According to a new, and well researched report from ECI, there are five core purposes behind any really effective compliance program, regardless of the industry sector. These purposes are “beyond compliance”, that is they are not confined to a mere “tick box” approach.
- Ensure the organisation sustains its integrity and reputation as a responsible business
- Reduce the risk of wrong doing by those employed by or aligned with the organization
- Increase the likelihood that when wrong doing occurs it will be made known to the management of the organisation
- Increase the likelihood the organization will responsibly handle suspected and substantiated wrong doing
- Mitigate penalties imposed by regulatory and governmental authorities for violations that might occur
These arise from the report’s comprehensive review at what’s needed. It’s based on existing practices, expert opinions and even feedback from members of the public.
No more tick boxes
So many compliance programs simply achieve the minimum standards, creating in effect a tick box mentality. From the leaders’ point of view, it’s enough for the system to just go through the motions, so long as it merely helps the company avoid falling foul of various regulations.
Such a minimalist approach though leaves an organisation exposed to all kinds of risks. For instance it does almost nothing to generate a culture in which compliance is taken really seriously at all levels. What ‘s needed is a change of gear in many companies.
When the compliance program meets the above five criteria it can offer considerable benefits to leaders of organisations. For example, as the report explains, misconduct may be reduced by as much as 66 percent in organizations with effective programs. Similarly, reporting of wrongdoing to management increases by 88 percent when the compliance programme is truly effective and not just meeting minimum standards.
The challenge for most organizations is therefore to find the right balance between two separate aims.
First, the compliance system must inspire people to speak up about challenges to the organisation’s culture and reputation.
Secondly, it should help support a culture with a high degree of commitment to compliance which includes prevention, detection and response to misconduct.
Relatively few organisations seem willing to reach “beyond compliance” with their in-house compliance programs. Yet there are exemplars, companies which have show what excellence means and how to meet the above five purposes of their programs.
Drivers of beyond compliance
But why should a company “go beyond compliance.” One important reason is increasing complexity is posing formidable problems that the minimum standards approach does not attempt to tackle. Companies need to look beyond the minimum standards and explore what this means in practice.
For example, forces at work creating the drive to go beyond the basics include an increasingly intense regulatory environment; increasing global standards; rapidly expanding public scrutiny and reputation risk; and the fast rising costs of misconduct.
In such an environment companies need to get to grips with the principles and key practices common to high quality ethics and compliance programs. This also means identifying practical ideas for action they can adopt.
An ideal beyond compliance program
How would you recognise an excellent compliance programme if it existed? Again the report suggests detailed pointers to re-define the compliance effort. Any excellent program should
- Promote all relevant legal and regulatory expectations.
This means integrating ethics and compliance thinking and practice into the daily operations of the organization; this includes making ethics and compliance central to the organisation’s business strategy.
- Go beyond a mere “check the box” approach.
Instead risks are actively identified, owned, managed and mitigated;
It should prioritize creating a culture where concerns can be raised and where retaliation is both prohibited and prevented
- Require prompt action in response to misconduct
Underpinning this is a commitment by the company’s leaders to build and sustain a culture of integrity and accountability when wrong doing occurs.
- Continuous improvement
The compliance programme has a strategy to continually document, measure, evaluate and improve the system
Converting these clear principles into practical actions on the ground can be challenging for even the best companies.
The report therefore offers extensive worked examples of how these aims can be brought to life along with more detailed aims supported by leading practices. For example, to support the basic first principle that ethics and compliance should be seen as central to a company’s business strategy here is one of the several supporting objectives worked through with leading practices:
Conclusion about beyond compliance
It’s not always entirely clear in this report the difference between its early stated five core principles and the later re-presented principles of high quality programs along with worked examples. This it to quibble though, since the two are mainly compatible with some slight differences.
This report provides a welcome and intelligible description of what it means to go “beyond compliance.” And why it’s desirable to do so.
You may also find these posts of relevance: