Tag: culture

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Using Culture Audits to Strengthen Your Compliance Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

At its core, a culture audit examines the behaviors, attitudes, and values that make up the ethical backbone of an organization.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: New Questions from the DOJ – Shaping the Future of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we deeply dive into the specifics of the 2024 ECCP around compliance and culture.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

How the 2024 ECCP Changes Compliance Culture Expectations

This 2024 ECCP is groundbreaking for several reasons. Not only does it elevate the role of compliance culture, but it also requires companies to take measurable steps to ensure a strong compliance environment that permeates all levels of the organization. The DOJ’s focus is no longer solely on having a compliance program but on proving its effectiveness through documented, data-backed insights into organizational culture. The  2024 ECCP mandates that companies provide evidence of their compliance culture through specific metrics, signaling a major shift toward greater transparency and accountability. This directive presents both a challenge and an opportunity for compliance professionals to leverage data as a foundation for ethical corporate behavior.

This post will explore the key components of these new expectations and guide how compliance teams can meet the DOJ’s standards for a transparent and robust compliance culture.

New Questions from the DOJ: Shaping the Future of Compliance

The 2024 ECCP introduces specific questions around compliance culture, expanding the factors compliance professionals must consider in evaluating their programs. Gone are the days when culture was seen as an abstract concept that couldn’t be measured. The DOJ now expects organizations to provide data showing that compliance culture is monitored and actively managed. Compliance professionals are asked to answer questions about how often they measure compliance culture, whether they collect employee input from all levels, and how they address feedback from these measurements.

These new questions represent a significant shift, requiring compliance teams to adopt a thorough, transparent approach to understanding and enhancing compliance culture. For example, one of the core questions centers on whether compliance culture is assessed regularly, implying that more than an annual survey is required. Regularly evaluating culture allows companies to detect trends, uncover emerging issues, and demonstrate an ongoing commitment to fostering an ethical environment. This is precisely what the DOJ is looking for: a proactive, continuous approach to compliance that signals a deep-seated commitment to integrity.

Another key element of the DOJ’s inquiries is the inclusivity of compliance culture assessments. Specifically, they want to know if employee input is gathered from all organizational levels, from entry-level staff to senior leadership. By requiring a broad-based approach, the DOJ reinforces the idea that compliance culture cannot simply be driven top-down; it must also be understood from the bottom-up. This holistic approach ensures that compliance is implemented at the highest levels and embedded in employees’ everyday experiences, making it a living part of the corporate environment.

The Importance of Data-Driven Culture Audits

One of the most notable aspects of the DOJ’s new standards is the emphasis on data. Culture audits have been an optional tool for compliance officers for years, but they have become essential with the DOJ’s data mandate. Culture audits offer compliance professionals the tools to gather quantifiable metrics that speak to the health of their organization’s compliance culture. Rather than relying on anecdotal evidence or generic surveys, culture audits provide an in-depth look at engagement levels, trust in leadership, and employee perceptions of compliance practices.

Data-driven culture audits are powerful because they allow compliance teams to track cultural trends over time. This longitudinal approach is vital in demonstrating to the DOJ that the organization isn’t paying lip service to compliance but is actively managing and nurturing its culture. For example, a company may find that year over year, its employees feel increasingly confident in using whistleblower hotlines without fear of retaliation. Such a finding provides concrete evidence to regulators that the company has made meaningful strides in fostering a transparent, safe environment for reporting misconduct.

By conducting regular culture audits, compliance professionals can pinpoint areas where the organization’s culture may fall short and take corrective action. This could mean increasing leadership communication around compliance, improving transparency on investigative outcomes, or enhancing training programs to reinforce the importance of ethical conduct. Culture audits are no longer about taking a “snapshot” of compliance culture—they are about creating a continuous, data-driven narrative that shows the DOJ the organization is committed to an ethical culture over the long term.

Aligning Hiring and Incentives with Compliance Culture

Perhaps one of the most transformative aspects of the 2024 ECCP update is the DOJ’s explicit focus on hiring practices and incentive structures as part of compliance culture. The DOJ now expects organizations to ensure hiring and incentives align with ethical behavior and compliance standards. For compliance professionals, this means developing and implementing hiring practices that emphasize skills, qualifications, and cultural fit, particularly in adherence to the organization’s core values and ethical standards.

