’ve noticed: Could be something specific, such as not being included in a key meeting, or leading a project. If you messed up, the desired outcome may be forgiveness. Apologize without excuses and address how you are going to make it right. Ask how your boss was impacted by the situation and if there is any action you can take to clarify things.

If there’s nothing specific, share that you wanted to check in and see if there’s any feedback that could make you more effective in your role. Reiterate that you want a healthy open dialogue and that his or her opinions and observations are very important to you and your professional development; and nothing is off limits. You want and welcome the feedback. (Note: This is the critical moment when your boss will either decide to believe you and give you an honest appraisal or demur, evade, or decide you can’t take the feedback and soft peddle the conversation. If your boss avoids conflict, some of this is out of your control—but do your best to create that safety zone.)

3. Then sit back and listen. Be comfortable with silence. Do not rush in with filler or comments. Your goal is to get information and seek to understand. If you don’t understand some of the feedback, ask open clarifying questions. You may not agree with the feedback, but it’s worse to have a blind spot. Once you understand his or her perception, you can begin to address it.

Good luck and let me know how it goes.

Q. I’ve been a lawyer forever but am fairly new to the compliance function. What’s the best way for me to network with my peers and figure out how to benchmark my program? —Ro

Amii: Welcome to compliance! You’re off to a great start as a member of the Compliance Week community. Compliance and ethics professionals are a generous and insightful group, very willing to help colleagues. There are professional compliance associations (the big ones are ECI and SCCE), conferences (e.g. Compliance Week, SCCE, ECI), publications, and LinkedIn chat groups based on industry, geographic areas, and risk-specific, so you should do some research and find the ones that appeal to you most. Reach out, connect, and get involved.

With regard to benchmarking your program, you can explore two options. If you have the budget and need fast results, consider hiring an independent consultant to conduct a third-party assessment of your program. You can learn alongside the consultant and develop a gap analysis that often yields a helpful 3-5 year business plan that you can share with the executive team and the board, and that may be leveraged to support a business case for increased resources. This approach has the added benefit of demonstrating good faith intent to regulators, should a compliance issue arise.

The second benchmarking option is self-analysis, a more organic approach that works well if you have the luxury of time. Depending on your industry, there may be industry-specific compliance guidance that you can turn to for the bright line rules of the road (e.g. for healthcare, HHS-OIG guidance).

Feel free to check back in with questions as your program evolves. 

Q. Do you think more states should mandate having women on public companies’ boards of directors as California has done? What do you see as the key benefit there, besides the obvious one (gender diversity)? —Anonymous

Amii: Good question (full disclosure: I testified in support of California SB826).

California’s bill is a good test case to see what kind of impact the law has on company boards.

A key benefit of the bill is driving a powerful conversation around the closed board recruitment and selection process, which currently favors existing (and predominantly male) board members’ personal networks over finding the most qualified candidates. As compliance professionals, we are acutely aware of the need for our organizations to appoint independent, diverse, and qualified board members—we have too many examples demonstrating the risks when boards fail to fulfill their oversight and governance responsibilities.

Institutional investors such as BlackRock, State Street, and CalPERS, who in recent years have used their sizable proxy voting power to pressure public companies nationwide on this issue, are driving the greater board diversity movement. Just last month, CalPERS made good on its diversity push, voting against 438 directors at 141 companies with all male boards. Given the fact that institutional investors hold about 70 percent of all the traded stock of publicly held U.S. companies, this activism will have a far greater impact than state legislation.

Women currently comprise 51 percent of the U.S. population and 57 percent of the workforce, and 56 percent attend college. In contrast, only 21 percent of Fortune 1000 corporate boards have one or more female members.

Research by Credit Suisse and Morgan Stanley International Capital indicates that corporations with women on boards are more profitable and productive and have fewer governance issues such as bribery, corruption, shareholder battles, and fraud.

The goal is to have the most qualified board members, and the current process does not allow this to happen. An intervention can jump start the system for the benefit of all—shareholders, organizations, employees, and customers. Other states should watch how this develops and consider the best way to improve the process, which is the key issue.

Q. What’s your take on the Elon Musk/SEC situation? —Anonymous

Amii: If I were Musk’s executive coach (and most CEOs have one), I would want to understand his goals. For a genius who has disrupted multiple industries, he is demonstrating a remarkable lack of self-control, self-care, and poor judgment that hurts his companies. After his “going private with the Saudis” twitter fiasco, he got a lucky break from the Securities and Exchange Commission—only to thumb his nose at the regulators on Twitter after the settlement. This doesn’t inspire investor confidence.

My hope is that Musk fundamentally returns to his roots as a futurist, investing his precious time and energy on leading some of the most innovative companies in the world (SpaceX, Tesla, Neuralink, SolarCity, Open AI).

How do you prepare for the unpredictable? —Anonymous

Amii: (Laughs) Stay open and curious. Always be prepared for something exciting to happen. Our perception of stability is a construct that only exists in our mind. Things are changing all the time. I often say to myself, “It’s OK—this is why they need me.” Meditation (and a really great Cabernet) helps.