Tag: culture

Categories
Greetings and Felicitations

Compliance Lessons from Venice – Episode 2, The Arsenale and Creating a Culture of Compliance

Welcome to a short podcast series on doing compliance with a Venetian twist. This week, we will examine three areas where Venice’s time-honored methods inform modern compliance practices. Over the next 3 episodes, we will consider going back to basics in your compliance regime, the use of incentives and consequences to drive a culture of compliance, and how the Lion’s Mouth informs your modern-day whistleblower program. In episode 2, we see how Venice used financial and non-financial incentives and consequence management to create a culture of compliance in Venice’s largest business operation, Arsenale.

The Arsenale district in Venice was known for its shipbuilding prowess from the 1200s to the 1400s. By examining how Venice managed its critical shipbuilding workforce through both incentives and discipline, Tom draws valuable parallels to modern corporate compliance programs. He highlights that Venice implemented job security and compensatory incentives to promote loyalty while enforcing strict non-compete clauses and severe punishments for leaking state secrets. Tom emphasizes the importance of balancing positive incentives with clear disciplinary actions, aligning this historical example with contemporary guidance from the DOJ and SEC. These principles support recognizing compliance efforts through promotions, bonuses, and acknowledgments, which can foster ethical behavior and improve overall organizational integrity.

Key highlights:

  • Arsenale and Incentivizing Compliance
  • Historical Context and Compliance Insights
  • Punishments and Incentives in Venice
  • Modern Compliance Practices

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

Compliance Lessons from Venice – Episode 2: The Arsenale and Incentivizing Compliance

In part 2 of the Compliance Lessons from Venice series, we journey to the Arsenale, the historic heart of Venice’s shipbuilding industry. During Venice’s golden age, the Arsenale was a hub of ingenuity, productivity, and loyalty to the state. The Venetian fathers recognized the strategic importance of Arsenale’s workers and implemented a unique mix of incentives and discipline to protect their secrets, maintain a loyal workforce, and create a prototype culture of compliance. This blog post series is the written companion to the podcast series running on the Compliance Podcast Network.

Today, we can draw from Venice’s business expertise to inform our approach to incentivizing compliance. We focus on a blend of rewards and consequences to encourage ethical behavior, adherence to company values, and enhancement of culture. We will examine how Venice’s example aligns with the DOJ’s compliance guidance and offers valuable lessons for modern corporate compliance programs in the areas of incentives and consequences, together with the development of a culture of compliance.

The Arsenale: Venice’s Production Powerhouse

At its peak, the Venetian Arsenale employed around 12,000 workers, nearly 10% of the city’s population. Venice, one of the most powerful economic and military forces of its time, relied on the Arsenale to build, repair, and maintain its fleet. Here, Venice perfected the assembly line method, with workers laboring by hand to create state-of-the-art ships efficiently and at scale. This commitment to quality and security extended beyond production techniques; the shipbuilding secrets developed in the Arsenale were considered so valuable that they were treated as state secrets, with measures in place to protect the knowledge and the workforce’s loyalty.

The Venetian fathers understood that safeguarding this valuable knowledge required both a carrot and a stick approach. They developed a system that incentivized workers to stay loyal while imposing severe penalties for disloyalty or breaches of confidentiality.

Venice’s Approach to Incentives and Disincentives

Venice’s system was designed to support long-term loyalty, stability, and excellence among Arsenale workers, serving as a model for effective workforce management and protection of critical information. Key elements included:

  1. Job Security and Benefits. Workers at the Arsenale enjoyed job security and were compensated if they lost their ability to work due to injury or illness. Upon a worker’s death, the Arsenale provided funeral expenses and continued to support the family through stipends or alternative job placements for family members. This created a robust and personal investment in the success of the Arsenale, Venice’s population, and the entire city.
  2. Strict Confidentiality and Non-Compete Policies. Venice enacted strict measures to protect its intellectual property. Skilled workers were forbidden from leaving Venice to work for rival cities, effectively instituting one of the earliest forms of a non-compete clause. The penalties for violating this policy were harsh, including torture and execution. Although we have come a long way from such extreme punitive measures, the principle remains relevant in compliance today: a company’s success is closely tied to maintaining the confidentiality of its processes, intellectual property, and proprietary information.

The DOJ’s Guidance on Incentives and Discipline

The DOJ emphasized the importance of both incentives and disincentives to drive ethical behavior in the 2024 Evaluation of Corporate Compliance Programs (2024 ECCP). Venice’s approach aligns closely with this approach, and compliance professionals can look to Arsenale for lessons in incentivizing compliance.

