[i] gives credit for an effective
compliance program (read: one that walks the walk, not just talks the talk) [§8B2.1]. At a minimum, a program must include each of the seven elements outlined in the Guidelines, but after all of the measures are implemented, how do we get our employees to make compliance a part of their everyday jobs?
The Guidelines give the carrot-and-stick approach—formally: “incentives” and “disciplinary measures” [§8B2.1(b)(6)]. These are required elements and can be effective in changing behavior, but not necessarily culture. Sure, you can “motivate” an employee to follow the rules if there is a bonus at the end of the rainbow, or a sufficiently severe punishment at the end of that dark tunnel, but really, like a spouse, you want employees to live compliant because they love y…errr…the company. We want employees to live compliance because “it’s the right thing to do.” So how do you make that a reality?
Start at the top
Certainly, compliance culture is a function of “tone at the top.” If employees don’t see management making compliance a priority, they won’t either. Here at PCNA, I have the full support of our CEO/Local Compliance Officer, the Vice President and General Counsel, and the rest of the executive team. That means compliance is a part of the annual all-employee meeting, regional meetings, and a topic at Executive Committee meetings.
Understand the business and every department’s role
It goes without saying that as the person responsible for compliance, you must know your company’s business inside and out. From operations to the competitive landscape, you have to know what you are up against.
You also need to know the people in your company and what they do. By taking the time to understand each manager’s role, you show respect for them, their jobs, and their priorities. This valuable intel also helps you to make your compliance messaging relevant to them.
Articulate the value proposition: show them the money
This means doing the research about compliance in your industry. It’s like selling a house and finding comparables. There is a relevant cautionary tale for every situation. Find it and use it. Business people need to understand that compliance violations are not some abstract hypothetical that will “never happen in real life.” Show them how compliance protects their profits (and jobs). With a mean fine of $65 million for antitrust violations in 2014, the sales and marketing departments may pay a little bit more attention in training[ii].
Be available, visible, and approachable. People need to see you—being part of the organization, adding value, preaching the compliance gospel. Don’t hide in your office drafting policy for weeks at a time and only rearing your head to fire off an edict announcement by email. Get out there. Get engaged.
Write a blog post a couple of times a month discussing a hot topic in compliance. Give a quarterly prize for the best answer to a compliance hypothetical question. Send reminder emails about company policies. This helps compliance stay visible and relevant. Every employee may not be in the same office so email is an easy way to stay in touch with them.
At the same time, don’t underestimate the power of a telephone call. Follow up with remote employees by phone from time to time. Ask if they have any questions or any concerns they haven’t been able to discuss. You’d be surprised at what these impromptu conversations can reveal.
When I joined Porsche in 2013, I was tasked with bringing a new level of formality to the compliance program. I decided I wanted to make friends rather than enemies. So that’s what I did. Starting over the fall and continuing into the next year, I trained every session myself, in person. I met the business people and developed relationships.
And what happened after all of this in-person training and compliance-gospel-spreading? People started stopping me in the hallways to ask questions. I began receiving invitations to planning meetings, help desk inquiries increased, and people were telling their colleagues, “Let’s check with compliance first…” And that’s how I knew the messages were being received.
Taking it to the next level
An often overlooked component of compliance culture is assessment: “Inspect what you expect.” While you may believe your company has a healthy compliance culture, employees may not feel that way. How do you know? Ask them!
Create a quick survey; five questions is more than enough. Find out how they feel about your compliance program and then use the data as a benchmark to improve your program. The first survey at PCNA goes out this summer. Here are some baseline questions to consider in your own survey:
- I understand what compliance is and why it’s important.
- I believe the company, including top management, is committed to compliance and ethics.
- I know who to contact if I have questions about compliance and ethics.
- I know how to report a compliance violation.
Cultivating a culture of compliance and ethics takes time, but it’s an investment that pays off. Culture isn’t something you can fake, and if you ever have to rely on your compliance program to soften the blow of the DOJ, you better have it.
[i] Federal Sentencing Guidelines Manual (2014).
[ii] U.S. Sentencing Commission, 2014 Organizational Datafile, CORPFY14
As Assistant General Counsel, Compliance Matters, Samyra Hicks oversees Porsche’s compliance program in North America. Supporting the CEO/Compliance Officer and VP/General Counsel, she has operational responsibility for the design and implementation of the local program, including policies, development, and delivery of training materials, program evaluation and reporting. Prior to joining Porsche in 2013, Samyra held various roles with Asbury Automotive Group, Alston & Bird LLP, and Toyota Motor Sales, USA.
This article was featured in the Q3 2015 issue of Ethisphere Magazine. To subscribe and learn more about Ethisphere Magazine click here.