When companies prioritize hiring for cultural fit, they signal employees that ethical behavior is valued as much as technical expertise. Compliance teams should work closely with HR to develop interview questions and assessment tools that evaluate candidates’ commitment to integrity and ethics. For example, questions could be geared toward understanding how a candidate has handled ethical dilemmas in past roles or their perspective on accountability and transparency in the workplace. Hiring with an eye toward compliance culture builds a foundation of employees who naturally align with the company’s compliance and ethics standards.

Incentive structures, too, must reflect the organization’s commitment to compliance. The DOJ seeks companies that actively reward compliance-promoting behavior and discourage misconduct through performance reviews and compensation decisions. Incentive programs should incorporate compliance metrics, such as adherence to internal policies, active participation in compliance training, and demonstrated commitment to ethical practices. By linking compensation to compliance, companies reinforce the importance of ethical behavior and send a clear message that integrity is a pathway to advancement.

Aligning incentives with compliance goals also involves accountability measures. For instance, employees who display behavior contrary to the company’s values should face consequences, ranging from performance improvement plans to exclusion from bonuses. Compliance professionals must work with HR and leadership to embed these incentives throughout the organization, demonstrating to the DOJ that the company’s culture promotes ethical behavior and holds individuals accountable when they fall short.

Implementing DOJ’s Updated Compliance Culture Expectations

To meet the DOJ’s heightened expectations, compliance professionals should consider adopting a structured approach to building a data-driven culture of compliance:

  1. Set Clear Metrics for Culture Assessment. Determine the metrics that best reflect your compliance culture’s health, such as trust in leadership, willingness to report, and training completion rates. These metrics will serve as the foundation for demonstrating the effectiveness of your program to the DOJ.
  2. Conduct Regular Culture Audits. Culture audits are now necessary, providing the data required to assess and monitor compliance culture. Regular audits ensure compliance efforts are consistent and responsive to any shifts in organizational dynamics.
  3. Ensure Inclusive Input. Collect feedback from employees at every level, not just senior management. This ensures a comprehensive understanding of the compliance culture across the organization and buy-in from employees who see their voices are valued.
  4. Align Hiring and Incentives with Compliance Goals. Work with HR to integrate compliance and ethical standards into hiring processes and performance evaluations. This alignment strengthens the integrity of your workforce and ensures that ethical behavior is consistently rewarded.
  5. Document and Track Progress. The DOJ wants to see evidence of continuous improvement. Document culture audit findings, responses to feedback, and any corrective actions taken. Tracking and documenting progress allows you to demonstrate a commitment to enhancing compliance culture over time.

Leading Compliance in a New Era of Expectations

The DOJ’s updated ECCP has set a new standard for compliance culture, emphasizing data-driven practices. By requiring companies to measure and manage compliance culture, the DOJ is challenging compliance professionals to go beyond policies and procedures and demonstrate the effectiveness of their programs in real terms. This shift presents a unique opportunity for compliance teams to lead their organizations in a new direction, prioritizing integrity, transparency, and continuous improvement.

Incorporating data-driven culture audits, aligning hiring and incentives with compliance goals, and consistently engaging with employees at all levels will help compliance professionals meet and exceed the DOJ’s expectations. By building an ethical culture that resonates across the organization, compliance teams can create a resilient compliance environment that satisfies regulatory demands and fosters a truly compliant workplace.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – The 2024 ECCP is a Game Changer for Compliance and Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

 

In the 2024 ECCP, the DOJ mandates around corporate culture and compliance require a data-driven approach to corporate culture.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – The 2024 ECCP on Data-Driven Culture and Engagement

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this edition, Tom Fox visits with Sam Silverstein on how compliance professionals should view the new DOJ mandate on using data to assess, manage, and improve corporate culture through data-driven compliance. The Culture Audit sponsors this podcast.

In this comprehensive discussion, Tom Fox and Sam Silverstein delve into the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP) by the DOJ. Released in September, this latest update emphasizes the importance of data analytics, culture, engagement, and trust in compliance programs. With a detailed breakdown of over 250 questions posed by the ECCP, Tom and Sam provide valuable insights on how companies can benchmark their compliance programs and prepare for potential investigations. They highlight the role of a culture audit in addressing the DOJ’s requirements, offering a detailed look into how organizations can measure and improve their compliance culture. This webinar educates compliance professionals on the latest DOJ expectations and provides practical tools and methodologies to enhance corporate compliance efforts.

Highlights in this episode:

  • Importance of Culture and Data Analytics
  • Leveraging Data for Compliance
  • Measuring and Improving Culture
  • Data-Driven Culture of Compliance
  • Understanding and Utilizing Culture Audit Data
  • Forward Steps for a Stronger Culture

Resources:

Culture Audit

Set up a call to discuss the Culture Audit, click here

Sam Silverstein and the Accountability Institute

Sam Silverstein on LinkedIn 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Creating, Strengthening, and Maintaining Corporate Culture – Lessons from The Mummy

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

What lessons does Boris Karloff’s The Mummy provide in creating, strengthening, and maintaining corporate culture?

