In a recent Harvard Business Review article, Professor Eugene Soltes shared how “allowing integrity gaps to grow is especially unwise in an era when employees are increasingly likely to bring allegations straight to the media or regulators if they feel ignored by their leadership.”
He added that “to prevent wrongdoing, you need to understand issues that might be developing below the surface.” Professor Soltes specifically focused on how data enables “leaders to proactively identify emerging gaps,” and that “the location of specific integrity gaps — by both function and geography — can be extremely valuable.”
But not every risk can be captured on a GRC dashboard, and during the long stretches between annual training sessions and certifications, integrity gaps can grow and fester. I think that’s why part of our persistent compliance challenge is how to keep everyone in a workforce aware that compliance leaders care about their success and safety between those sessions.
And yet I’ve been hearing more compliance leaders (sometimes stimulated by questions arising from GDPR) express concerns that using compliance-related data might intrude on certain privacy issues. So, running against the current of higher-frequency on and off-line tools to mitigate integrity gaps, especially for those who work far from HQ, are concerns that compliance initiatives and related data-points that go beyond annual ABAC certifications could be overly intrusive.
I’ve also heard those in the field ask why, if there’s not an issue at hand, do we need to increase the frequency of compliance-related contacts with commercial teams? The reason is simple and straightforward: no news doesn’t necessary mean good news. It’s evident from numerous FCPA enforcement actions, including my own, that bad behavior can hide behind good performance for months or even years (in my case, a decade).
But if we want to reduce the integrity gaps that Professor Soltes describes, how do we balance being more present in the lives of our commercial teams without crossing a line into areas of legitimate personal privacy and distracting from the already busy lives as well as responsibilities of commercial teams?
When I first became an International Sales VP, management required me to sign annual anti-bribery affidavits. But in between, no one really asked how I was getting things done. That feeling of, “I’m out on an island,” which I still hear today from commercial leaders, was always with me. Perhaps through higher-frequency check-ins, I would have transitioned from, “Why are they so intrusive,” to “This is an organization that cares about my safety, success and doing things the right way.”
I’m not blaming management for any of my own choices. I take full responsibility for what I did and went to prison for it. But I have to believe that calls from management and frequent required check-ins could have changed my outlook. It certainly would have been a nudge in the right direction.
Regulators are also focused on both the quality and quantity of interactions. The recently revised DOJ Evaluation of Corporate Compliance Programs asks: “How often and how does the company measure its culture of compliance?” And the regularity of compliance measurement(s) comes up in a few different sections in the DOJ document.
Today we have wonderful opportunities for staying close to those who need it most. Sure, if we ramp up our interactions between annual training sessions and certifications, there might be a few “sighs” out there in the field, and some eye-rolling. But after that, what remains are rich opportunities, through check-ins with those who face risk, to close the integrity gaps.
Richard Bistrong, pictured above, is a contributing editor of the FCPA Blog and the brand ambassador for Gabbi, the compliance check-in app. He’s the CEO of Front-Line Anti-Bribery LLC and was named by Thomson Reuters in 2018 as a Top 50 Social Influencer in Risk, Compliance and RegTech. The trailer to his award winning anti-bribery training video, co-produced with Mastercard, can be found here.