Incentives for Ethical Conduct

The DOJ has recognized that positive incentives can drive compliant behavior. Incentives can be financial—bonuses, salary increases, or promotions—or non-financial, such as recognition and personal acknowledgment. This was reinforced in the 2024 ECCP, which stated, “Has the company considered the impact of its financial rewards and other incentives on compliance?” Some companies have implemented programs incorporating ethics and compliance metrics into performance evaluations. Other companies have awarded annual cash bonuses for outstanding ethical behavior, demonstrating the company’s commitment to integrity.

Making compliance part of the company’s core DNA starts with integrating ethical behavior into everyday performance metrics. This means including compliance adherence in bonus structures or linking promotions to ethical performance rather than pure profitability. By embedding compliance into performance reviews, companies send a clear message: ethical behavior is not just expected but rewarded.

Publicizing Disciplinary Actions

Conversely, the DOJ’s guidance recommends that companies communicate the consequences of unethical actions and compliance violations. When employees understand that unethical behavior has swift and predictable repercussions, it reinforces a culture of accountability. Many companies choose to publicize examples of disciplinary actions to underscore the consequences of misconduct. This transparency demonstrates that the organization takes compliance seriously and applies consequences uniformly. Indeed, the 2024 ECCP states, “Prosecutors may consider whether a company has publicized disciplinary actions internally, where appropriate and possible, which can have valuable deterrent effects.”

In Venice, the knowledge of harsh punishments deterred Arsenale workers from betraying the city’s secrets. Today, compliance departments do not need such severe measures, but transparent communication around discipline can serve a similar function, reminding employees of the importance of maintaining integrity.

Building a Compliance Culture Based on Loyalty and Trust

In Venice, loyalty to the Arsenale wasn’t driven by fear alone; workers knew the city valued and protected them. The DOJ emphasizes a similar approach for corporate compliance programs, suggesting that incentives go beyond mere policy compliance. Instead, they should aim to cultivate a culture where ethical conduct is intrinsically linked to loyalty to the company and professional satisfaction.

Consider implementing the following methods to build loyalty and trust in your compliance program:

  1. Job Security and Career Support. Like the Venetian fathers who assured workers of job security and family support, compliance programs can provide employees with stability and purpose. Offering career advancement opportunities, professional development in compliance-related areas, and clear paths to promotion for ethical conduct reinforces a culture where compliance is valued and integral to career success.
  2. Recognition Programs. Recognizing employees who demonstrate ethical behavior is powerful. Recognizing compliance champions through formal awards or public acknowledgment sends a message that ethics and integrity are valued. A simple “thank you” for a job well done can also be incredibly impactful in reinforcing positive behavior.
  3. Integrating Compliance into Performance Metrics. Building on the DOJ’s guidance, integrating compliance into performance reviews ensures employees understand that ethical behavior directly impacts their career progression. By making ethics a part of promotion criteria, companies reinforce the idea that doing business correctly is critical to professional success.
  4. Ethics Training and Resources. Providing ongoing training beyond “checking the box” helps employees understand the why behind compliance. When people know the purpose behind policies and feel they have the resources and support to comply, they’re more likely to internalize ethical behavior in their day-to-day operations.

Lessons from Venice for Modern Compliance Programs

The Venetian Arsenale is a testament to the power of incentivizing loyalty and ethical behavior while establishing a clear system of consequences. Today’s compliance professionals can adapt these principles to build a balanced program that motivates employees to act with integrity, rewards ethical conduct, and enforces accountability.

Venice teaches us that incentivizing compliance is not just about financial bonuses; it’s about creating a work environment that values and rewards ethical behavior at every level. Employees need to feel part of something bigger than themselves—an organization that values their contributions and supports their ethical choices. When employees see that compliance is recognized and rewarded, they’re more likely to engage with the program and make ethical decisions.

The Timelessness of the Arsenale’s Approach

Venice may have faded as a global power, but the lessons from its golden age remain relevant. In the same way that Arsenale’s workers were loyal to their city because of the incentives and protections provided, today’s employees will be more committed to a compliance program that genuinely values and supports them.

As compliance professionals, we can create a culture where employees are encouraged, recognized, and rewarded for doing the right thing. The DOJ’s guidance underscores the importance of balancing incentives with disciplinary measures, and Venice shows us how this balance can be achieved to build a compliant, loyal workforce.

