During the research for our new book about compliance and ethics, we saw how organizations across the world continue to be damaged and brought down by systemic non-compliance or the misdeeds of a few.
This is despite the increasing ethical demands stakeholders are making of business, the exposing power of social media, the proliferating requirements of compliance laws and regulations, and the burgeoning numbers of policies, procedures and compliance officers which have been put in place in response.
So what’s going on? Why isn’t compliance working? Here are ten reasons why it can fail:
1. When there is lack of leadership
Too often there is no actual or visible leadership and management commitment to the compliance program and to the organizational culture of compliance and ethics. Senior management talk the talk without credibility or authenticity.
2. When management are not held accountable for compliance — they see it as “the compliance function’s responsibility”
Unless managers at every level are seen to take ownership of, and be held accountable for the program, they give implicit permission for others to ignore or undervalue it.
3. When “we only need to do the legal minimum”
When an organization commits to doing only the minimum it thinks necessary, the compliance program will almost inevitably fail. The focus is on “defensible compliance:” protecting the organization when — not if — the rules get broken.
4. When it over-relies on ‘obedience’ or “rules for everything”
A rules- and obedience-based program fails to understand human psychology. Far too little time and effort is spent working out and adapting to what really motivates people to comply. The result is often a “them” and “us” mentality in the organization and a failure to engage and seek the complicit assent of its people. And the organization will inevitably fail to anticipate situations for which it needs a rule. There are far more ways around rules than there are rules, and people simply don’t have the bandwidth for so many rules.
5. When the program isn’t “ethics- and values-driven”
Compliance can and should play a key and active role in how any organization tells its story, expresses its purpose and reflects its values. An ethics- and values-based program can win hearts and minds and stands a far greater chance of success.
6. When compliance is seen as out of touch and uncool, dead hand, sales prevention
When compliance does not emerge from the book and the arcane jargon in which it has been encoded, its relevance to employees’ lives and the business mission is invisible. This can produce real and problematic discontent.
7. When there is deliberate scepticism
There is almost always a minority that will undervalue or undermine the importance of compliance to the business. When this scepticism is unchecked, or extends up into the senior leadership, this can be one of the biggest challenges for a compliance program — especially if the compliance officer has been hired to tick the box and given no budget or authority to implement or update the program.
8. When the compliance function acts as an auditor or “the police” rather than as a business partner
In such circumstances, issues can be driven underground, and compliance is not sufficiently trusted to help spot and navigate problems areas.
9. When there is wilful dishonesty, often for self-enrichment, by a small minority
Dishonesty among a few will always be a threat, but an effective ethics-based program actively lived, owned and defended by the majority should drive those few away.
10. When the organization’s incentives are not aligned with its compliance objectives
This is arguably one of the biggest reasons why compliance fails, and it can trump an organization’s best efforts to address many of the above factors. Some incentives encourage misconduct — usually implicitly and unintentionally, sometimes explicitly or intentionally. On the other hand, incentives based around, or that reinforce, values and ethics help to create the living culture that makes compliance effective.
Our book, The Business Guide to Effective Compliance and Ethics – Why compliance isn’t working, and how to fix it is available from booksellers or on Amazon in the U.S. site here and the UK site here.
Andrew Hayward is a lawyer with more than a dozen years’ experience of compliance roles in three sectors. Having previously worked for AstraZeneca and Balfour Beatty, he is now Head of Compliance and Ethics at Subsea 7, an engineering, construction and services contractor to the offshore energy industry. He also worked with the British Standards Institute on the development of the first anti-bribery standard (BS10500) and was part of the UK delegation on the development of the International Anti-Bribery Standard (BS ISO 37001:2016).
Tony Osborn is an award-winning writer, creative consultant and content developer. He has worked with leading corporations around the world to help them find and tell their stories and connect with stakeholders, and has also worked extensively in broadcast media and for major public events. He helped to shape and write Serco’s online and printed Code of Conduct and, with Andrew Hayward, the award-winning Balfour Beatty Code of Conduct.