This week, NAVEX Global released its 2020 Definitive Risk & Compliance Benchmark Report, based on the survey responses of over 1,400 risk and compliance professionals. The industry Benchmark Report provides an in-depth look at the state of the current risk and compliance (R&C) landscape as well as expert analysis from industry thought leaders. The result is a benchmark that all R&C practitioners can use to help them assess their program maturity, improve performance and increase support from senior leadership.
It’s that last element, leadership support, which research shows is increasingly critical for R&C program success. Respondents from highly performing programs were almost 3 times as likely as their peers to be viewed as strategic investments by their senior leadership. Over 75% of Advanced programs (i.e. programs equipped with a broad array of compliance tools, technology and overall satisfaction) said that senior leaders viewed them this way.
Highly performing programs were almost 3 times as likely to be viewed as strategic investments.
In contrast, nearly 40% of Reactive programs (lacking budget, autonomy or authority to proactively deal with compliance issues) reported that their leadership saw them as a “necessary evil” and a cost center for the organization.
Of course, research indicates the opposite to be true: Robust compliance programs have proven to be a return on investment for firms that adequately fund and empower their compliance function. As a series of new studies from George Washington University have demonstrated, healthy R&C programs result fewer material lawsuits, lowered litigation costs and regulatory fines, and reduced reputational harm.
In order for a compliance program to achieve this potential, however it has to have the support of its leadership. This isn’t just the opinion of R&C professionals or academics; it’s the position of regulators. In the 2020 update to its Evaluation of Corporate Compliance Programs, the U.S. Department of Justice states, “The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” It goes on to affirm that, in the event of a compliance failure, organizations will be judged not only by their compliance program design but by the demonstrable level of support and commitment they received from their senior leadership.
Getting your senior leadership to recognize the value of their support is essential, but it can be difficult to know where to start.
We recommend beginning with the following three steps: Prioritize leadership buy-in, train your leadership and empower your compliance program.
Prioritize leadership buy-in
Surprisingly, only 39% of R&C practitioners report that they intend to prioritize securing leadership support in the next 12 months. To some degree, this makes sense. As R&C programs face a growing number of competing priorities and mandates, it is inevitable that more nebulous goals like this take a back seat to comparatively more defined activities like undertaking an organizational risk assessment or updating your code of conduct. However, the Benchmark Report results show that R&C officers who expressly assign time and resources building support are rewarded for their efforts.
R&C officers who spend time and resources on building support are rewarded for their efforts.
Programs that make it a goal to “increase commitment from board and senior leadership” are 20% more likely to report “good” to “excellent” program performance. And successful programs know that there’s no such thing as “too much” leadership support; R&C practitioners who say they already have leadership support are also 20% more likely to prioritize this activity.
This indicates that cultivating leadership support is an evergreen endeavor – something to be continually pursued and consistently beneficial.
Train your leadership
One of the most effective ways to cultivate leadership support is by helping them realize – and promote – the value of a culture of compliance. From the DOJ guidance:
“Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.”
Central to building such a culture is training. Courses on ethical leadership can help supervisors learn how to manage with integrity, driving home critical topics and best practices. It can teach communication techniques and how to implement a successful open-door policy, handle reports and investigations, and avoid retaliation. Ethics and compliance training can also help leadership better understand the critical role compliance plays in an organization’s success.
Given its importance, it’s not surprising that the Benchmark found “how often senior leadership receives training” to be a strong measure of a program’s effectiveness. According to the Benchmark, a majority (58%) of Advanced programs offer 3 or more hours of training to senior leaders and managers each year, as opposed to just a fifth (20%) of Reactive programs.
Training is an important and powerful way to demonstrate the value of compliance to your leadership.
Empower your compliance program
Most importantly, your compliance function must have the resources, authority and autonomy to effectively engage with leadership. This isn’t just the opinion of compliance experts; it’s the position of the U.S. Department of Justice. In the event of a compliance failure, prosecutors will seek to determine whether a program had the resources and power to function effectively.
Prosecutors will seek to determine whether a program had the resources and power to function effectively.
That power is defined in no small part by how the compliance function was positioned with respect to senior leadership. DOJ prosecutors reviewing compliance programs may ask:
- How is the compliance function structured?
- Where is it housed, and to whom does it report?
- What seniority and stature does it hold?
- What kind of autonomy do compliance officers have?
- Do they have lines of direct reporting to the audit committee and/or the board of directors?
- How often do they meet with directors, and are senior management present at those meetings?
These questions are so important to prosecutors because they are both measures and instruments of leadership support.
Finally, compliance officers need direct access to an organization’s board and senior management to cultivate the kind of relationships necessary to gain support. When looking at the structure of your compliance program, ask yourself the following questions:
- Does the organization have a high-level person and a person with day-to-day responsibility assigned to manage the compliance program?
- Does senior leadership understand and exercise their responsibilities to create and maintain a culture that supports compliance with the law and ethical conduct?
- Is there an Ethics Committee or Council that receives information from the high-level person or the person with day-to-day responsibility and also provides practical input into the program?
- Have ethics responsibilities been assigned to line management? Are they knowledgeable about the content and operation of the ethics program?
If the answer to any of these questions is “no,” then this is a good place to start building foundations for support.
Finally, there is another key method for compliance programs to secure leadership support – through Board reporting and engagement. In our second blog in the Performance Drivers series, we will look at why and how your program can build reports that increase investment from your Board of Directors.