Join us tomorrow as we conclude our series with a look at Venice’s “Into the Lion’s Mouth whistleblower program, a true precursor to the modern whistleblower protections that support transparency and accountability in compliance programs.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Using Culture Audits to Strengthen Your Compliance Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

At its core, a culture audit examines the behaviors, attitudes, and values that make up the ethical backbone of an organization.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: New Questions from the DOJ – Shaping the Future of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we deeply dive into the specifics of the 2024 ECCP around compliance and culture.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

How the 2024 ECCP Changes Compliance Culture Expectations

This 2024 ECCP is groundbreaking for several reasons. Not only does it elevate the role of compliance culture, but it also requires companies to take measurable steps to ensure a strong compliance environment that permeates all levels of the organization. The DOJ’s focus is no longer solely on having a compliance program but on proving its effectiveness through documented, data-backed insights into organizational culture. The  2024 ECCP mandates that companies provide evidence of their compliance culture through specific metrics, signaling a major shift toward greater transparency and accountability. This directive presents both a challenge and an opportunity for compliance professionals to leverage data as a foundation for ethical corporate behavior.

This post will explore the key components of these new expectations and guide how compliance teams can meet the DOJ’s standards for a transparent and robust compliance culture.

New Questions from the DOJ: Shaping the Future of Compliance

The 2024 ECCP introduces specific questions around compliance culture, expanding the factors compliance professionals must consider in evaluating their programs. Gone are the days when culture was seen as an abstract concept that couldn’t be measured. The DOJ now expects organizations to provide data showing that compliance culture is monitored and actively managed. Compliance professionals are asked to answer questions about how often they measure compliance culture, whether they collect employee input from all levels, and how they address feedback from these measurements.

These new questions represent a significant shift, requiring compliance teams to adopt a thorough, transparent approach to understanding and enhancing compliance culture. For example, one of the core questions centers on whether compliance culture is assessed regularly, implying that more than an annual survey is required. Regularly evaluating culture allows companies to detect trends, uncover emerging issues, and demonstrate an ongoing commitment to fostering an ethical environment. This is precisely what the DOJ is looking for: a proactive, continuous approach to compliance that signals a deep-seated commitment to integrity.

Another key element of the DOJ’s inquiries is the inclusivity of compliance culture assessments. Specifically, they want to know if employee input is gathered from all organizational levels, from entry-level staff to senior leadership. By requiring a broad-based approach, the DOJ reinforces the idea that compliance culture cannot simply be driven top-down; it must also be understood from the bottom-up. This holistic approach ensures that compliance is implemented at the highest levels and embedded in employees’ everyday experiences, making it a living part of the corporate environment.

The Importance of Data-Driven Culture Audits

One of the most notable aspects of the DOJ’s new standards is the emphasis on data. Culture audits have been an optional tool for compliance officers for years, but they have become essential with the DOJ’s data mandate. Culture audits offer compliance professionals the tools to gather quantifiable metrics that speak to the health of their organization’s compliance culture. Rather than relying on anecdotal evidence or generic surveys, culture audits provide an in-depth look at engagement levels, trust in leadership, and employee perceptions of compliance practices.

Data-driven culture audits are powerful because they allow compliance teams to track cultural trends over time. This longitudinal approach is vital in demonstrating to the DOJ that the organization isn’t paying lip service to compliance but is actively managing and nurturing its culture. For example, a company may find that year over year, its employees feel increasingly confident in using whistleblower hotlines without fear of retaliation. Such a finding provides concrete evidence to regulators that the company has made meaningful strides in fostering a transparent, safe environment for reporting misconduct.

By conducting regular culture audits, compliance professionals can pinpoint areas where the organization’s culture may fall short and take corrective action. This could mean increasing leadership communication around compliance, improving transparency on investigative outcomes, or enhancing training programs to reinforce the importance of ethical conduct. Culture audits are no longer about taking a “snapshot” of compliance culture—they are about creating a continuous, data-driven narrative that shows the DOJ the organization is committed to an ethical culture over the long term.

Aligning Hiring and Incentives with Compliance Culture

Perhaps one of the most transformative aspects of the 2024 ECCP update is the DOJ’s explicit focus on hiring practices and incentive structures as part of compliance culture. The DOJ now expects organizations to ensure hiring and incentives align with ethical behavior and compliance standards. For compliance professionals, this means developing and implementing hiring practices that emphasize skills, qualifications, and cultural fit, particularly in adherence to the organization’s core values and ethical standards.

