Before a Chief Compliance Officer accepts a new position with a company, a potential CCO should conduct his/her own “due diligence” of the prospective employer.
A company without a corporate culture of ethics and compliance can pose serious challenges for CCOs seeking to implement an effective ethics and compliance program. In the absence of a real commitment from the board and the CEO, a CCO has to look at the company to see if the promised commitment to culture is present, or at least that the company has the potential to embrace a culture of ethics and compliance.
Five issues, beyond the standard checklist of CCO empowerment (e.g. resources, reporting relationships, and independence) that need to be examined:
Leadership conduct and incentives. Mere words are just that – words. Actions speak louder than words. It is hard to get a holistic look at a company when you meet with senior officers who all know how to spout corporate policies and commitment to ethics and compliance. But there are some tell-tale signs.
One important sign – check for folklore and reputation. What do I mean? If there is folklore about the CEO or senior executives’ conduct, that is a positive sign. For example, if you hear stories about how the CEO acted ethically by refusing a gift, responding to a specific employee concern, or cites the company’s code of conduct (in his or her sleep or at a meeting), or embraces the compliance message, these are all good examples of ethical conduct.
If the company’s leadership understands the importance of culture to the company’s reputation and overall profitability, the company “gets it.” On the other hand, it is fairly easy to tell when the company is just mouthing the words but not backing the words up with a real commitment of dedication to culture, reputation, and overall sustainability.
Measuring culture. A company that understands the importance of culture will also commit to monitoring and measuring culture. This means much more than an annual survey and includes focus groups, spot check interviews, and country, regional, or product/service specific surveys. Additionally, it is critical to examine how and when the CCO is expected to report to the board and senior management, and whether such reports include culture measurement and monitoring.
Internal communications. A robust culture of compliance usually includes regular internal communications on ethics and compliance issues – reminders, statements from the CEO and senior managers, encouragement of reporting employee concerns, and even ethics vignettes or other creative techniques to underscore the culture message.
Business ethics decision-making framework. A company committed to an ethical culture will be able to cite instances in which they actually applied an ethical business decision framework for considering an important decision. Listen carefully to these examples when described by senior leaders. If the compliance person is given a seat at the senior business leader table, then there should be an established structure for these issues to be discussed and decided. For example, if the CCO sits at the senior management meetings, and this framework was used to discuss an important business issue, that is a positive sign. If the issue was discussed in a haphazard context, that could be a warning sign that the company may be lacking in such a framework.
Organizational justice. A company’s commitment to organizational justice is fairly easy to evaluate. Even walking the halls of a company can give you insight into the atmosphere and the culture. But if you are able to observe that the company spends time and effort to communicate a system of organization justice, that is a very good sign. In particular, it is important to look for an established investigation protocol, reminders of company commitment to non-retaliation against whistleblowers, statements encouraging raising of employee concerns, and a robust reporting system of avenues for employees to communicate concerns.