Culture is the Support System for Ethical Decision-Making

In my research of ethical programs in business I find that many organizations do not have a compliance program that adequately supports ethical decision-making. An effective corporate compliance program is an essential component of internal controls for uncovering and preventing ethical lapses and legal obligations. Indeed, an effective compliance function should be the cornerstone of any organization’s effort to create an ethical culture.

Purpose of Compliance Programs

The purpose of a corporate compliance program is to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. Studies suggests an effective corporate compliance program will embrace the following essential elements:

• Risk identification and assessment
• Standards, procedures, policies and controls – i.e., ethics code
• Leadership commitment – i.e., leading by example
• Communication, guidance, education and training
• Monitoring, auditing and review of systems
• Discipline and reporting
• Rewarding ethical behavior

Corporate culture is the key to promoting ethical decision-making in organizations. Culture needs top-down support and bottom-up buy-in. Senior managers need to be confident that in addition to following the letter of the law, the people they manage “get” the larger aim of a compliance and ethics initiative. That makes them more responsive to the necessary coaching and training.

Compliance and Ethical-Decision Making

Asking people to behave ethically goes hand in hand with reassuring them they’ll receive support when they do. That means not only protecting whistleblowers, but it also means holding people harmless for making ethical decisions. A thought piece by Deloitte suggests the following hypothetical example: A sales representative who may be just below quota when a vendor offers a kickback to secure a contract. If the representative reports the bribe instead of taking it, will the company penalize him or her for missing numbers that quarter?

A PricewaterhouseCoopers study of the compliance function found that the majority of respondents (69%) said their companies have a Chief Compliance Officer (CCO), almost a third said they do not. Larger companies are more likely to have CCOs, as are companies in heavily regulated industries, which are also almost twice as likely to have a dedicated compliance function.

Outsourcing the Compliance Function

Financial advisory firms oftentimes are slow to institute an effective compliance program. Perhaps that helps to explain how the abusive mortgage-backed securities practices went unchecked for so long and ushered in the great recession. Recently, the Securities and Exchange Commission warned financial advisers not to "set it and forget it" when outsourcing compliance functions. In about 20 examinations of advisers who use third-party compliance firms, the SEC found that outside compliance officers sometimes were left in the dark about a firm's business practices, did not have access to its documents and did not communicate regularly with its principals.

“A [chief compliance officer], either as a direct employee of a registrant or as a contractor or consultant, must be empowered with sufficient knowledge and authority to be effective,” an SEC risk alert states. “Each registrant is ultimately responsible for adopting and implementing an effective compliance program and is accountable for its own deficiencies.”

The SEC cautioned that firms that outsourced their CCO function to a third party sometimes didn't have an understanding of their own potential compliance shortcomings. The agency also said certain outsourced CCOs “could not articulate the business or compliance risks of the registrant or, to the extent the risks were identified, whether the registrant had adopted written policies and procedures to mitigate or address the risks.”

Ethics, Compliance and Culture

For a long time, ethics and culture was viewed as a soft skill and not worthy of training and monitoring of behavior. Organizations tend to be better at educating and training their staff on technical skills and less so with ethics and compliance. However, culture is the single biggest determinant of behavior in any organization, and that reputation risk is at least as serious as strategic, operational or financial risk.

Blog posted by Dr. Steven Mintz, aka Ethics Sage, on May 5, 2016. Professor Mintz is on the faculty of the Orfalea College of Business at Cal Poly San Luis Obispo. He also blogs at: www.ethicssage.com.