On the 14th February 1970 The Who recorded what I consider to be the best, or at the very least my favorite, live album of all-time. They recorded their concert at the University of Leeds and the resulting album was named The Who – Live at Leeds. The accolades were almost immediate; Nik Cohn, music critic for The New York Times (NYT), praised the album as “the definitive hard-rock holocaust” and “the best live rock album ever made”. Jonathan Eisen, from Circus Magazine, wrote “that not since that album [Tommy] has there been one “quite so incredibly heavy, so inspired with the kind of kinetic energy that the Who have managed to harness” here.”
The album has stood the test of time. Writing for the CD reissue in 1995, Tom Sinclair, of Entertainment Weekly, noted, “Few bands ever moved a mountain of sound around with this much dexterity and power.” If you really want to feel the clout of rock and roll, by a band at the height of powers, simply fire up side 2 for Magic Bus and My Generation.
Recording any concert and releasing it as a live album is always a risk because of the vagaries of live recording, outside the studio setting. However The Who planned to release the concert recording as a live album. This decision enabled the group to bring together the proper technology to create the great concert experience which was The Who.
Similarly, moving from the written standards of compliance into the realm of doing compliance can also be fraught with difficulties. I thought about this quandary when reading a recent article in the MIT Sloan Management Review, entitled “Getting Workplace Safety Right” by Mark Pagell, Anthony Veltri and David Johnson. The authors basic thesis is that companies get safety wrong because they equate doing business safely with a loss in productivity. This is often heard in the compliance realm as well, usually along the lines that doing business in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) costs companies not only doing business efficiency but costs companies business. As the authors note, this is a “false trade-off”. I have adapted their ideas around safety for the Chief Compliance Officer (CCO) or compliance practitioner.
The lion’s share of companies the authors studied can be summed up with the following unattributed quote, “There are times, of course, when certain things get tweaked to get results.” That sounds like the statement of business development that wants to get things done rather than do business in compliance. The starting point for education is that any company must emphasize compliance as a “defining value of the organization.” It does not do any good for a company to have a compliance program in place only to have senior management exempt out a transaction the first time a difficult choice comes up.
In the arena of compliance, similarly to the sphere of safety, the answer is to wed a culture and organizational capability around compliance. Do not segregate it but embed it into your organizational processes through a monitoring system with five qualities: “(1) contributing to a process for concurrently monitoring and improving safety and production; (2) identifying who is accountable for the monitoring and improvement; (3) directing the design of work that is [complaint] and productive; (4) facilitating communication between management and [employees]; and (5) informing human resources decisions about compensation, hiring, firing, and promotion” related to compliance issues.
In addition to the foregoing, there are four essential cultural values around compliance. They are (1) commitment, (2) discipline, (3) prevention and (4) participation.
Almost all companies claim they are committed to doing business ethically and in compliance. The issue is really where compliance ranks among a plethora of priorities. If systems are sometimes tweaked to get work done, then compliance is clearly a priority only when it does not affect sales production. But as noted by the new Department of Justice (DOJ) Compliance Counsel, Hui Chen, commitment is also shown in the budgeting and resource process. Moreover, actions speak louder than words as a company’s HR decisions must prioritize, recognize, and reward both employees and managers who show accountability to compliance in their communications and behaviors.
Of course it all starts with the Fair Process Doctrine. There must be a formal process in place so that everyone understands if they violate the company Code of Conduct or do business in violation of the FCPA, there will be even handed discipline put in place. Managers who hold employees accountable to formal processes are willing to discipline employees for deviation from the stated policy or procedure. In other words, if you violate a rule, you might lose pay, get sent home, or get demoted. In such organizations, when HR conducts performance reviews, doing business in compliance is a key performance indicator.
Whether you use the FCPA Guidance formulation of prevent, detect and remediate; McNulty’s Maxim No. 1 – What did you do to stop it?, or some other formulation, you must have a strong prevent prong in your compliance regime. Companies simply cannot sit around waiting for a violation to occur and hope that either they will not get caught or they can remediate before any serious penalty is applied by the government. You need to have a long-term perspective and focus on both simultaneous and continuous improvement.
This means engagement of your employees in your compliance program. Companies that have moved compliance from simply a legal requirement to a capability are at a competitive advantage because they are better run companies. Ethisphere’s World’s Most Ethical Companies awards demonstrate this year after year. While certainly all employees should be responsible for compliance, it is also incumbent for a company to maintain an organizational wide accountability for compliance. But employees take their clues from management and if the compliance function is not part of the executive leadership function of the company or is provided with scant resources, employees will notice this and respond to what they perceive to be management’s priorities. Employees need to see the CCO, or compliance professional, out in the field, in training, in town halls with senior management or another mechanism to show that compliance has value for the company.
The concepts and acumens from the world of safety continue to provide insights for the CCO or compliance practitioner. Fostering the culture of compliance not only gives a company a business advantage, it makes a company a better-run organization.
Fostering the culture of compliance not only gives a company a business advantage, it makes a company a better-run organization.Click to tweet
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2016