Some legal commentators still believe that if you put a paper compliance program in place, employees will follow it. The problem with that legal approach is that does not account for the human condition, which unfortunately is not always pure of heart.

The Man From FCPA considered that when perusing a recent book, “The Character Gap” by Christian Miller. In that book, Miller writes that people are not always morally pure, but nor are they morally corrupt; they are usually “a messy blend of good and evil.” People can behave “admirably in some situations and they turn around and behave deplorably in other situations,” he writes.

I found this insight key to a critical part of a best practice compliance program: ongoing monitoring. It is through ongoing monitoring that companies should be able to detect issues that might arise before they become full-blown FCPA violations. The Department of Justice has taken this simple prescript of oversight several steps further, most notably in the Evaluation of Corporate Compliance Programs, released in February 2017. Companies are required to put more into their compliance programs to operationalize them. Consider the requirements around training, for example. Now, companies must tailor their compliance training appropriately to the audience, and then determine the training program’s effectiveness.

Miller’s book points toward another reason for a more fully operationalized compliance program: Internal controls can often act as backup redundancies and oversight. This system helps some of the situations that employees can face on a daily basis when pressured to make their numbers. If a robust set of internal controls and oversight are in place, there will be less opportunity to cut corners and start down a path that may lead to a legal violation.

A lock is only there to help keep an honest person, honest. That is why every compliance program is designed to prevent, detect, and remediate. Miller’s book demonstrates the "why" from the perspective of character.