When you first read “the Holder Report” about mistakes in Uber’s corporate culture—which is something every ethics and compliance officer should do—you may feel a bit overwhelmed.
Does a single, paramount lesson for ethics and compliance officers even exist here?
Compiled by former attorney general Eric Holder to diagnose the state of Uber’s culture amid a string of scandals, foremost the report is simply long: 4,695 words, filling 13 densely typed pages. It catalogs 10 major areas of concern, ranging from pay practices to board governance to internal controls to diversity, and more. It recommends 46 steps Uber should take to improve itself before things get any worse.
Good lord, I thought as I read the report, how am I supposed to write about this? Uber’s problems span the waterfront. Each recommendation deserves its own in-depth treatment. Does a single, paramount lesson for ethics and compliance officers even exist here?
One does. It transcends the specific problems Uber has, as well as the solutions the report recommends for each of those problems. But it’s there.
Uber’s challenges today all stem from an improvisational, ad hoc approach to management that depended on a few key, larger-than-life employees—above all, founder and CEO Travis Kalanick. By the same token, the solution for Uber’s woes is a push away from that style operation, to something more disciplined and less dependent on an overwhelming leader whose edicts crowd out all other ideas on culture and governance.
In other words, this is about policy management.
The Logic Behind Policy Management
Once that thought occurred to me, the recommendations in the Holder Report snapped into alignment. Of course Uber should clarify requirements for promotion; of course it should change its pay review processes to reduce the chance of bias. Of course it should establish protocols to escalate complaints; of course it should have mandatory training for new managers.
All those remedies (and many more) are policies to achieve Uber’s desired objectives. They address specific shortcomings, but across all of them, the Holder Report is really calling for a more structured, disciplined effort to achieve the company’s objectives.
That’s policy management: the implementation of a system to be sure the company’s policies help it to achieve its objectives.
More specifically, good policy management weans a company’s culture and practices away from those swashbuckling executives whose tone at the top can be so loud it drowns out all others. Kalanick is the current example, but Corporate America has seen others in the past. One was Albert “Chainsaw Al” Dunlap, a famed turnaround executive in the 1990s, whom Time later dubbed one of the worst bosses of all time. So was Steve Jobs, who steered Apple to fabulous heights in the 2000s—but was so volatile while leading the company in the 1980s, the board fired him.
Effective policy management is, in a way, about depersonalizing a company’s culture. Not in the sense of making your culture sterile and boring, but rather to build the company around a set of core values that aren’t dependent on, or dictated by, any single person. Nobody can exert so much influence that he or she can inject bad values into the system; the policies adopted lead to practices so strong, they can withstand those pressures.
That might strike some as an esoteric point, but on a practical level it’s an important one for corporate compliance officers to make—because when you do try to impose more order on policy management, inevitably some corners of the enterprise will ask, “Why are we doing this? What are we supposed to achieve for all this effort, anyway?”
It’s About Discipline and Structure
That is the point: to create a well-disciplined organizational structure, rooted in clear and universally supported core values, so nobody can easily lead the organization astray. It addresses the risks a company has in a programmatic fashion. It reduces the chance that some parts of the company might address problems “on the fly,” without considering how their actions might work against core values, compliance objectives, or even simple litigation risk.
That’s what policy management is; that’s what effective policy management does. It’s as much about instilling good governance as it is implementing strong compliance. Done right, it can inoculate a company against a host of unwanted outcomes.
And as the Uber report shows, if you ignore the bonds between core values and strong policy management—well, a host of unwanted outcomes is exactly what you can get.