Five years ago, the Dodd-Frank Act imposed new rules governing everything from derivatives trades and mortgage lending to disclosures about executive compensation and conflict mineral usage. With many of those regulations now in place, are corporate executives doing a better job of promoting a culture of compliance?

“Compliance really starts at the top, no matter what regulatory regime you put into place,” says Charles Elson, head of the Weinberg Center for Corporate Governance at the University of Delaware. The trouble is that measuring tone at the top is notoriously difficult. Almost every business—including everyone’s favorite example, Enron—says the right thing on paper, via a code of conduct or business ethics, regardless of what ethical train wrecks might be happening in the real world. And positive actions such as honesty, transparency, and integrity are almost impossible for outsiders to gauge.

JPMorgan Chase addressed this conundrum in a report it issued last December about how it is trying to be a better corporate citizen, in response to shareholder requests after a series of well-publicized disasters such as the 2012 London Whale incident. “It is not enough to have well-articulated standards,” the report acknowledges. “They must be embedded in the values of each and every employee through continued training and reinforcement and must guide and be evident in our actions.”

One of the chief criticisms of the bank, in fact, was that it didn’t follow its own (or regulators’) rules. “The whale trades exposed a bank culture in which risk limit breaches were routinely disregarded, risk metrics were frequently criticized or downplayed, and risk evaluation models were manipulated by bank personnel,” a Senate sub-committee report on the $6 billion-plus in derivatives trading losses, said. The report also criticized executives specifically for condoning the excessive risk-taking and for dodging regulators who expressed concerns.

“The [Dodd-Frank Act] has made people more aware of [the importance of culture] than they were, which is good. But I don’t think it’s made the country more ethical.”
Charles Elson, Head of the Weinberg Center for Corporate Governance, University of Delaware

As such, the first chapter of JPMorgan’s 100-page document focuses on how the company is reshaping its corporate culture. Beginning in 2013, under the leadership of CEO Jamie Dimon, two top executives interviewed other senior managers to understand where the corporate culture was and where it should be, the report says. They also developed case studies involving past mistakes, including various breakdowns in corporate controls, which led to aggressive payday lending practices and wrongfully foreclosing on the homes of members of the military.

They shared those case studies (and presumably how to avoid them) with 200 of the highest-ranking executives, and then more broadly through firm-wide discussions led by the company’s CEO and other executives. This approach aimed for the domino effect, stressing “the importance of company leaders carrying these messages to their teams so employees throughout the company would understand their importance.”

The second phase of the culture shock was to re-articulate and re-commit the firm to a set of 20 business principles, which include broad moral directives such as “Do not compromise our integrity,” “Face facts,” and “Have fortitude,” along with more practical ones such as “Focus on the customer” and “Build teamwork, loyalty, and morale.”

The revised principles were published and distributed to every employee; they are now embedded into recruiting, training, and performance management. To help employees understand how to apply these directives in everyday life, the company also refreshed its Code of Conduct to make it easier to understand. All together, the actions “help our people internalize the company’s values, show up at work each day committed to living our mission,” the report says.

The bank seems to be on the right path, says Seamus Finn, investment leader of the Missionary Oblates of Mary Immaculate (OMI), the investor group that pressed JPMorgan Chase officials to issue the report. Corporate culture was a key area of interest for the group, as it represents the bank’s “moral compass,” he says. Yet, he is hesitant to pass judgment on it too quickly. “The proof of the efficacy of this document is how it will be rolled out in terms of training and for new employees,” he says. “On an ongoing basis, we’d look for a decrease in the headline-grabbing stories about their inappropriate trading or illegal activities.”

A Cultural Change

OMI just negotiated a similar report from Bank of America, which is forthcoming, and it is aiming to get one from Wells Fargo, as well. Goldman Sachs published a report in 2011 about planned changes to its business standards as a result of the conversations with OMI, Finn says. “Most in the sector have lost the trust of shareholders as well as customers,” Finn says. “We felt a model that had them do a top-to-bottom examination of practices, policies, and gaps was a way to move forward.”