 

Categories
Blog

Argentieri Speech and 2024 ECCP: Complying with the 2024 ECCP on AI

The Department of Justice (DOJ), in its 2024 Update, has explicitly directed companies to ensure they have robust processes in place to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it’s crucial to integrate these mandates into your enterprise risk management (ERM) strategies and broader compliance programs. The DOJ posed two sets of queries for compliance professionals. The first was found in Section I, entitled Is the Corporation’s Compliance Program Well Designed? These are the following questions a prosecutor could ask a company or compliance professional going through an investigation.

Management of Emerging Risks to Ensure Compliance with Applicable Law

  • Does the company have a process for identifying and managing emerging internal and external risks, including risks related to the use of new technologies, that could potentially impact its ability to comply with the law?
  • How does the company assess the potential impact of new technologies, such as artificial intelligence (AI), on its ability to comply with criminal laws?
  • Is management of risks related to using AI and other new technologies integrated into broader enterprise risk management (ERM)  strategies?
  • What is the company’s approach to governance regarding the use of new technologies, such as AI, in its commercial business and compliance program?
  • How is the company curbing any potential negative or unintended consequences resulting from using technologies in its commercial business and compliance program?
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders?
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company’s code of conduct?
  • Do controls exist to ensure the technology is used only for its intended purposes?
  • What baseline of human decision-making is used to assess AI?
  • How is accountability over the use of AI monitored and enforced?
  • How does the company train its employees on using emerging technologies such as AI?

The second question ties AI to a company’s values, ethics, and, most importantly, culture. It is found in Section III, entitled Does the Corporation’s Compliance Program Work in Practice?, Evolving Updates, and poses the following questions:

  • If the company is using new technologies such as AI in its commercial operations or compliance program, is the company monitoring and testing the technologies so that it can evaluate whether they are functioning as intended and consistent with the company’s code of conduct?
  • How quickly can the company detect and correct decisions made by AI or other new technologies that are inconsistent with the company’s values?

Thinking across both questions will lead to more questions and a deep dive into your compliance culture, philosophy, and corporate ethos. It will also bring about unprecedented opportunities for businesses. However, with these opportunities come significant risks, especially in the context of legal compliance. The DOJ has now explicitly directed companies to ensure they have robust processes to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it is both crucial and even obligatory to integrate these mandates into your ERM strategies and broader compliance programs. Below are some ways a compliance professional can think through and you can effectively respond to the DOJ’s latest guidance for the first series of questions.

Establish a Proactive Risk Identification Process

Managing emerging risks begins with a proactive approach to identifying potential threats before they manifest into significant compliance issues.

  • Implement a Dynamic Risk Assessment Framework. Develop a risk assessment process that continuously scans internal and external environments for emerging risks. This should include regular updates to risk profiles based on the latest technological developments, industry trends, and regulatory changes. Incorporating AI into your business and compliance operations requires that you assess its immediate impact and anticipate future risks it might pose as the technology evolves.
  • Engage Cross-Functional Teams. Ensure that your risk identification process is not siloed within the compliance function. Engage cross-functional teams, including IT, legal, HR, and operations, to provide diverse perspectives on potential risks associated with new technologies. This collaboration will help you capture a more comprehensive view of the risks and their potential impact on your organization’s ability to comply with applicable laws.

Establish Rigorous Monitoring Protocols

Monitoring AI and other new technologies isn’t just a box-ticking exercise; it’s a continuous process that requires a deep understanding of the technology and the ethical standards it must uphold.

  • Set Up Continuous Monitoring Systems. Implement real-time monitoring systems that track AI outputs and decisions as they occur. This is crucial for identifying deviations from expected behavior or ethical standards as soon as they happen. Automated monitoring tools can flag anomalies, such as decisions that fall outside predefined parameters, for further review by compliance officers.
  • Define Key Performance Indicators (KPIs). Develop KPIs that specifically measure the alignment of AI outputs with your company’s code of conduct. These include fairness, transparency, accuracy, and ethical impact metrics. Regularly review these KPIs to ensure that AI systems perform within acceptable boundaries and contribute positively to your compliance objectives.

Integrate AI Risk Management into Your ERM Strategy

The DOJ expects companies to manage AI and other technological risks within the broader context of their enterprise risk management strategies.

