“Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”― Margaret Mead
Let’s start with a basic premise – change is a good thing (or the cynics insist, change may be a good thing). But most people do not like change. Most people find change threatening, so they would rather know the devil they have to deal with rather than a new or even more dangerous downside/devil.
Organizations are comprised of human actors and in the end are defined by human values. In other words, human make mistakes and so do companies. Where things get sticky is when we face challenges and companies, like human, need to change.
Organizations face the need to change in certain specific circumstances – when a company fails to perform and suffers negative results (including when a company is challenged by activist investors seeking to implement change), and when the government has investigated and uncovered wrongdoing. It is this latter situation that recently caught my attention.
Lawyers, CCOs and compliance professionals scour enforcement actions to determine the root cause, to review the negotiated terms of the settlement, and to understand the remediation and compliance improvements needed to prevent the problem from recurring. When the government intervenes, an organization loses control of its operations and has to secure the government’s approval of its settlement terms. As part of this, companies are pressed to implement serious changes to their compliance programs, allocation of resources to compliance, and elevation of the compliance function in the company.
The list of typical compliance program improvements is a basic recipe for an effective ethics and compliance program. In my view, this list of so-called remediation steps is a basic list that every company should implement without regard to whether the company is the subject of a government investigation. Corporate leaders should re-examine their own corporate compliance programs in light of this basic list of improvements.
To further this review, consider the following:
(1) a separate Compliance Board Committee of the Board of Directors;
(2) an independent CCO with adequate staff and technical resources, authority to exercise independent judgment as to business activities, and reporting relationship to CEO and Compliance Committee no less than five times per year;
(3) a commitment to regular and ongoing updates of risk assessments;
(4) design, implementation and update of compliance policy and procedures;
(5) maintenance of hotline reporting systems and a robust internal investigation function to detect and prevent potential misconduct; and
(6) testing, monitoring and auditing of compliance program and relevant business activities based on risk-ranking of activities.
This is not a list that should shock anyone – indeed, companies usually commit to these basic reforms when resolving a government enforcement action.
But why should these changes only be implemented in this context? Why can’t companies implement these changes for the right reasons – because compliance is important to the company and improves the overall performance of the company?
These are rhetorical questions but I am sorry to beg the question. In many cases, corporate leadership is behind the times. The bottom line is the corporate mantra and small thinking usually leads to poor decision-making when it comes to compliance. It is time for this mindset to change. Companies and leaders have to embrace compliance as a good unto itself, as a way to improve employee morale and ultimately company performance.
