Kicking off Compliance Week 2015 in Washington D.C. on Monday, compliance experts from Boeing, Walmart and General Electric tackled the topic of “Compliance Amid Complexity: How to Succeed.”
For Diana Sands, senior vice president in Boeing’s Office of Internal Governance, regulatory compliance can sometimes be a matter of addition through subtraction. Sarbanes-Oxley compliance, for example, once grew to more than 9,000 related controls around the company, each independently developed within workgroups. “Over time, what we have done is create an enterprise control framework , and reduced SOX controls to about 1,000 instances, all under an umbrella of about 200 key common controls under 12 business processes,” she said. “When I think about compliance more broadly, an enterprise-wide common framework is key.”
General Electric has embarked on a CEO-level campaign for simplification. “The idea is how to take the bureaucracy that has crept in over a period of 120 years, strip that away and make us act like a new company, a new start-up,” Alfred Rosa, chief compliance director and senior executive counsel, said. “We’ve applied that lens to the compliance operation. The lesson I’ve learned is that simpler compliance often means more effective compliance. “
When Rosa viewed his program through the eyes of whether it could be more concise, more engaging, and more inspiring for employees, he found that many of the processes in place didn’t meet those objectives. “I took comfort in the fact that our training was long,” he said. “When I really got into the concepts of adult learning theory, I realized that shorter, bite-sized chunks are easier for employees to digest when distributed along a timeline.”
Catering processes and training for employees is crucial, because they are often the frontline of compliance. “The best indicator of whether you have a healthy culture or not is the extent employees will come forward and report the issues hat they see in their operations,” said Daniel Trujilio, Walmart’s chief ethics and compliance officer.
Approximately 3,200 policy concerns have been raised by General Electric employees. “Those employees have really saved the day for us,” Rosa said. “In my experience its not process, not audit, and not the legal team that identifies issues. The number one source of concern identification comes from employees. So, we spend a lot of time and working together with our communication experts to let employees know that having the courage to come forward really makes a difference in our culture.”
Company culture should also be strengthened through partnerships and open lines of communication between leadership and employees. “The way culture and risk management come together is all about the way that you are organized as a team,” Rosa said. He explained that GE does business in 65 countries and has more than 300,000 employees; this year alone an acquisition will add another 65,000 employees. “You’ve got to have a network and a rhythm that engages both the employee base and all of the leaders in such a way that it is just part of, and feathered into, their normal, every day existence.”
General Electric relies heavily on “bottom-up sessions” where employees hear directly from their managers, not compliance, about the key risks in their division, Rosa said. “On a monthly basis, there are similar risk-focused discussions, including discussions about culture, that establish patterns of behavior and expectations for employees about making compliance a part of their daily life.
“Getting the right tome at all levels and ensuring good engagement with all employees around making the decisions that align with the culture is important,” Sands said.
Perhaps no company finds creating a holistic culture of compliance as challenging as Walmart, with 2.2 million employees in 27 countries. Reaching employees means breaking objectives into simple-to-understand messages, Trujillo said. That approach involves breaking 14 key subject matters, including anti-corruption and food safety, into three to five core things workers must know and adhere to. “We start by putting the right people in the right place and make sure we trained them so that they know the message and the values we have in the company,” he said. “It is easier to understand what compliance is when you have simple messages. The main thing is that everybody understands that we are a value based company.”
Management can also help their cause by communicating missteps, not hiding them. Several times a year, General Electric produces videos that discuss leadership issues and problems that occurred within units, Rosa said. The discussions detail what happened, the specifics, and what was done about it. “The employees have to believe that their leaders are serious about the issues that occur in their operations,” Rosa said.
“What has worked for us is openness and being candid about the things that have occurred at the company,” Sands said. “Accountability is really key, especially for senior leaders.”