The regulatory environment is always evolving. A quick perusal of the alphabet soup of regulatory agencies — Serious Fraud Office (SFO), Department of Justice (DOJ), Securities and Exchange Commission (SEC) — can give compliance practitioners a year’s worth of lessons learned as they plan out their training and communications strategies.
A recent press release from the SEC cites an uptick in enforcement actions to the tune of almost $5 billion in financial remedies, with another $1 billion returned to harmed investors. The cost of non-compliance is increasing, so it’s mission critical that our programs work in practice to prevent misconduct and help employees do the right thing at work.
The stark reality is that, while we often communicate about gray areas in ethics and compliance (E&C) situations that may arise, there’s no gray area in the outcome: An employee either does the right thing, or they don’t. To that end, compliance across the entire business requires a thoughtful training and communications strategy. A well-planned compliance communications drip, combined with technology, data and embedded controls, can offer a more comprehensive approach. This can ensure that the organization’s people not only participate in the training, but also have the tools and resources to operate with respect and integrity to benefit the company culture.
And while varying degrees of data have been a part of traditional compliance programs, the very definition of data itself is changing. The tech and related data output from our helpline or conflict disclosure tools are comparable to big hair, leg warmers and shoulder pads (personally guilty) — in other words, the data output hasn’t changed much. Tech is becoming more about personalization and artificial intelligence (AI), and technologies that enhance augmentation, not just efficiency.
With these key insights in mind, let’s evaluate three tips to transporting your organization’s culture of compliance into the modern era.
3 Tips to Cultivating a Culture of Compliance
1. Make compliance training a continuous process.
The initial step in creating a culture of compliance is to transition compliance training into an ongoing activity. Single events and campaigns, while impactful in the short term, tend to lose their effectiveness over time because the learnings and takeaways don’t stick with employees. Historically, compliance training, while necessary, often suffers from a one-and-done mentality, focusing more on superficial certification than instilling deep, actionable understanding. This training approach often fails to influence an observable behavior change, primarily because it’s not relevant to the immediate, risky tasks employees perform in the course of their jobs, at least at the time.
To help ensure lasting compliance, it’s important to integrate training seamlessly into daily workflows and transactional business processes. This involves providing employees with the opportunity to access guidance as part of their regular work routine. This is where all your hard work as a trusted business partner comes in since modernizing your approach will require partnership and buy-in from company stakeholders.
Strive to deliver E&C content as close to the business process as possible with just-in-time learning via webpage pop-ups and real-time support integrated into third-party monitoring or enterprise resource planning (ERP) systems. Compliance teams can also work with system owners to link simple one-page guides in regular company emails. I affectionately refer to this approach as “non-training training.” And this sneaky training also comes with another benefit: Employees won’t feel like their time is being wasted or that compliance teams have no clue what they do.
When it comes to eLearning, it should be learner-centric — targeted and tailored to an employee’s individual needs. Instead of a one-size-fits-all approach, the technology should adjust to the learner’s knowledge level and give them coaching and remediation throughout their journey. Traditional, linear training tends to miss the mark and further deepens the perspective that compliance is disconnected from the business.
2. Change starts at the top.
Leadership plays a crucial role in setting the organization’s tone and values. Senior leaders are expected to demonstrate ethical behavior, but it’s especially important that managers lead their teams toward a culture of continued compliance. It is widely known that managers are seen as leaders (most employees feel disconnected from the C-Suite), and that managers who create negative micro-cultures can leave a lasting impact on the organization for all the wrong reasons.
Create or update your related resources, guides and tools for management, including easy-to-use toolkits that enable two-way dialogue with direct reports. Think about the best virtual modality for this, like instant messaging and digital boards (if at a psychical location), for example. Also identify areas where tech can empower managers in their roles.
For instance, generative AI tools that allow managers to safely practice critical E&C conversations with an AI-powered character to simulate real life is an excellent way for managers to get personalized feedback to help them develop their ethical North Star, boost confidence and improve communications.
Even if a culture is heavily influenced from the top, its longevity is dependent on everyone in the organization embracing these principles. This is especially true for cultivating a culture of compliance, where the exchange of information, communication and teamwork are key and not seen as noise to employees.
3. Reporting mechanisms and open communication.
Creating an environment where employees feel comfortable raising concerns and reporting potential compliance issues is crucial. This involves establishing clear channels for reporting possible violations and encouraging a speak-up culture where employees trust that they can make a report without fear of retaliation.
Encouraging open dialogue around E&C can help demystify compliance issues and integrate them into an organization’s day-to-day operations. Additionally, learning and development (L&D) specialists can foster a more transparent and communicative culture with anonymous helplines and surveys, regular feedback sessions and open-door policies.
The latest Evaluation of Corporate Compliance Programs added additional detail around transparency and communication in compliance under the recently added section, “Compensation Structures and Consequence Management,” formerly known as “Incentives and Disciplinary Measures.” The guidance indicates prosecutors should evaluate “whether a company has publicized disciplinary actions internally, where appropriate and possible,” including an executive removed from the company. While this is a work in progress for many organizations, it is an especially tough hill to climb if there is not a general sense of equity that holds everyone, no matter their level, accountable for their behavior.
For compliance practitioners, change and evolution are inevitable. But something that remains constant is our commitment to delivering effective compliance programs that resonate with employees and drive behavioral change. Continuous E&C training, an exemplary management team, and open communication are integral to building a robust culture of compliance in the digital era. These keys can also position L&D and compliance specialists as strategic partners to help their people adhere to legal and ethical standards and obligations, and ultimately, contribute to the company’s culture, reputation and success.