When companies prioritize hiring for cultural fit, they signal employees that ethical behavior is valued as much as technical expertise. Compliance teams should work closely with HR to develop interview questions and assessment tools that evaluate candidates’ commitment to integrity and ethics. For example, questions could be geared toward understanding how a candidate has handled ethical dilemmas in past roles or their perspective on accountability and transparency in the workplace. Hiring with an eye toward compliance culture builds a foundation of employees who naturally align with the company’s compliance and ethics standards.

Incentive structures, too, must reflect the organization’s commitment to compliance. The DOJ seeks companies that actively reward compliance-promoting behavior and discourage misconduct through performance reviews and compensation decisions. Incentive programs should incorporate compliance metrics, such as adherence to internal policies, active participation in compliance training, and demonstrated commitment to ethical practices. By linking compensation to compliance, companies reinforce the importance of ethical behavior and send a clear message that integrity is a pathway to advancement.

Aligning incentives with compliance goals also involves accountability measures. For instance, employees who display behavior contrary to the company’s values should face consequences, ranging from performance improvement plans to exclusion from bonuses. Compliance professionals must work with HR and leadership to embed these incentives throughout the organization, demonstrating to the DOJ that the company’s culture promotes ethical behavior and holds individuals accountable when they fall short.

Implementing DOJ’s Updated Compliance Culture Expectations

To meet the DOJ’s heightened expectations, compliance professionals should consider adopting a structured approach to building a data-driven culture of compliance:

  1. Set Clear Metrics for Culture Assessment. Determine the metrics that best reflect your compliance culture’s health, such as trust in leadership, willingness to report, and training completion rates. These metrics will serve as the foundation for demonstrating the effectiveness of your program to the DOJ.
  2. Conduct Regular Culture Audits. Culture audits are now necessary, providing the data required to assess and monitor compliance culture. Regular audits ensure compliance efforts are consistent and responsive to any shifts in organizational dynamics.
  3. Ensure Inclusive Input. Collect feedback from employees at every level, not just senior management. This ensures a comprehensive understanding of the compliance culture across the organization and buy-in from employees who see their voices are valued.
  4. Align Hiring and Incentives with Compliance Goals. Work with HR to integrate compliance and ethical standards into hiring processes and performance evaluations. This alignment strengthens the integrity of your workforce and ensures that ethical behavior is consistently rewarded.
  5. Document and Track Progress. The DOJ wants to see evidence of continuous improvement. Document culture audit findings, responses to feedback, and any corrective actions taken. Tracking and documenting progress allows you to demonstrate a commitment to enhancing compliance culture over time.

Leading Compliance in a New Era of Expectations

The DOJ’s updated ECCP has set a new standard for compliance culture, emphasizing data-driven practices. By requiring companies to measure and manage compliance culture, the DOJ is challenging compliance professionals to go beyond policies and procedures and demonstrate the effectiveness of their programs in real terms. This shift presents a unique opportunity for compliance teams to lead their organizations in a new direction, prioritizing integrity, transparency, and continuous improvement.

Incorporating data-driven culture audits, aligning hiring and incentives with compliance goals, and consistently engaging with employees at all levels will help compliance professionals meet and exceed the DOJ’s expectations. By building an ethical culture that resonates across the organization, compliance teams can create a resilient compliance environment that satisfies regulatory demands and fosters a truly compliant workplace.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – The 2024 ECCP is a Game Changer for Compliance and Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

 

In the 2024 ECCP, the DOJ mandates around corporate culture and compliance require a data-driven approach to corporate culture.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – The 2024 ECCP on Data-Driven Culture and Engagement

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this edition, Tom Fox visits with Sam Silverstein on how compliance professionals should view the new DOJ mandate on using data to assess, manage, and improve corporate culture through data-driven compliance. The Culture Audit sponsors this podcast.

In this comprehensive discussion, Tom Fox and Sam Silverstein delve into the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP) by the DOJ. Released in September, this latest update emphasizes the importance of data analytics, culture, engagement, and trust in compliance programs. With a detailed breakdown of over 250 questions posed by the ECCP, Tom and Sam provide valuable insights on how companies can benchmark their compliance programs and prepare for potential investigations. They highlight the role of a culture audit in addressing the DOJ’s requirements, offering a detailed look into how organizations can measure and improve their compliance culture. This webinar educates compliance professionals on the latest DOJ expectations and provides practical tools and methodologies to enhance corporate compliance efforts.

