HR — yes, HR — is the key to understanding your compliance culture

After more than two decades of forensics practice, I know that during any anti-corruption compliance assessment, I’ll want to spend time not only with personnel from the accounting and compliance groups, but also with human resources. In fact, sometimes HR receives the most attention. Here’s why.

The HR team has so much impact on anti-corruption compliance because they interact with personnel from the time they are candidates all the way through to exit. Thus, HR oversees or participates in recruitment, onboarding/induction, periodic training, performance evaluation, maintenance of personal data (perhaps even including disclosures of conflicts of interest), policy rollouts, investigation of allegations of wrongdoing, incentives and disciplinary measures, and even the underappreciated exit interview. And possibly most importantly, the folks from HR are at the front lines of culture.

Examining and assessing how HR performs its multiple functions is therefore critically important to understanding and mitigating corruption risk.

Recruiting might be linked to corruption when jobs are offered  — as a “thing of value” to officials in exchange for business advantage (consider the “princeling” cases).

Onboarding is usually the first time the entity has the chance to really impress upon the new hire the level of importance it places on compliance – whether that’s through initial training or other communication of policies, or the request to acknowledge a commitment to comply. The HR department is also often the owner of the LMS or Learning Management System – where the company continues to communicate the importance of compliance not only through content but by frequency of delivery and follow-up to ensure high completion rates.

Most of us dread the annual or semi-annual performance evaluation process – it’s like spinach and kids. We know it’s good for us, but it’s never our first choice of things to do. But the annual review also plays a role in compliance – and though much has been written about incentives and compliance, the measurement of compliance outcomes and its inclusion in performance evaluations is a good indicator of the maturity and robustness of a compliance program.

One of the most sacred duties of HR is the confidential maintenance of personnel files. This is also one of the top entries in any investigative document request – and why? Because this is where some of the most compliance-critical information can reside. For example, names of family members, home addresses, bank account numbers, and possibly disclosures of relationships with business partners, not to mention performance evaluations and compensation information. All these data can be important for compliance monitoring or investigative purposes – to compare to vendor data or for lifestyle analysis. We must, of course, treat all this information with the same level of sensitivity and confidentiality as expected, and we must also be aware of the data privacy rules governing their use before we ask for those files.

Anyone in the compliance field knows of the challenges presented by the absence of a policy management system – multiple versions floating around in different places in various formats that don’t accurately reference related policies – it can be a nightmare. And HR usually has a hand in rolling out those policies to company personnel. When that’s done well, it can be a powerful defense for the compliance program overall.

HR is often involved in the investigation of allegations of wrongdoing. Most compliance folks will acknowledge that the majority of ethics helpline calls relate not to financial statement fraud or obvious violations of law, but rather to the workplace environment and relationships among personnel. Organizational dynamics are incredibly important to compliance, and the results of investigations into these matters can bring to light risks that presage bigger, or at least corollary, problems like management override of controls or collusion. The company’s considered choice of disciplinary measures after these or other investigations also communicate the level of tolerance the company really has for violations of policy or law. The HR department often gets the task of communicating those disciplinary measures.

Finally, the exit interview. In my experience, this is often treated as just another box to be ticked on the pre-departure checklist, right after the handover of the laptop and security badge. But it is also important to compliance because it is easier for the departing employee to be completely candid about perceived compliance weaknesses because they can be less concerned about what the boss or their colleagues will think – after all, they no longer need to fear losing their jobs!

HR’s performance of all the above tasks summed together demonstrates the company’s values more concretely than any single CEO preface to a training video. And this is how the culture of compliance comes to life.