Regulators are also continuing to push for cultural changes at banks. The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) recently published an advisory noting that “a poor compliance culture” was at the root of the many recent enforcement actions related to the Bank Secrecy Act and anti-money laundering failures. “For a BSA/AML program to be effective, it should have the demonstrable support of leadership,” it notes, “as such commitment influences the attitudes of others within the organization.”


Below, JPMorgan describes some steps it has taken to improve.
We have taken great care to re-articulate and re-emphasize our cultural values and corporate standards consistently and clearly so they can be internalized by employees and result in the kinds of observable, ethical behaviors that we expect. High standards, strong values and a commitment to doing first-class business in a first-class way must remain ingrained in our company’s DNA. We do this by setting the tone from the top; hiring and retaining great, diverse employees; training our people at each stage of their ca­reer; disciplining employees for doing the wrong thing; building teamwork and morale; communicating honestly, clearly, and con­sistently; and striving to be good leaders.
We also have invested an extraordinary amount of money, tech­nology, and focus on our control agenda to provide the necessary infrastructure and support. We have hired thousands of person­nel, invested hundreds of millions of dollars in new technology, and implemented training and education programs that have touched every single one of our roughly 240,000 people working in more than 60 countries and 2,100 U.S. cities.
As with everything we do, one of the most important goals for us throughout has been to enhance the customer experience.
Source: JPMorgan.

Across industries, governance experts say top executives are generally more willing to spend time and money on cultivating a culture of compliance. “We have seen a concerted effort on the part of companies we advise to look at tone at the top and be thoughtful about how they can better ensure the right tone is set,” says Christopher Garcia, a partner with law firm Weil, Gotshal & Manges. Often, that involves elevating the compliance officer to the C-suite, with at least a dotted line to the CEO.

“Compliance is being seen not just as a cost but as a protection,” says Ellen Odoner, a partner at Weil. It also entails securing more independent and better-qualified directors to oversee and challenge management on their decisions and tone, she says.

Some executives have become more enthusiastic about compliance activities. While companies used to push back on suggestions to, for example, run trainings more frequently, now “we get inbound calls from companies saying they want to do more,” Garcia says. Benchmarking compliance programs and standards against peers became more popular in recent years. Audit committees are also paying closer attention to both large and small complaints filed through whistleblower hotlines.

Can a Culture of Compliance Get You Off the Hook?

Another sign of change: A number of companies, including Ralph Lauren Corp. and Goodyear, have recently avoided Foreign Corrupt Practices Act charges by putting Code of Conduct commitments to transparency into practice and self-reporting their employees’ illegal actions. Morgan Stanley was one of the most outstanding examples, as the Justice Department cited its comprehensive compliance system and culture as a reason the bank did not get in trouble when former managing director Garth Peterson pled guilty to violating the FCPA in 2012.

In its press release about the case, the regulator noted that Morgan Stanley “maintained a system of internal controls meant to ensure accountability for its assets and to prevent employees from offering, promising, or paying anything of value to foreign government officials.” These controls included regularly updated internal policies, frequent FCPA trainings and reminders (specifically to Peterson), random audits, and tight controls on payments made to business partners.

Conversely, at many companies where the SEC has brought accounting charges recently, it’s clear that executives were not as focused on compliance as they should have been. “Senior management in some cases was just not engaged in any real discussion about the controls,” Enforcement Director Andrew Ceresney said in a March speech. “As a result, employees did not properly focus on them and the firm, and its shareholders are put at risk.”

Ceresney cautioned against taking a “check the box” mentality and urged executives to ask regular and unexpected questions about controls to “send a powerful message that you want these issues to be on your employees’ minds.”

As JPMorgan and others readily acknowledge, creating a culture of compliance is an unrelenting task. In an era where companies are tasked with doing more with less, it is easy for employees to forget corporate messaging, especially when the stakes are high. Has Dodd-Frank made a difference in reshaping a culture of compliance? Yes and no. “The law has made people more aware of [the importance of culture] than they were,” which is good, says Elson. But “I don’t think it’s made the country more ethical.”