  • Align AI Risk Management with ERM. Ensure that risks related to AI and other new technologies are integrated into your ERM framework. This means treating AI-related risks like any other enterprise with appropriate controls, governance, and oversight. AI should not be viewed as a standalone issue but as an integral part of your organization’s overall risk landscape.
  • Develop AI-Specific Risk Controls. Establish controls that specifically address the unique risks posed by AI. These might include measures to prevent algorithmic bias, safeguards against AI-driven fraud, and protocols to ensure data privacy and security. Regularly review and update these controls to keep pace with technological advancements and emerging threats.

Implement Comprehensive Testing and Validation

Testing and validating AI technologies should be an ongoing practice, not just a one-time event during the deployment phase. The DOJ expects companies to evaluate whether these technologies are functioning as intended rigorously.

  • Stress-Test AI Systems. Subject your AI systems to scenarios that test their decision-making processes under different conditions. This includes testing for biases, errors, and unintended consequences. By simulating real-world situations, you can better understand how the AI might behave in practice and identify any potential risks before they manifest.
  • Periodic Audits and Reviews. Conduct regular audits of your AI systems to verify their continued compliance with company policies and ethical standards. These audits should include technical assessments and ethical evaluations, ensuring the AI’s decisions remain consistent with your company’s values over time.
  • External Validation. Consider bringing in third-party experts to validate your AI systems. External validation can objectively assess your AI’s functionality and ethical alignment, offering insights that might not be apparent to internal teams.

Develop a Rapid Response Mechanism

Every system is infallible; even the best-monitored AI systems can make mistakes. The key is how quickly and effectively your company can detect and correct these errors.

  • Establish a Rapid Response Team. Create a dedicated team within your compliance function responsible for addressing AI-related issues as they arise. This team should be equipped to investigate flagged decisions quickly, determine the root cause of any inconsistencies, and implement corrective actions.
  • Implement Feedback Loops. Develop feedback loops that allow for continuous learning and improvement of AI systems. When an error is detected, ensure that the AI system is updated or retrained to prevent similar issues in the future. This iterative process is essential for maintaining the integrity of AI systems over time.
  • Document and Report Corrections. Keep detailed records of any AI-related issues and the steps taken to correct them. This documentation is critical for internal tracking and for demonstrating to regulators, like the DOJ, that your company is serious about maintaining ethical AI practices.

Strengthen AI Governance and Accountability

Governance is key to ensuring that AI and other new technologies are used responsibly and in compliance with the law.

  • Create a Governance Framework for Technology Use. Develop a governance framework outlining how AI and other emerging technologies will be used within your organization. This framework should define roles and responsibilities, set clear guidelines for the ethical use of technology, and establish protocols for monitoring and enforcement. Ensure that this framework is aligned with your company’s code of conduct and compliance objectives. Ensure these guidelines are communicated clearly to all stakeholders, including AI developers, compliance teams, and business leaders.
  • Enforce Accountability. Accountability for the use of AI should be clearly defined and enforced. This includes assigning specific oversight roles to ensure that AI systems are used as intended and that any deliberate or reckless misuse is swiftly addressed. Establish a chain of accountability spanning from the C-suite to the operational level, ensuring all stakeholders understand their responsibilities in managing AI risks.

Mitigate Unintended Consequences and Misuse

The DOJ is particularly concerned with the potential for AI and other technologies to be misused, deliberately or unintentionally, leading to compliance breaches.

  • Monitor for Unintended Consequences. Implement monitoring systems that can detect unintended consequences of AI use, such as biased decision-making, unethical outcomes, or operational inefficiencies. These systems should be capable of flagging anomalies in real-time, allowing your compliance team to intervene before issues escalate.
  • Restrict AI Usage to Intended Purposes. Ensure that AI and other technologies are used only for their intended purposes. This involves setting clear boundaries on how AI can be applied and establishing controls to prevent misuse. Regular audits should be conducted to verify that AI systems operate within these defined parameters and that any deviations are promptly corrected.

Ensure Trustworthiness and Human Oversight

As Sam Silverstein continually reminds us, culture is all about trust. The same is true for the use of AI in the workplace. AI’s trustworthiness and reliability are paramount in maintaining compliance and protecting your company’s reputation.

