So what kinds of planning and alignment help corporate ethics programs the most, before expansion phases spin out of control?
If the business where you work is smart and lucky, eventually it will hit an expansion phase. This is good news for the company, and, in theory, good news for ethics and compliance officers.
Expansion phases, however, might not feel like good news in practice. When companies jump into “the big world” for the first time – foreign markets, new product lines, new divisions gained through acquisition – those can be some of the most frustrating periods of a compliance officer’s career. Without proper planning to manage policy and to align compliance objectives to corporate strategy, you’re sunk.
So what kinds of planning and alignment help corporate ethics programs the most, before expansion phases spin out of control? Here are four.
Secure the Independence & Authority to Manage Risk
You will need a lot of it. New operations bring new employees, new regulations, new risks— and, yes, new misconduct. A global chief compliance officer needs to command the respect of new employees to keep the compliance program effective.
For example, a division head in a newly opened Far East operation may pay lip service to corporate compliance goals, while running operations locally as he or she believes appropriate. Or a newly acquired business unit may have a local general counsel who has guarded that unit’s regulatory compliance program until now.
If the compliance officer cannot be part of that conversation about strategic goals, the compliance program you have (or that you build) may not be fit for purpose.
More broadly, chief compliance officers also need more authority because expansion phases entail larger planning. If the compliance officer cannot be part of that conversation about strategic goals, the compliance program you have (or that you build) may not be fit for purpose. A rapidly growing company is shouldering many more risks. If that happens without thought for compliance – without the compliance officer being part of that conversation – then the compliance program isn’t based on risk. Which is the cardinal sin of ineffective programs.
Appreciate the Difference Between Policy & Procedure
The difference between policy and procedure may seem wonky. Actually, it’s crucial.
Let’s return to our hypothetical Far East division chief. He or she may support corporate policy goals the company wants to achieve, but local regulations prevent him or her from following the procedure that the central compliance program has put forth.
That isn’t a reason for tension between the global compliance chief and local business units. It’s a reason for conversation to find other solutions. Procedures can, sometimes, vary depending on the needs of a specific operating unit. Policy goals cannot. That might lead the compliance officer to allow more freedom to develop procedures: a policy about procedures. (Now that is wonky.)
One should also remember that local procedures might satisfy local regulatory needs, but create other problems for a company’s internal controls. For example, holding cash for a longer period until a transaction clears might meet a local unit’s banking needs, but trigger problems managing the company’s liquidity. A company controller or internal auditor might need to review plans for new procedures to see how they drive financial compliance; a lawyer might need to eyeball one-off procedures for data privacy or workplace employment practices.
Sound a Clear Tone at the Top to Cut through the Noise
Once cynicism takes hold of the workforce, people are less interested in reporting misconduct, less interested in behaving ethically, less interested in learning lessons of compliance training.
As we can see from the first two points above, business expansion can make company operations enormously complicated. Expansions are also when at least some employees – especially those who were present at the beginning – say that “things aren’t the same anymore” and that the company has surrendered its vibrant culture to dry policy and procedure.
The roots of cynicism lie here. Once cynicism takes hold of the workforce, people are less interested in reporting misconduct, less interested in behaving ethically, less interested in learning lessons of compliance training. Nothing good comes after that.
The antidote to that is a strong, simple, clear message about the company’s ethical values and priorities. It must come from the CEO and other senior leaders in the business, especially leaders of the new business driving expansion. The compliance officer must work to convey the importance of that objective constantly. (Which also means, by extension, that you need to be part of the strategic councils mentioned earlier.)
Never Lose Sight of Fundamental Risk
In various ways, all three points above get to another, larger point about expansion: attention to regulatory risks can distract a compliance officer from bigger, fundamental risks to an effective compliance program. Risks of participation, belief, cooperation: they are the death knell of a corporate compliance program, that turn the business into a calcified quagmire or a litigation free-fire zone.
Tame them, and your company can emerge from an expansion phase more nimble, competitive, and respected than ever before.
Determine if your program is ready for growth with an effective compliance program assessment using industry evidence and insights to evaluate your efforts.