If your goal is to have an average compliance program, don’t read this article.
But if you want something more—an outstanding program—then get some strong coffee, eat some spinach, or do whatever else makes you feel heroic. What follows will not be easy; it might not win you management’s love, but it will certainly make your compliance program powerful and effective.
Empower your CECO
You already know the top compliance person, the chief ethics and compliance officer (CECO), needs power and independence to be effective. Elevate this fact beyond empty words: Give the CECO a no-nonsense employment contract that protects his or her independence, empowerment, and stature. Require the board’s prior approval for firing or any other negative employment action involving the CECO.
Require the CECO to be bound by a code of professional ethics. Make following this code part of his or her job requirements and employment contract. If you like surprising people, this approach will work. No one will likely know such a code even exists. Nail this down, so the company cannot require the CECO to violate these ethical standards.
Help compliance trickle down
You took care of the top. What about the rest of the world—where your business meets reality?
Make sure each business unit has a compliance and ethics program goal as part of its business plan and the unit’s chief officer is evaluated on it. When their pay and promotability depends upon it, managers suddenly realize it’s not just another corporate memo they can ignore. It becomes clear compliance is not merely the job of some remote headquarters department but falls on each company leader.
Of course, the CECO has input on these assessments. Outstanding performance in this category by business unit leaders should also be recognized by company executives.
But you want to be sure the program is not just a headquarters fantasy with no real life in business operations. So, require each business unit has a compliance representative who cannot be removed without the CECO’s consent. The CECO you have empowered then has a say over his/her evaluation.
This representative carries the flag for the compliance and ethics program in the business unit and provides knowledge from the field back to the CECO. He or she helps the business unit’s leader to meet compliance and ethics performance goals.
Companies show a lot of imagination in naming these folks, including ethics ambassadors, compliance coordinators, compliance liaisons, compliance champions, facility compliance officers, business unit compliance officers, and more. Regardless of title, these people bring the program out of the headquarters and into the business, along with checking the culture of each unit.
If you had to name one dangerous enemy of compliance, it would be retaliation. It can destroy everything you are working to do.
Just saying in your code of conduct that it is never allowed is the boring and ineffective approach. To have real effect, the company should publicize (removing identifying information) actual cases of bosses who retaliated or threatened retaliation and were fired.
You know from your own experience that people learn from stories. But if you are smart, you also know not to depend on things just to go right by themselves. So have the company follow up over time with whistleblowers to make sure they aren’t retaliated against. Compare the employee’s evaluation and treatment before and after speaking out. Treat retaliation as a top compliance risk.
If you’re feeling especially bold, promote individuals who have blown the whistle and recruit whistleblowers who were kicked out from other companies. Don’t look for guidance from other companies that have this approach—there probably aren’t any.
Order an outside review
If you have ever managed anything, you know you must check to make sure everything is working. Take that a step further and order an outside review.
No, not by the auditors who have worked for your company forever or the outside counsel who was at your general counsel’s wedding. Instead, have the program evaluated by an outside compliance and ethics expert with no prior relationship to the company.
The report—your grade and the company’s grade—should go to the board without the CECO or other executives having veto power. The evaluation should use tough government standards. You will know it is accurate if it finds many ways the program could be improved and recognizes some of the systems have started to decline. All commitments to improve the program should be monitored and audited to ensure they really happen.
Incentivize compliance and ethics done right
It’s an old cliché: money talks. But companies use incentives because they work.
To make sure your compliance program works, juice up the related incentive effort. Compliance and ethics leadership is evaluated in all managers’ performance evaluations, and a manager’s overall evaluation cannot be higher than the compliance and ethics assessment. This should be audited.
The next step is to require the board’s compensation committee, as part of its charter, to evaluate all company leaders on their active promotion of the company’s values and the compliance and ethics program.
Build into the process that supervisors who do these compliance and ethics evaluations of their subordinates on a perfunctory basis (e.g., all their subordinates get perfect ratings) are not eligible for bonus treatment themselves.
You are not leaving anything to chance when it comes to incentives. The CECO is always part of the process when any incentive system is being developed for use in the company. The CECO has the clout to get the company to carefully consider the impact of strong incentives, and incentive programs are monitored to see whether the incentives are driving employees in a questionable direction.
It is no crime for a company to have a powerful engine, but the brakes need to be just as strong.