Compliance and Ethics: A Busy Business Crossroads

The real issue in business circles has been how far beyond mere compliance companies ought to go (have to go?) to achieve some sort of credibility for their efforts. With new a government in the UK and a new Congress in the US, the pressure is off a bit, but it is likely to reappear as the underlying issues remain. Matt Kelly explores in Compliance Week:

"Last week I had the privilege of hosting another Compliance Week editorial roundtable, this time co-hosted with Crowe Horwath in Dallas to talk about corporate ethics. We'll have a complete article as usual on that discussion in an upcoming edition, but for now I'd like to share a few personal observations.

Where ethics functions come from. In the spirit of ethics, let's start with some honesty: As much as we all stress our sincere desire to have a strong ethical culture, and how those cultures attract better employees, and lead to better performance, and so forth and so on—many companies still create an ethics function only when they're facing the business end of a regulatory enforcement action. We went around the room asking roundtable participants when and why their companies created an ethics and compliance function, and a common response was, “Well, we had an incident…”

This is important. Companies that create an ethics and compliance department under pressure from regulators face an extra dose of cynicism from employees. Call it the original sin of a corporate ethics function, or a lingering echo behind the tone at the top—but it's something that savvy employees can detect. Why are senior executives suddenly talking up the importance of good behavior? Because the Justice Department or some other regulator told them to talk it up or be indicted, they whisper to themselves (and probably to coworkers). An attitude like that isn't nice, and it isn't easy to overcome, but compliance officers would be foolish to ignore it or not to address it in training sessions.

That said, numerous other roundtable participants did say their ethics and compliance functions came to pass without any strong regulatory pressure. Several people said their compliance programs were direct descendants of pre-existing environmental, health and safety departments. That makes sense, considering how complicated EHS compliance can be. One attendee even that for highly regulated industries, sufficiently extensive compliance rules can become ethics—as in, you have a designated course of action for almost every situation. Or rather, regulations are so extensive that they effectively dictate everything you're allowed to do, rather than merely prohibit what you cannot do. That's an interesting comment.

Code overload. Yes, multiple people said they push their codes of ethics onto suppliers, with the right to audit compliance to those codes. But there's also a degree of ‘code overload' here, with everyone pushing their ethics codes onto everyone else. At some point that gets preposterous, and let's not forget the true motive of pushing your code onto suppliers. It's not to encourage other people to live up to your standard of goodness; it's so your company won't necessarily be sued when a partner does something unethical that you don't know about. This is still, as it so often is, about lawsuits.

Investigations. Jonathan Marks, the Crowe partner and anti-fraud expert who co-hosted the roundtable with me, also raised two excellent points. First, the job of the chief ethics and compliance officer isn't simply to lay down the rules of good conduct: it's to investigate and root out misconduct. A strong ethics and compliance function, therefore, will always have deep roots in anti-fraud duties and be joined at the hip to the legal and internal audit departments. Investigative know-how is absolutely crucial.

Second, most auditors and compliance officers still aren't terribly good at investigations. Marks is fond of saying, “Trust is a professional hazard,” and he's correct. Auditors often get lost in the modern world of spreadsheets and email archives, but the very human element of eyeballing a suspected fraudster in person—of looking at what's on his desk, or the vacation photos on her wall, or the way he treats subordinates—transcends technical expertise.

Same old, same old. I tried to close the roundtable by asking what I thought was a good question: Are employees coming to you with new ethical dilemmas? After all, we now live in this hyper-connected world of social media, and we're tinkering with stem cells, and we're passing off risks to investors in securitized offerings, and all that fun stuff. So this should raise new ethical questions, right?

I didn't quite hear crickets, but there was a long pause. Someone finally piped up from the far end of the table: “No, not really.” Then another bailed me out by providing the perfect answer: “The ethical problems are fundamentally the same. It's just the technology that's making them much more public and much more difficult to resolve.”

That's entirely correct. Twenty years ago codes of conduct neatly spelled out your behavior in the office, and what you did outside the office was largely your business. Now technology has largely erased that distinction. The ethical problems of today can be large, swift and scary, without doubt. But are they truly new? Perhaps not so much.