Compliance and Ethics: 3 Steps to Get Your Company on the Right Track

A culture of compliance and ethics requires risk assessment, training, and monitoring.

Compliance and ethics have become far more than topics of passing mention in MBA courses. From high-profile issues at Enron, WorldCom, Tyco, and others to the global financial meltdown and excesses of major banks, the media and public pay an increasing amount of attention to corporate activity. Wrong actions made by anyone in a company can increase distrust from customers and clients and damage brand value.

Key Takeaways
  • Don't simply talk about compliance and ethics; build a practical culture that enforces them.

  • Risk assessment, training, and monitoring are the three pillars of an ethical culture.

  • Top management must set the right example.

Compliance and Ethics: 3 Steps to Get Your Company on the Right Track

Staying on the correct side of compliance and ethics is both the right and the smart thing to do, but striving for ethical operation can be like making New Year's resolutions: you say you want to lose weight, but somehow it never happens. Wishes alone are insufficient. To lose weight, you need to change your eating and exercise habits. To ensure compliance and ethics, you need to create a "culture of compliance," as GE Capital Chief Regulatory Officer and Compliance Leader Michael Silva puts it.
With the proper mechanisms and culture in place, compliance and ethics move beyond a stated principle that management hopes is enacted by employees. Instead, the entire business is given a framework to follow: all employees are aware of risks, know the proper actions to take in any given case, and are committed to doing the right thing. This helps a company prevent problems, detect when something wrong has happened, and respond to issues quickly and thoroughly. The process of creating a culture of compliance can be divided into three stages:
Risk assessment. Executives undertake a thorough risk evaluation of potential ethical problems. This analysis is done like any other risk assessment: specific issues are identified, and potential problems are matched with appropriate solutions.
Training. Identification of problems without implementing solutions is useless, but action must be taken at the individual-employee level, not just within the C-suite. Lean heavily on training so your employees understand the ethical, legal, and regulatory implications of what they do.
Monitoring. The final step is to watch key risk and performance indicators that can alert employees and management to problems.
In addition, top management must establish precedent. Recognize the influence you have on employees, and set the right example by observing regulatory and compliance policies. Be sure that all employees feel safe in bringing problems to management's attention, and exhibit a zero-tolerance policy for any form of retaliation toward people that call out concerns. Make compliance a regular topic of discussion with employees, managers, and colleagues.
Only by turning principles into policies and monitoring their success can a company get beyond wishful thinking when it comes to compliance and ethics. Business leaders must instill a culture that encourages taking the proper, necessary actions.
Author Bio
Erik Sherman is a journalist and author whose work has appeared in such publications as The Wall Street Journal, The New York Times Magazine, Newsweek, the Financial Times, Chief Executive, Inc., and Fortune. He also blogs for CBS MoneyWatch. Sherman has extensive experience in corporate communications consulting and is the author or co-author of 10 books.