  • Implement Trustworthiness Controls. Develop controls to ensure the trustworthiness of AI systems, including regular validation of AI models, thorough testing for accuracy and reliability, and ongoing monitoring for performance consistency. These controls should be designed to prevent the AI from producing outputs that could lead to legal or ethical violations.
  • Maintain a Human Baseline. AI should complement, not replace, human judgment. Establish a baseline of human decision-making to assess AI outputs and ensure that human oversight is maintained where necessary. This could involve having human review processes for high-stakes decisions or integrating AI outputs into broader decision-making frameworks that involve human input.

Train Employees on Emerging Technologies

As AI and other technologies become more prevalent, employee training is essential to ensure that your workforce understands both the benefits and risks.

  • Develop Comprehensive Training Programs. Create training programs that educate employees on using AI and other emerging technologies, focusing on compliance and ethical considerations. Training should cover the potential risks, the importance of adhering to the company’s code of conduct, and the specific controls to mitigate those risks. Employees should understand how the technology works and how to identify and address any decisions that may conflict with company values. Regular training sessions reinforce the importance of ethical AI use across the organization.
  • Promote a Culture of Awareness. Encourage a culture where employees are vigilant about the risks associated with new technologies. This involves fostering an environment where employees feel empowered to speak up if they notice potential issues and are actively engaged in ensuring that AI and other technologies are used responsibly.
  • Promote a Speak-Up Culture. Encourage employees to report concerns about AI-driven decisions, just as they would report other misconduct. A robust speak-up culture is critical for catching ethical lapses early and ensuring that AI systems remain aligned with company values.

The DOJ’s mandate on managing emerging risks, particularly those related to AI and other new technologies, underscores the need for a proactive, integrated approach to compliance. Compliance professionals can confidently navigate this complex landscape by embedding AI risk management within your broader ERM strategy, strengthening governance and accountability, mitigating unintended consequences, ensuring trustworthiness, and investing in employee training. The stakes are high, but with the right plan in place, your organization can harness the power of AI while staying firmly on the right side of the law.

Categories
Blog

Tone at the Top Week: Part 5 – CCOs Using Town Halls to Build Compliance

This week, we have been exploring how Chief Executive Officers and other senior executives can set an appropriate Tone at the Top by actually walking-the-walk of compliance rather than simply talking-the-talk of compliance. For any corporate compliance program to succeed, the commitment of senior leadership is essential. When establishing and maintaining the right Tone at the Top, few opportunities are as effective and personal as town hall meetings.

Town halls provide CEOs and senior executives with a direct platform to engage with employees across the organization, offering an authentic way to reinforce the importance of compliance. Unlike emails or formal reports, town halls allow real-time interaction, allowing leadership to connect directly with employees and make compliance a part of the company’s culture.

In this concluding blog post from this 5-part series, we will explore how CEOs and other corporate leaders can use town hall meetings to establish and maintain an appropriate tone at the top for a best practices compliance program. From including compliance in every meeting to addressing specific ethical challenges and fostering open dialogue, these strategies will help create a culture where compliance is seen as a shared responsibility and a driver of long-term success.

  • Include Compliance in Every Town Hall

One of the most effective ways to reinforce the importance of compliance is to make it a regular topic of discussion in every town hall meeting. Whether covering updates on regulatory changes, sharing new company policies, or discussing recent compliance issues, consistently integrating compliance into your messaging demonstrates that it is a key part of the company’s business strategy.

The obvious significance is that when compliance is a constant in company communications, employees start to understand that it is not a separate, siloed responsibility but a core element of the business’s operations. Regularly addressing compliance issues signals to employees that ethical behavior is as critical to the company’s success as financial performance or market expansion.

How to Implement

  • Dedicate a section of each town hall to discussing compliance. This could include updates on new business regulations, how the company adapts to changing legal landscapes, or reminders of key compliance policies.
  • Use the platform to highlight how compliance contributes to business objectives. For example, explain how maintaining compliance with environmental regulations helps the company avoid penalties while supporting sustainability goals.
  • Regularly including compliance topics also shows that leadership views compliance as proactive rather than reactive and that ethical behavior is a forward-thinking component of company strategy.

By consistently including compliance in town hall discussions, you reinforce its value and ensure it stays at the top of employees’ minds.

  • Address Specific Ethical Challenges

Town halls are an ideal venue to address specific compliance or ethical challenges the company may be facing. Whether dealing with emerging regulatory risks, handling a recent compliance breach, or navigating ethical dilemmas in high-stakes business decisions, discussing these issues openly with employees helps build trust and foster transparency.

It is not so much that employees need to know that leadership is aware of compliance challenges and actively working to address them. Discussing these challenges openly sends a message that compliance is a shared responsibility across the organization. This approach also helps demystify the compliance process and shows employees that issues are handled systematically and transparently.

