I’m reluctant to tackle this topic for a couple of reasons. First, it’s going to be unpopular. We’re all the same. When we make a mistake, our first impulse isn’t to admit the mistake but to hide it. It’s no different in organizations, where the unwritten rule is: Keep bad news in-house whenever possible. And of course, there are practical and valid reasons why corporate silence makes sense, and I’ll get to those in a minute.
The second reason I’m reluctant to talk about voluntarily disclosing compliance problems is that I want to make a strong case, and I’m not sure how I’ll do. I worked as a lawyer, so part of me always moves in the direction of avoiding risk. And let’s be honest; whenever companies disclose a problem, there’s some risk involved.
So, why argue for more voluntary disclosure? Because I believe there are benefits when there’s more disclosure, not less, and I’m fairly certain no one is talking about those benefits. So, my goal today isn’t to convince every company to disclose all compliance problems when they don’t have to. My goal is simply to encourage companies to consider why more disclosure, not less, might be good for the company and its compliance program.
Before starting, I want to be clear. Sometimes disclosure about compliance problems is involuntary. It’s what the law requires, so case closed. But other times — most times, in fact — the law either doesn’t require disclosure, or it’s not clear what’s required. In those cases, I believe organizations should resist the instinct for secrecy and at least consider the benefits of disclosure.
Let’s start with this. Openness about compliance problems signals accountability. The company is saying, “Our compliance program is good but not perfect. We had a problem. We’re handling it, and here’s how.”
The next step is talking openly about remediation, probably in an anonymized way. What were the consequences for those responsible for the compliance breach? Have they been disciplined? If not, why not? The remedial response is the true test of management’s commitment to doing things right. When companies voluntarily disclose their compliance problem and remedial response, they’re welcoming meaningful accountability.
Being open about compliance problems helps improve compliance programs. The best response to a problem is an all-hands discussion about what went wrong and why. The more open management is, the more feedback there’ll be about what caused the problem and how to keep it from happening again.
There’s a lesson from how countries handle corruption scandals. Most regimes try to conceal stories about graft, while a few governments push for openness. In Malaysia, the government usually tries to suppress news about corruption. In neighboring Singapore, corruption scandals (there have been about a half dozen big ones) are covered in depth by the media and sometimes post-mortemed in open sessions of Parliament.
At least one researcher believes that’s a key difference between Malaysia and Singapore, and it partly explains why Malaysia suffered one of the worst corruption scandals in history — the $6.5 billion looting of the 1MDB sovereign wealth fund.
What’s the application to companies? Openness about compliance problems is one way to educate employees. They see real-life examples of what’s expected of them and what will happen if they fall short. Openness thus becomes an effective teaching tool and a powerful deterrent.
Another benefit of more disclosure, not less, is setting the right tone. Corruption can happen in any company, even in those with great compliance programs. Being open about problems recognizes that reality, not as an excuse but as a reason to be vigilant and try harder. It’s a chance to learn from mistakes and make corrections.
Also, tone eventually translates into practice. If employees believe their leaders conceal bad news, concealment will become a company-wide trait. That’s never a good thing. More laws are broken and more careers destroyed because of illegal or unethical cover-ups than any other reason. It’s dangerous to work in companies where concealment is a business strategy.
Another reason for more disclosure, not less, is because there are no secrets anymore. Digitized information can’t be locked up. Whatever happens in a company is likely to leak sooner or later. Smart executives understand that trying to conceal compliance problems will probably backfire. When the story leaks, the company and its leaders will look worse for trying to conceal it.
As I said at the top, however, there are practical and valid reasons why corporate silence makes sense, so let’s talk about them.
When companies disclose anything resembling bad news, they ignite the Twitter chorus, not to mention aggrieved shareholders, short-sellers, state attorneys general, maybe the SEC and DOJ, headline writers, attention-seeking bloggers, and so on. Hungry hordes are always looking for a reason to pounce on public companies. What sane corporate leader voluntarily hands them a reason?
But consider this: Is the discovery of a compliance problem always bad news? If the problem is known, that usually means some part of the compliance program worked. Maybe internal audit unearthed clues, or a whistleblower used the hotline, or an alert employee told their superior about a red flag they spotted. When a compliance program ultimately works to detect a problem, that’s not bad news. It’s good news.
Finally, being more open about compliance problems and their aftermath puts compliance on center stage, where it belongs. I know; as I said at the start, convincing anyone to be open about compliance problems won’t be easy, and even suggesting it could be a dangerous career move.
But before automatically deciding not to disclose a compliance problem, I hope companies will at least consider the benefits of more disclosure, not less, and how those benefits can elevate the company and its compliance program.