Creating Compliance Culture Organically

Tips and best practices for driving employee engagement at your organization

By Samyra Hicks

In every ethics and compliance program there are certain key terms people throw around: “risk assessment,” “policy management,” “preventative and reactive,” “internal controls,” “training,” and, my favorite, “corporate culture.” Now, the first several may be understood by the average layperson, but the last one—corporate culture—what does that even mean?

For many companies, the culture can be largely people-focused, like at Google or Facebook. The culture could also be driven entirely by the bottom line (pro tip: Not a good idea. Remember Enron).

Here at Porsche Cars North America, Inc. (PCNA), our culture is driven by our strong brand heritage: innovation, performance, and authenticity. Our vehicles are among the most extraordinary sports cars in the world, and being part of the Porsche organization is an extraordinary opportunity. Compliance is an integral part of the Porsche culture worldwide, which means complying with the law, acting ethically, and protecting our most important asset: our brand reputation.

So what happens when you have (what you think is) the corporate culture that’s right for your company, then a compliance program gets dropped right on top of it? Nothing. Nothing happens when you attempt to overlay an ethics and compliance program onto an existing organization. Compliance must be integrated to be effective. The good news for start-ups is: you have a clean slate. For the rest of us, we have a bit of a challenge.

The Federal Sentencing Guidelines for Organizations[i] gives credit for an effective compliance program (read: one that walks the walk, not just talks the talk) [§8B2.1]. At a minimum, a program must include each of the seven elements outlined in the Guidelines, but after all of the measures are implemented, how do we get our employees to make compliance a part of their everyday jobs?

The Guidelines give the carrot-and-stick approach—formally: “incentives” and “disciplinary measures” [§8B2.1(b)(6)]. These are required elements and can be effective in changing behavior, but not necessarily culture. Sure, you can “motivate” an employee to follow the rules if there is a bonus at the end of the rainbow, or a sufficiently severe punishment at the end of that dark tunnel, but really, like a spouse, you want employees to live compliant because they love y…errr…the company. We want employees to live compliance because “it’s the right thing to do.” So how do you make that a reality?

Start at the top

Certainly, compliance culture is a function of “tone at the top.” If employees don’t see management making compliance a priority, they won’t either. Here at PCNA, I have the full support of our CEO/Local Compliance Officer, the Vice President and General Counsel, and the rest of the executive team. That means compliance is a part of the annual all-employee meeting, regional meetings, and a topic at Executive Committee meetings.

Understand the business and every department’s role

It goes without saying that as the person responsible for compliance, you must know your company’s business inside and out. From operations to the competitive landscape, you have to know what you are up against.

You also need to know the people in your company and what they do. By taking the time to understand each manager’s role, you show respect for them, their jobs, and their priorities. This valuable intel also helps you to make your compliance messaging relevant to them.

Articulate the value proposition: show them the money

This means doing the research about compliance in your industry. It’s like selling a house and finding comparables. There is a relevant cautionary tale for every situation. Find it and use it. Business people need to understand that compliance violations are not some abstract hypothetical that will “never happen in real life.” Show them how compliance protects their profits (and jobs). With a mean fine of $65 million for antitrust violations in 2014, the sales and marketing departments may pay a little bit more attention in training[ii].

Be accessible

Be available, visible, and approachable. People need to see you—being part of the organization, adding value, preaching the compliance gospel. Don’t hide in your office drafting policy for weeks at a time and only rearing your head to fire off an edict announcement by email. Get out there. Get engaged.

Communicate regularly

Write a blog post a couple of times a month discussing a hot topic in compliance. Give a quarterly prize for the best answer to a compliance hypothetical question. Send reminder emails about company policies. This helps compliance stay visible and relevant. Every employee may not be in the same office so email is an easy way to stay in touch with them.

At the same time, don’t underestimate the power of a telephone call. Follow up with remote employees by phone from time to time. Ask if they have any questions or any concerns they haven’t been able to discuss. You’d be surprised at what these impromptu conversations can reveal.

My experience

When I joined Porsche in 2013, I was tasked with bringing a new level of formality to the compliance program. I decided I wanted to make friends rather than enemies. So that’s what I did. Starting over the fall and continuing into the next year, I trained every session myself, in person. I met the business people and developed relationships.

And what happened after all of this in-person training and compliance-gospel-spreading? People started stopping me in the hallways to ask questions. I began receiving invitations to planning meetings, help desk inquiries increased, and people were telling their colleagues, “Let’s check with compliance first…” And that’s how I knew the messages were being received.

Taking it to the next level

An often overlooked component of compliance culture is assessment: “Inspect what you expect.” While you may believe your company has a healthy compliance culture, employees may not feel that way. How do you know? Ask them!

Create a quick survey; five questions is more than enough. Find out how they feel about your compliance program and then use the data as a benchmark to improve your program. The first survey at PCNA goes out this summer. Here are some baseline questions to consider in your own survey:

  • I understand what compliance is and why it’s important.
  • I believe the company, including top management, is committed to compliance and ethics.
  • I know who to contact if I have questions about compliance and ethics.
  • I know how to report a compliance violation.

Cultivating a culture of compliance and ethics takes time, but it’s an investment that pays off. Culture isn’t something you can fake, and if you ever have to rely on your compliance program to soften the blow of the DOJ, you better have it.

[i] Federal Sentencing Guidelines Manual (2014).

[ii] U.S. Sentencing Commission, 2014 Organizational Datafile, CORPFY14

Author Biography:

As Assistant General Counsel, Compliance Matters, Samyra Hicks oversees Porsche’s compliance program in North America. Supporting the CEO/Compliance Officer and VP/General Counsel, she has operational responsibility for the design and implementation of the local program, including policies, development, and delivery of training materials, program evaluation and reporting. Prior to joining Porsche in 2013, Samyra held various roles with Asbury Automotive Group, Alston & Bird LLP, and Toyota Motor Sales, USA.

Cover Revised Image

This article was featured in the Q3 2015 issue of Ethisphere Magazine. To subscribe and learn more about Ethisphere Magazine click here.

Subscribe to our bi-weekly newsletter Ethisphere Insights for the latest articles, episodes, and updates.

RELATED POSTS

Free Magazine Access!

Fill out the form below, and get access to our Magazine Library

Free Magazine Access!

Fill out the form below, and get access to our Magazine Library

%d