How to Implement

  • When a new compliance challenge emerges—whether it’s a change in industry regulations, a data privacy issue, or a new ethical dilemma in business operations—use the town hall to explain the issue clearly. Describe what the company is doing to address it and what is expected of employees to help navigate the challenge.
  • Emphasize that compliance is not just the responsibility of the legal or compliance team but requires every employee’s involvement. This ensures that compliance issues are not seen as external or distant from day-to-day operations.
  • Consider sharing examples of companies or industries where a failure to address ethical challenges led to significant risks or damages. This helps illustrate the real-world consequences of neglecting compliance.

By openly addressing specific ethical challenges, you build a culture of accountability in which employees feel empowered to participate in compliance efforts.

  • Invite Questions About Compliance

One of the most powerful aspects of town hall meetings is their interactive nature. Inviting employees to ask questions about compliance-related topics shows that leadership is open to dialogue and committed to resolving concerns. This openness encourages a culture where employees feel safe raising potential compliance issues and know their voices will be heard.

As I have said many times, the flip side to a culture of speaking up is a culture of listening up. Nothing shows this better than soliciting questions at a town hall, for encouraging questions demonstrates compliance as a collaborative effort. It shows employees that leadership values their input and is willing to engage in a two-way conversation about ethical issues. This is especially important for fostering an environment where employees feel comfortable reporting concerns, knowing that leadership will take them seriously.

How to Implement

  • Set aside time during each town hall for a Q&A session focused on compliance. Let employees know they are welcome to ask about compliance issues related to company policies, regulatory changes, or ethical dilemmas.
  • Ensure that responses to compliance-related questions are thoughtful and demonstrate a commitment to transparency. If an employee raises a concern, provide an actionable response or explain how the company will investigate further.
  • Follow up after the town hall on any unresolved questions. This shows that leadership is committed to addressing compliance concerns beyond the meeting and reinforces trust.

Inviting questions and engaging in meaningful dialogue helps build a culture of openness and encourages employees to take an active role in compliance.

  • Highlight Compliance Success Stories

Town halls also provide an excellent opportunity to celebrate successes. By sharing stories of how compliance actions have helped the company avoid risks or achieve positive outcomes, you reinforce the idea that compliance is a value driver, not a burden. Highlighting these stories shows employees that compliance is not just about avoiding penalties but enabling the company to thrive in a complex regulatory environment.

This is one of the time-honored ways to build incentives in an organization. Sharing success stories helps build employee buy-in and engagement with the compliance program. When employees see the tangible benefits of compliance, they are more likely to view it as a positive and necessary part of their work. This also helps combat the perception that compliance is simply about limiting risk or avoiding punishment.

How to Implement

  • Use town halls to share specific examples of compliance successes. For instance, you might highlight how the company avoided a regulatory fine by proactively addressing a compliance risk or how strong compliance practices helped secure a valuable business partnership.
  • Frame compliance successes in a way that shows how they contribute to broader company goals, such as market expansion, reputation management, or innovation.
  • Recognize the individuals or teams who contributed to these compliance successes. This public recognition reinforces that the organization values and rewards ethical behavior.

You highlight compliance success stories and demonstrate that compliance drives long-term value and growth.

  • Building a Strong Compliance Culture Through Town Halls

Town hall meetings are one of the most powerful tools CEOs and senior executives can use to establish and maintain an appropriate tone at the top for a best practices compliance program. By including compliance in every meeting, addressing specific ethical challenges, inviting questions, and sharing success stories, leaders can foster a culture where compliance is not just a requirement but a shared responsibility and a source of competitive advantage.

When employees hear directly from leadership about the importance of compliance, they are more likely to internalize the message and make ethical behavior part of their daily work. Through regular and open communication in town halls, CEOs can build a strong compliance culture that drives long-term success for the organization.

I hope you have enjoyed and found this five-part series on Tone at the Top. Equally importantly, I hope this more outline format will allow you to cut and paste this information into a Memo you can send to your CEO and other senior executives to give them some concrete steps they can take to improve your organization’s culture so that your organization will do business ethically and in compliance. Additionally, it will give you an audit trail on this issue if a regulator ever comes knocking.

Categories
Blog

Tone at the Top Week: Part 4 – CCOs Using Team Meetings to Further Compliance

We continue our blog post series on how CEOs and top senior executives can demonstrate the ubiquitous Tone at the Top. Setting the tone of doing business ethically and in compliance is one of the most critical responsibilities for CEOs and senior executives. While large-scale communications such as town halls and corporate-wide emails certainly play an essential role, there is one venue where the tone can be effectively set in a more actionable and intimate way: team meetings.