Highlights in this episode:

  • Importance of Culture and Data Analytics
  • Leveraging Data for Compliance
  • Measuring and Improving Culture
  • Data-Driven Culture of Compliance
  • Understanding and Utilizing Culture Audit Data
  • Forward Steps for a Stronger Culture

Resources:

Culture Audit

Set up a call to discuss the Culture Audit, click here

Sam Silverstein and the Accountability Institute

Sam Silverstein on LinkedIn 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Creating, Strengthening, and Maintaining Corporate Culture – Lessons from The Mummy

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

What lessons does Boris Karloff’s The Mummy provide in creating, strengthening, and maintaining corporate culture?

 

Categories
Blog

Argentieri Speech and 2024 ECCP: Complying with the 2024 ECCP on AI

The Department of Justice (DOJ), in its 2024 Update, has explicitly directed companies to ensure they have robust processes in place to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it’s crucial to integrate these mandates into your enterprise risk management (ERM) strategies and broader compliance programs. The DOJ posed two sets of queries for compliance professionals. The first was found in Section I, entitled Is the Corporation’s Compliance Program Well Designed? These are the following questions a prosecutor could ask a company or compliance professional going through an investigation.

Management of Emerging Risks to Ensure Compliance with Applicable Law

  • Does the company have a process for identifying and managing emerging internal and external risks, including risks related to the use of new technologies, that could potentially impact its ability to comply with the law?
  • How does the company assess the potential impact of new technologies, such as artificial intelligence (AI), on its ability to comply with criminal laws?
  • Is management of risks related to using AI and other new technologies integrated into broader enterprise risk management (ERM)  strategies?
  • What is the company’s approach to governance regarding the use of new technologies, such as AI, in its commercial business and compliance program?
  • How is the company curbing any potential negative or unintended consequences resulting from using technologies in its commercial business and compliance program?
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders?
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company’s code of conduct?
  • Do controls exist to ensure the technology is used only for its intended purposes?
  • What baseline of human decision-making is used to assess AI?
  • How is accountability over the use of AI monitored and enforced?
  • How does the company train its employees on using emerging technologies such as AI?

The second question ties AI to a company’s values, ethics, and, most importantly, culture. It is found in Section III, entitled Does the Corporation’s Compliance Program Work in Practice?, Evolving Updates, and poses the following questions:

  • If the company is using new technologies such as AI in its commercial operations or compliance program, is the company monitoring and testing the technologies so that it can evaluate whether they are functioning as intended and consistent with the company’s code of conduct?
  • How quickly can the company detect and correct decisions made by AI or other new technologies that are inconsistent with the company’s values?

Thinking across both questions will lead to more questions and a deep dive into your compliance culture, philosophy, and corporate ethos. It will also bring about unprecedented opportunities for businesses. However, with these opportunities come significant risks, especially in the context of legal compliance. The DOJ has now explicitly directed companies to ensure they have robust processes to identify, manage, and mitigate emerging risks related to new technologies, including AI. As compliance professionals, it is both crucial and even obligatory to integrate these mandates into your ERM strategies and broader compliance programs. Below are some ways a compliance professional can think through and you can effectively respond to the DOJ’s latest guidance for the first series of questions.

Establish a Proactive Risk Identification Process

Managing emerging risks begins with a proactive approach to identifying potential threats before they manifest into significant compliance issues.

  • Implement a Dynamic Risk Assessment Framework. Develop a risk assessment process that continuously scans internal and external environments for emerging risks. This should include regular updates to risk profiles based on the latest technological developments, industry trends, and regulatory changes. Incorporating AI into your business and compliance operations requires that you assess its immediate impact and anticipate future risks it might pose as the technology evolves.
  • Engage Cross-Functional Teams. Ensure that your risk identification process is not siloed within the compliance function. Engage cross-functional teams, including IT, legal, HR, and operations, to provide diverse perspectives on potential risks associated with new technologies. This collaboration will help you capture a more comprehensive view of the risks and their potential impact on your organization’s ability to comply with applicable laws.

Establish Rigorous Monitoring Protocols

Monitoring AI and other new technologies isn’t just a box-ticking exercise; it’s a continuous process that requires a deep understanding of the technology and the ethical standards it must uphold.

  • Set Up Continuous Monitoring Systems. Implement real-time monitoring systems that track AI outputs and decisions as they occur. This is crucial for identifying deviations from expected behavior or ethical standards as soon as they happen. Automated monitoring tools can flag anomalies, such as decisions that fall outside predefined parameters, for further review by compliance officers.
  • Define Key Performance Indicators (KPIs). Develop KPIs that specifically measure the alignment of AI outputs with your company’s code of conduct. These include fairness, transparency, accuracy, and ethical impact metrics. Regularly review these KPIs to ensure that AI systems perform within acceptable boundaries and contribute positively to your compliance objectives.

