The Convergence of Ethics and Compliance
One of the most important lessons business leaders should learn from the recent financial crisis is that the best time to fix a small problem is before it explodes and becomes a crisis. The philosophy of “fix it when it breaks” does not work when the breakage can destroy major corporations, shut down national markets, cost the Department of the Treasury billions of dollars, and cause substantial disruptions around the world.
From a compliance standpoint, the best way to fix something before it breaks is to create a more ethical culture within a business—especially when one considers the growing body of knowledge documenting that highly ethical organizations are also high performing.
Companies that build a solid cadre of long-term employees who are committed to the firm, who believe in its mission and business model, who work together with high levels of trust and partnership, and who willingly police themselves are formidable competitors. Some private investment funds even search out and invest in such companies because they see an ethical culture as a meaningful indication of long-term success.
For a business to create a more ethical culture, however, its compliance professionals must master the tools associated with “soft” and “hard” compliance.
Soft compliance represents organizational efforts to induce people to willingly participate in the firm’s ethical culture. At a certain level compliance professionals do this when they help write the company’s code of ethics and then manage the training programs that support it.
This is good work, but it’s really just a start.
In recent years a whole new body of learning has arisen, called “behavioral ethics.” This is a rigorous academic field, drawing on social scientific methodologies, that examines why some people act ethically while others do not. It’s important to distinguish it from classical ethics, which establishes and then reinforces the professional standards by which a company’s employees should behave. Behavioral ethics focuses on why some employees do, while others do not, adhere to those standards.
This is a new and emerging field. Nonetheless, the behavioral ethicists have already taught a number of important lessons. For example, framing an issue as an ethical question generally leads to more ethical responses. Studies have shown that a zero tolerance approach to cheating is critical, because most employees start small and only slowly grow into major cheaters. Research also shows that predictable penalties should be avoided, because they encourage employees to view the issue as a cost-benefit calculation—and that can lead to more rather than fewer violations.
The ultimate promise of behavioral ethics is that it provides pragmatic tools that have been demonstrated to work. For example, if certain kinds of penalties lead to more violations, stop imposing them. Behavioral ethics, therefore, represents a tremendous opportunity. In the near term, soft compliance based on behavioral ethics will play an increasingly important role and will experience the most growth and development as ethics and compliance converge.
Admittedly though, behavioral ethics sometimes can seem, well, soft—especially to seasoned professionals who have spent years in a regulatory environment in which names were taken and enforcement referrals were made. As a result, compliance still has a lot to learn here. But with the promise of pragmatic tools that really work, soft compliance is the future.
On the other hand, hard compliance represents the more traditional compliance function of investigating possible wrongdoing. For many years, compliance has been focused on possible misconduct, which usually includes: investigating red flags suggesting wrongdoing; conducting branch-office audits looking for sales that are unsuitable; and following up on complaints to see if the salesman really did lie.
However often compliance professionals explain their career to themselves in positive or even inspirational terms, their actions are fundamentally negative, saying in effect: “There are bad people out there, and it’s my job to find them!” This has led to a strange dynamic: professionals in the compliance department view themselves as doing good, while at the same time, everyone else in the organization views them as akin to the police. Compliance isn’t part of the official government, but it seems to be a fellow traveler.
With some perspective, it’s easy to see how people on the business side feel that way. In general, most compliance investigators are knowledgeable, thoughtful, and professional. They ask good questions, and they submit excellent findings. But regardless of their professional acumen, the compliance professional is an adversary to the person under investigation. He or she is investigating whether someone misbehaved, and no one likes that.
In the same way, compliance professionals should expect businesspeople to view compliance’s investigative function as adversarial, no matter how thoughtful and professional they may be.
Managing Hard and Soft Compliance
Compliance officials, therefore, must decide how they will balance soft and hard compliance. A growing number of compliance professionals no longer want to be the cop on the beat. Instead, to create the right culture, they want to partner with the business. There is nothing wrong with that, but they must accept the fact that the investigative function will always play a critically important role. Moreover, in many leading organizations there is more pressure than ever before for compliance to serve this role. Business leadership wants the bad conduct rooted out before it destroys the organization.
As a solution, compliance professionals should stay true to their roots, but do a better job managing the twin—and potentially contrary—goals of partnership and investigation. To accomplish this, they need to segregate the investigative function as much as possible from the rest of their work. There are large companies that have already done this by creating a separate investigative team. That way, they say, employees on the business side know when they have been referred over to the investigators.
Just as important, they also know when they have not been referred to the investigators. This helps those employees on the business side know when they are working with compliance—as members of the same team looking to build a new, more ethical culture.
Companies will always need hard compliance. An ethical corporate culture will quickly dissipate if it is met with widespread cheating and free riding. Nonetheless, hard compliance must be put in its place so it doesn’t interfere with the culture of trust and partnership today’s compliance professionals are trying to create.
John. H. Walsh is a partner at Sutherland Asbill & Brennan. He previously served for 23 years at the Securities and Exchange Commission, where he was instrumental in creating the Office of Compliance Inspections and Examinations. (This article is for informational purposes and is not intended to constitute legal advice. The views expressed by the author are the author’s alone, and do not necessarily represent the views of Sutherland Asbill & Brennan LLP or its clients.)