What Good Compliance Looks Like: Part 2

What good compliance looks like: part 2RichardBistrong-picture-small-768x1024By Richard Bistrong

In a prior post, I shared the view of a CEO of a Fortune 500 company, who launched his talk at a compliance event by asking “what does good look like?” In that post, I concluded with how “I spent the better part of my career avoiding and evading compliance, but I now appreciate that compliance leaders want those outside of their perimeter to be successful, and they want them home with their families.”

So, let’s reflect some more on what good compliance looks like. Let’s start with a question: What Was Volkswagen Thinking?

In an Atlantic article titled with that very same question, which addressed a number of corporate scandals, including VW, the Ford Pinto, and the Challenger disaster, author Jerry Useem concluded: “the sequences of events fits a pattern that appears and reappears in corporate misconduct cases, beginning with the fantastic commitments made from high.” And when those “fantastic commitments,” are made without the input of compliance, they can become stand-alone red-flags for future misconduct.

As Bazerman and Tenbrunsel share in Blind Spots, “underlying formal systems are informal norms and pressures that exert far more influence on employee behavior than any formal efforts could,” adding that informal systems “teach employees what behavior is really expected of them.” In my experience, incentives, forecasts and business strategy represent a tremendous unspoken message of organizational values and ethics. When organizations speak to a ‘win above all else’ mentality, including lucrative incentives and aggressive forecasts in high risk areas, then compliance can be viewed from the front lines as “ethics marketing.”

What I have  come to appreciate is that the compliance community understands that peril, and as Scott Killingsworth recently shared in a WSJ interview (here), when compliance personnel “are in from the start you have a chance…to foresee what compliance risks are and put in some protections and some cautions early on.” I call that baking in compliance risk before boots hit the ground, and to shore up processes and programs to make sure that spoken and unspoken messages are aligned.

If compliance is not a part of that business discussion, including setting strategy, goals and incentives, especially in high-risk (low integrity) regions, then the compliance team may be left with the unenviable task of ‘catching falling knives.’  I hear those trepidations from compliance personnel when they share their concerns of how the voice of “growing the business” is drowning out the voice of “how to grow the business.” That’s bad for everyone.

This dynamic was well addressed in a recent discussion I had with Dr. Susanne Marston, Vice President & General Counsel, APM Terminals, in preparing for an event where I addressed her leadership team. Susanne shared with me (and my appreciation to her for putting it in writing):

Richard, while we certainly understand that a robust compliance program must have the tools to raise awareness and insure that employees understand rules, policies, and procedures as to prevent violations, that’s not enough. We know that rules don’t necessarily drive behavior. So we need to be very clear with our international teams that compliance does not conflict with the business objectives, and that in fact, the two are complementary parts of business strategy.”

When compliance is a part of that business discussion, then the reality which Ms. Marston and Mr. Killingsworth describes is much more likely to occur. While Ben DiPietro’s reporting (here) of a survey released by Convercent and the Ethisphere Institute  (here) shows “that while the compliance function is gaining in prominence within many organizations, it’s still ‘falling short of having input on company strategy,’” might be somewhat disheartening, that it’s now in the mainstream of the discourse is entirely encouraging.

Compliance and tone at the top are more than stated values, it’s about operational and unspoken values.  It’s about a seat at the table of business strategy.

Compliance is more than stated values and top at the top. It's about operational valuesClick To Tweet

This post first appeared on Richard Bistrong: A Frontline Perspective on FCPA, Anti-Bribery and Compliance

Print Friendly


  1. Steven Butera says

    Thanks for an interesting read; well said. Another question might be “What does good look like, right now?” We keep redefining what is good, and we should. We continually learn new things, rules change, and data informs us what we thought was good, isn’t. So, what is “good” is often shifting; it’s a moving target. This makes the job of enforcing compliance more complex, because we are often retraining line staff as well as leadership. It makes some weary, since we don’t ever get to settle into a groove…but that’s probably a good thing, because it’s compliance not complacence.

Leave a Reply