The compliance message to companies from Washington is practical and encouraging. Regulators are not looking to reward check-the-box programs or companies that simply say the right things about integrity in their Codes of Conduct. They are looking for innovative approaches that work to prevent misconduct in the real world, and can be measured.
The problem of course is identifying and measuring what works. We have lots of compliance metrics like training completion rates and the number of helpline calls, but none of them measures fully the impact of our programs on ethical decisions by individual employees. In fact, research shows that many of the activities credited under the federal sentencing guidelines may actually be counter-productive. For example, training that is regarded by employees as a check-the-box exercise is viewed as insincere and undermines compliance with policies.
So what works?
The answer may seem somewhat novel because it involves giving credit for an approach rather than a result. Therefore, it must be an approach that we know works based on controlled studies and personal experience. And that is the behavioral approach to compliance.
This is not a new idea. It has now been many years since Dan Kahneman published his Nobel Prize winning research on human behavior and Dan Ariely became a superstar with TED Talks on irrational and rational human behavior. Leading behavioral ethics researchers, including Ann Tenbrunsel of Notre Dame and Linda Trevino of Penn State, have shown that concepts such as leader and peer influence, ethical fading, and blind spots have practical implications for compliance programs. This research has firmly established that compliance programs with communications, training and controls informed by behavioral ethics learnings are more successful in reducing the likelihood of misconduct and increasing the likelihood of whistle-blowing behaviors.
How does one measure a company’s use of the behavioral approach? I suggest that in order to receive credit, a company’s compliance and ethics function should be able to demonstrate a continuous three-step process.
The first step is to establish an in-house compliance curriculum to educate the compliance function and others about relevant research and learnings. At a minimum, the curriculum should include discussion of research in behavioral ethics, behavioral economics, and psychology. Other relevant topics include organizational theory and case studies of notable disasters such as the NASA Space Shuttle explosion and the Fukushima nuclear meltdown, which demonstrate the role of power and hierarchy. Another useful topic is corporate lingo given the use of euphemisms such as “creative accounting” and “technical violation” in companies to hide and rationalize misconduct.
Second, once the company’s compliance professionals are trained on academic research, do they routinely use these learnings in all aspects of the company’s compliance program? This can include revising a Code of Conduct to harness the power of peer influence; anticipating the problem of ethical fading though just-in-time training or training which places employees in real life ethical dilemmas while under business pressure; and developing a communications toolbox to drive employee behavior and minimize employees’ rationalizations of misconduct.
Third, does the company use data analytics to check on and enhance the behavioral approach? This can involve complex “big data” or be as simple as requiring investigators of compliance allegations to routinely include an analysis of the behavioral causes of the misconduct in their findings. Analysis of these insights can be shared across the organization to prevent future misconduct.
Crediting the behavioral approach is not as simple as adding up the number of trainings or helpline calls. But it is one of the things that works, and it can be measured.
Timothy J. Lindon is the Vice President and Chief Compliance Officer at Philip Morris International Inc.
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.