Team meetings, often focused on operational topics, provide a unique opportunity for leaders to engage directly with their teams on compliance matters. These smaller, more focused settings allow meaningful discussions about ethical behavior, compliance risks, and policy adherence. By strategically incorporating compliance into team meetings, executives can ensure that ethical considerations are baked into daily operations and decision-making processes. This post will explore how CEOs and senior leaders can leverage team meetings to reinforce compliance and establish the right tone at the top.

  • Make Compliance a Standing Agenda Item in Leadership Team Meetings

Leadership team meetings often involve high-level business strategy, performance metrics, and operational objectives. However, these meetings are also an opportunity to highlight the importance of compliance. Senior executives and department heads are role models within the organization. When they treat compliance as a priority in their discussions, it signals to their teams that ethical behavior and adherence to the law are non-negotiable elements of the company’s operations.

How to Implement

  • Ensure that compliance is a standing agenda item in leadership team meetings. This could include updates on compliance program initiatives, discussions of recent compliance risks, or analysis of how regulatory changes might impact the business.
  • Encourage leaders to cascade these compliance messages to their direct reports, ensuring the organization is aligned at all levels.
  • Use these meetings to identify areas where compliance could be strengthened within each department and provide executives with the necessary resources to address these gaps.

By making compliance a regular part of leadership conversations, you normalize it as part of the company’s strategic considerations.

  • Lead by Example in Your Own Meetings

One of the most powerful ways to set the tone at the top is to demonstrate your commitment to compliance in team meetings. Senior executives must embed compliance into every conversation about business decisions, strategies, and performance metrics.

This is crucial because people tend to imitate their leaders’ behavior. When executives consistently incorporate compliance considerations into discussions about business operations, it becomes clear that ethical behavior is not a separate initiative but part of how the company functions.

How to Implement

  • When reviewing business strategies, ask questions about managing compliance risks. For example, if a new product is being launched, inquire about the regulatory requirements and whether the company is meeting them.
  • During performance reviews, assess how managers and employees adhere to the company’s compliance policies. Reward ethical behavior, not just financial or operational results.
  • Be transparent about the compliance challenges the company may face and how you expect the team to address them.

Leading by example shows that compliance isn’t just the responsibility of the legal or compliance department—it’s everyone’s responsibility.

  • Conduct Regular Compliance Check-ins with Department Heads

CEOs and senior executives should meet regularly with department heads or team leaders to discuss how compliance is integrated into their teams’ day-to-day operations. These check-ins provide an opportunity to evaluate how well the company’s compliance program functions. Compliance risks vary by department, so it’s important to ensure that leaders at every level actively manage them. Regular check-ins provide insight into how compliance initiatives are being implemented and whether additional support is needed.

How to Implement

  • Schedule monthly or quarterly meetings with department heads to discuss compliance. Topics should include how well the department is adhering to company policies, any challenges they face in meeting compliance requirements, and potential risks.
  • Ask for updates on compliance training within each department—are employees attending, and is the training effective? Offer resources and assistance if certain areas need more focus.
  • Use these check-ins to identify potential areas of non-compliance or emerging risks and take steps to address them before they escalate.

Regular compliance check-ins create accountability among department leaders and ensure that compliance is continuously monitored across the organization.

  • Reinforce Compliance Training and Policies in Team Meetings

One of the most practical ways to integrate compliance into team meetings is by reinforcing the importance of compliance training and company policies. While formal training sessions are crucial, ongoing reminders help ensure compliance stays at the top of employees’ minds. Compliance is an ongoing process, not a one-time event. Reminding employees about training sessions, policy updates, and regulatory changes helps keep the compliance program fresh and relevant.

How to Implement

  • Use team meetings to remind employees of upcoming compliance training sessions. Personalize your message by explaining how these training sessions directly relate to their roles and the risks they may encounter.
  • Discuss any recent updates to company policies or new regulations affecting the business. Ensure that everyone understands the implications of these changes and how they should adjust their behavior accordingly.
  • Endorse compliance training by sharing examples of how it has helped the company avoid risks or improve operations. Your endorsement will increase employee engagement with these programs.

Reinforcing training and policies regularly helps ensure that employees remain aware of their compliance obligations.

  • Open the Floor for Compliance-Related Concerns and Questions

The final and arguably most important way to set the right tone at the top is by encouraging open dialogue about compliance. Team meetings offer an opportunity to create a safe space where employees feel comfortable raising compliance concerns or asking questions. Always remember that part of a Speak Up culture is listening.