Integrate AI Risk Management into Your ERM Strategy

The DOJ expects companies to manage AI and other technological risks within the broader context of their enterprise risk management strategies.

  • Align AI Risk Management with ERM. Ensure that risks related to AI and other new technologies are integrated into your ERM framework. This means treating AI-related risks like any other enterprise with appropriate controls, governance, and oversight. AI should not be viewed as a standalone issue but as an integral part of your organization’s overall risk landscape.
  • Develop AI-Specific Risk Controls. Establish controls that specifically address the unique risks posed by AI. These might include measures to prevent algorithmic bias, safeguards against AI-driven fraud, and protocols to ensure data privacy and security. Regularly review and update these controls to keep pace with technological advancements and emerging threats.

Implement Comprehensive Testing and Validation

Testing and validating AI technologies should be an ongoing practice, not just a one-time event during the deployment phase. The DOJ expects companies to evaluate whether these technologies are functioning as intended rigorously.

  • Stress-Test AI Systems. Subject your AI systems to scenarios that test their decision-making processes under different conditions. This includes testing for biases, errors, and unintended consequences. By simulating real-world situations, you can better understand how the AI might behave in practice and identify any potential risks before they manifest.
  • Periodic Audits and Reviews. Conduct regular audits of your AI systems to verify their continued compliance with company policies and ethical standards. These audits should include technical assessments and ethical evaluations, ensuring the AI’s decisions remain consistent with your company’s values over time.
  • External Validation. Consider bringing in third-party experts to validate your AI systems. External validation can objectively assess your AI’s functionality and ethical alignment, offering insights that might not be apparent to internal teams.

Develop a Rapid Response Mechanism

Every system is infallible; even the best-monitored AI systems can make mistakes. The key is how quickly and effectively your company can detect and correct these errors.

  • Establish a Rapid Response Team. Create a dedicated team within your compliance function responsible for addressing AI-related issues as they arise. This team should be equipped to investigate flagged decisions quickly, determine the root cause of any inconsistencies, and implement corrective actions.
  • Implement Feedback Loops. Develop feedback loops that allow for continuous learning and improvement of AI systems. When an error is detected, ensure that the AI system is updated or retrained to prevent similar issues in the future. This iterative process is essential for maintaining the integrity of AI systems over time.
  • Document and Report Corrections. Keep detailed records of any AI-related issues and the steps taken to correct them. This documentation is critical for internal tracking and for demonstrating to regulators, like the DOJ, that your company is serious about maintaining ethical AI practices.

Strengthen AI Governance and Accountability

Governance is key to ensuring that AI and other new technologies are used responsibly and in compliance with the law.

  • Create a Governance Framework for Technology Use. Develop a governance framework outlining how AI and other emerging technologies will be used within your organization. This framework should define roles and responsibilities, set clear guidelines for the ethical use of technology, and establish protocols for monitoring and enforcement. Ensure that this framework is aligned with your company’s code of conduct and compliance objectives. Ensure these guidelines are communicated clearly to all stakeholders, including AI developers, compliance teams, and business leaders.
  • Enforce Accountability. Accountability for the use of AI should be clearly defined and enforced. This includes assigning specific oversight roles to ensure that AI systems are used as intended and that any deliberate or reckless misuse is swiftly addressed. Establish a chain of accountability spanning from the C-suite to the operational level, ensuring all stakeholders understand their responsibilities in managing AI risks.

Mitigate Unintended Consequences and Misuse

The DOJ is particularly concerned with the potential for AI and other technologies to be misused, deliberately or unintentionally, leading to compliance breaches.

  • Monitor for Unintended Consequences. Implement monitoring systems that can detect unintended consequences of AI use, such as biased decision-making, unethical outcomes, or operational inefficiencies. These systems should be capable of flagging anomalies in real-time, allowing your compliance team to intervene before issues escalate.
  • Restrict AI Usage to Intended Purposes. Ensure that AI and other technologies are used only for their intended purposes. This involves setting clear boundaries on how AI can be applied and establishing controls to prevent misuse. Regular audits should be conducted to verify that AI systems operate within these defined parameters and that any deviations are promptly corrected.

Ensure Trustworthiness and Human Oversight

As Sam Silverstein continually reminds us, culture is all about trust. The same is true for the use of AI in the workplace. AI’s trustworthiness and reliability are paramount in maintaining compliance and protecting your company’s reputation.

  • Implement Trustworthiness Controls. Develop controls to ensure the trustworthiness of AI systems, including regular validation of AI models, thorough testing for accuracy and reliability, and ongoing monitoring for performance consistency. These controls should be designed to prevent the AI from producing outputs that could lead to legal or ethical violations.
  • Maintain a Human Baseline. AI should complement, not replace, human judgment. Establish a baseline of human decision-making to assess AI outputs and ensure that human oversight is maintained where necessary. This could involve having human review processes for high-stakes decisions or integrating AI outputs into broader decision-making frameworks that involve human input.

Train Employees on Emerging Technologies

As AI and other technologies become more prevalent, employee training is essential to ensure that your workforce understands both the benefits and risks.

  • Develop Comprehensive Training Programs. Create training programs that educate employees on using AI and other emerging technologies, focusing on compliance and ethical considerations. Training should cover the potential risks, the importance of adhering to the company’s code of conduct, and the specific controls to mitigate those risks. Employees should understand how the technology works and how to identify and address any decisions that may conflict with company values. Regular training sessions reinforce the importance of ethical AI use across the organization.
  • Promote a Culture of Awareness. Encourage a culture where employees are vigilant about the risks associated with new technologies. This involves fostering an environment where employees feel empowered to speak up if they notice potential issues and are actively engaged in ensuring that AI and other technologies are used responsibly.
  • Promote a Speak-Up Culture. Encourage employees to report concerns about AI-driven decisions, just as they would report other misconduct. A robust speak-up culture is critical for catching ethical lapses early and ensuring that AI systems remain aligned with company values.

The DOJ’s mandate on managing emerging risks, particularly those related to AI and other new technologies, underscores the need for a proactive, integrated approach to compliance. Compliance professionals can confidently navigate this complex landscape by embedding AI risk management within your broader ERM strategy, strengthening governance and accountability, mitigating unintended consequences, ensuring trustworthiness, and investing in employee training. The stakes are high, but with the right plan in place, your organization can harness the power of AI while staying firmly on the right side of the law.

Categories
Blog

Tone at the Top Week: Part 5 – CCOs Using Town Halls to Build Compliance

This week, we have been exploring how Chief Executive Officers and other senior executives can set an appropriate Tone at the Top by actually walking-the-walk of compliance rather than simply talking-the-talk of compliance. For any corporate compliance program to succeed, the commitment of senior leadership is essential. When establishing and maintaining the right Tone at the Top, few opportunities are as effective and personal as town hall meetings.

Town halls provide CEOs and senior executives with a direct platform to engage with employees across the organization, offering an authentic way to reinforce the importance of compliance. Unlike emails or formal reports, town halls allow real-time interaction, allowing leadership to connect directly with employees and make compliance a part of the company’s culture.

In this concluding blog post from this 5-part series, we will explore how CEOs and other corporate leaders can use town hall meetings to establish and maintain an appropriate tone at the top for a best practices compliance program. From including compliance in every meeting to addressing specific ethical challenges and fostering open dialogue, these strategies will help create a culture where compliance is seen as a shared responsibility and a driver of long-term success.

  • Include Compliance in Every Town Hall

One of the most effective ways to reinforce the importance of compliance is to make it a regular topic of discussion in every town hall meeting. Whether covering updates on regulatory changes, sharing new company policies, or discussing recent compliance issues, consistently integrating compliance into your messaging demonstrates that it is a key part of the company’s business strategy.

The obvious significance is that when compliance is a constant in company communications, employees start to understand that it is not a separate, siloed responsibility but a core element of the business’s operations. Regularly addressing compliance issues signals to employees that ethical behavior is as critical to the company’s success as financial performance or market expansion.

How to Implement

  • Dedicate a section of each town hall to discussing compliance. This could include updates on new business regulations, how the company adapts to changing legal landscapes, or reminders of key compliance policies.
  • Use the platform to highlight how compliance contributes to business objectives. For example, explain how maintaining compliance with environmental regulations helps the company avoid penalties while supporting sustainability goals.
  • Regularly including compliance topics also shows that leadership views compliance as proactive rather than reactive and that ethical behavior is a forward-thinking component of company strategy.

By consistently including compliance in town hall discussions, you reinforce its value and ensure it stays at the top of employees’ minds.

  • Address Specific Ethical Challenges

Town halls are an ideal venue to address specific compliance or ethical challenges the company may be facing. Whether dealing with emerging regulatory risks, handling a recent compliance breach, or navigating ethical dilemmas in high-stakes business decisions, discussing these issues openly with employees helps build trust and foster transparency.