This point is of the utmost significance. When employees are afraid to speak up about compliance issues, small problems can quickly escalate into major risks. By fostering a culture of openness, you encourage employees to address potential problems proactively before they become serious.

How to Implement

  • At the end of each meeting, allocate time for employees to ask questions or raise concerns related to compliance. Make it clear that you take these issues seriously and that there will be no retaliation for speaking up.
  • Encourage managers to follow up on any concerns raised and ensure that they are addressed promptly. If necessary, escalate issues to the compliance team for further investigation.
  • Lead by example by actively engaging with any compliance concerns during the meeting. Show that you are approachable and willing to help resolve compliance issues.

Creating an environment where employees feel empowered to speak up reduces the likelihood of compliance breaches and strengthens the company’s overall integrity.

The Power of Team Meetings in Compliance Leadership

Establishing the right tone at the top for a best practices compliance program is not a one-time event; it requires ongoing engagement and consistent messaging. Often viewed as operational, team meetings offer a critical venue for CEOs and senior executives to reinforce their commitment to compliance in an actionable, intimate setting.

By making compliance a standing agenda item, leading by example in your meetings, conducting regular check-ins, reinforcing training, and opening the floor for concerns, senior leaders can build a culture where compliance is not just an expectation but a fundamental part of how the company operates.

Ultimately, this consistent, hands-on approach builds trust, fosters accountability, maintains compliance, and becomes an organizational competitive advantage.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 5 – A Case Study for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I have explored the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration included the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. You can check out the full Everything Compliance episode here. We conclude our series with a summary of lessons learned for compliance and how compliance can use those lessons going forward.

The scandal at BoA involving the excessive hours worked by junior employees highlights a profound crisis in corporate culture that has significant implications for compliance professionals. Despite previous promises of reform following similar incidents, BoA’s failure to address these issues effectively reveals systemic problems that transcend mere policy implementation. The tragedy of junior banker Leo Lukenas, who died after working over 100 hours a week for multiple weeks in a row, underscores the urgent need for stronger internal controls, better communication between management levels, and a culture that genuinely prioritizes employee well-being.

This situation at BoA serves as a critical case study for compliance professionals, illustrating the dangers of a disconnect between senior management’s intentions and the actions of middle management. While senior executives may set policies to limit overwork, middle managers often circumvent these rules, perpetuating a toxic work environment. BoA’s manual control system’s failure, ineffective internal audits, and HR oversight further exacerbate the problem. Compliance professionals must ensure that internal controls are implemented, actively monitored, and enforced to prevent similar issues in their organizations.

A key lesson from the BoA crisis is the importance of addressing the role of incentive structures. In high-stakes environments like investment banking, where bonuses and career advancement are tied to deal closures, there is a significant risk of overwork becoming normalized. Compliance officers must advocate for realigning incentives to balance business goals with ethical standards and employee well-being. This involves addressing the symptoms of such crises and tackling the root causes, such as toxic corporate culture and misaligned incentives.

The BoA scandal highlights the critical role of internal controls in maintaining a healthy and sustainable corporate culture. Relying on self-reporting as a key control mechanism in this high-risk environment proved ineffective, as employees were pressured to underreport their hours. Compliance professionals must recognize that self-reporting should be supplemented with independent verification methods, such as automated time tracking and regular audits, to ensure accurate data collected and controls are effective.

A holistic approach to risk management and compliance must be considered. Internal controls must be integrated into a broader framework, including solid ethical leadership, ongoing employee education, and clear channels for reporting concerns. The failure of BoA’s control environment, monitoring, and remediation efforts allowed a culture of overwork to persist, ultimately leading to repeated tragedies. For compliance professionals, this underscores the need for continuous improvement and active management of internal controls.

The role of the board of directors in overseeing corporate culture is crucial. The BoA crisis demonstrates that board members must go beyond surface-level management reports and engage directly with employees to understand workplace challenges. A proactive approach, including regular reports on employee well-being metrics and internal audits focused on workplace culture, can help prevent such crises. Moreover, creating a culture where employees feel safe to voice concerns is essential for identifying and addressing risks before they escalate.

The Bank of America scandal is a stark reminder of the human cost of a toxic work culture and the vital role that compliance professionals play in safeguarding both employees and organizations. The lessons from this tragedy should guide efforts to create healthier, more sustainable work environments. Compliance is not just about preventing legal and regulatory risks but also about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning business metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.