It is not so much that employees need to know that leadership is aware of compliance challenges and actively working to address them. Discussing these challenges openly sends a message that compliance is a shared responsibility across the organization. This approach also helps demystify the compliance process and shows employees that issues are handled systematically and transparently.

How to Implement

  • When a new compliance challenge emerges—whether it’s a change in industry regulations, a data privacy issue, or a new ethical dilemma in business operations—use the town hall to explain the issue clearly. Describe what the company is doing to address it and what is expected of employees to help navigate the challenge.
  • Emphasize that compliance is not just the responsibility of the legal or compliance team but requires every employee’s involvement. This ensures that compliance issues are not seen as external or distant from day-to-day operations.
  • Consider sharing examples of companies or industries where a failure to address ethical challenges led to significant risks or damages. This helps illustrate the real-world consequences of neglecting compliance.

By openly addressing specific ethical challenges, you build a culture of accountability in which employees feel empowered to participate in compliance efforts.

  • Invite Questions About Compliance

One of the most powerful aspects of town hall meetings is their interactive nature. Inviting employees to ask questions about compliance-related topics shows that leadership is open to dialogue and committed to resolving concerns. This openness encourages a culture where employees feel safe raising potential compliance issues and know their voices will be heard.

As I have said many times, the flip side to a culture of speaking up is a culture of listening up. Nothing shows this better than soliciting questions at a town hall, for encouraging questions demonstrates compliance as a collaborative effort. It shows employees that leadership values their input and is willing to engage in a two-way conversation about ethical issues. This is especially important for fostering an environment where employees feel comfortable reporting concerns, knowing that leadership will take them seriously.

How to Implement

  • Set aside time during each town hall for a Q&A session focused on compliance. Let employees know they are welcome to ask about compliance issues related to company policies, regulatory changes, or ethical dilemmas.
  • Ensure that responses to compliance-related questions are thoughtful and demonstrate a commitment to transparency. If an employee raises a concern, provide an actionable response or explain how the company will investigate further.
  • Follow up after the town hall on any unresolved questions. This shows that leadership is committed to addressing compliance concerns beyond the meeting and reinforces trust.

Inviting questions and engaging in meaningful dialogue helps build a culture of openness and encourages employees to take an active role in compliance.

  • Highlight Compliance Success Stories

Town halls also provide an excellent opportunity to celebrate successes. By sharing stories of how compliance actions have helped the company avoid risks or achieve positive outcomes, you reinforce the idea that compliance is a value driver, not a burden. Highlighting these stories shows employees that compliance is not just about avoiding penalties but enabling the company to thrive in a complex regulatory environment.

This is one of the time-honored ways to build incentives in an organization. Sharing success stories helps build employee buy-in and engagement with the compliance program. When employees see the tangible benefits of compliance, they are more likely to view it as a positive and necessary part of their work. This also helps combat the perception that compliance is simply about limiting risk or avoiding punishment.

How to Implement

  • Use town halls to share specific examples of compliance successes. For instance, you might highlight how the company avoided a regulatory fine by proactively addressing a compliance risk or how strong compliance practices helped secure a valuable business partnership.
  • Frame compliance successes in a way that shows how they contribute to broader company goals, such as market expansion, reputation management, or innovation.
  • Recognize the individuals or teams who contributed to these compliance successes. This public recognition reinforces that the organization values and rewards ethical behavior.

You highlight compliance success stories and demonstrate that compliance drives long-term value and growth.

  • Building a Strong Compliance Culture Through Town Halls

Town hall meetings are one of the most powerful tools CEOs and senior executives can use to establish and maintain an appropriate tone at the top for a best practices compliance program. By including compliance in every meeting, addressing specific ethical challenges, inviting questions, and sharing success stories, leaders can foster a culture where compliance is not just a requirement but a shared responsibility and a source of competitive advantage.

When employees hear directly from leadership about the importance of compliance, they are more likely to internalize the message and make ethical behavior part of their daily work. Through regular and open communication in town halls, CEOs can build a strong compliance culture that drives long-term success for the organization.

I hope you have enjoyed and found this five-part series on Tone at the Top. Equally importantly, I hope this more outline format will allow you to cut and paste this information into a Memo you can send to your CEO and other senior executives to give them some concrete steps they can take to improve your organization’s culture so that your organization will do business ethically and in compliance. Additionally, it will give you an audit trail on this issue if a regulator ever comes knocking.