Growing up, I was always told, and I am sure you were as well, that actions speak louder than words. Or you can talk-the-talk but can you walk-the-walk? It was an encouragement to ensure that what we tell people we do is what we actually do. That we do not live a fictitious life by portraying to the world that we are something that we really are not.
This is true on an individual level, but it is just as true in an organization. Organizations need to be organizations of integrity. What we communicate to the world about our policies, compliance and ethics practices, values, code of conduct, regulatory commitments, and now ESG statements is a reality in the organization and not fiction. The Chief Ethics and Compliance Officer (CECO) has become the Chief Integrity Officer of the organization. Integrity is a mirror. What we tell the world what the organization is about, is that what is truly reflected back to us in our behavior and operations?
This is why organizations need to operationalize compliance. There is a big push to move beyond paper-based compliance programs that look good in policies and procedures but are poorly implemented in operations. Enron had a great Code of Conduct that others copied, but it failed in implementing that Code of Conduct. If you look at the consent decrees, deferred prosecution agreements, non-prosecution agreements, and corporate integrity agreements by regulators and law enforcement over the past fifteen years you will see a lot of pressure that organizations move compliance outside of legal. Legal has the duty to deny and protect while compliance has a duty to discover and fix. The focus of law enforcement, regulators, and even the courts in the US Organizational Sentencing Practices is to ensure compliance is operational and more than a fictional program on paper.
Businesses that want to strategically operationalize compliance should:
- Assign a Chief Ethics and Compliance Officer. The organization should have a clearly defined CECO that is responsible for ensuring the integrity of the organization. In an era of ESG, it is often the CECO that is being given ESG reporting responsibilities as well. This role is one of coordination as there are many departments of compliance across the organization that specialize in compliance in specific domains: human resources, IT, accounting, environmental, health and safety, quality, import/export, procurement, and more. This role coordinates compliance and ethics across these departments.
- Operationalize Compliance & Ethics. This means bringing the CECO and this department outside of legal as its own function that reports to senior executives and the board of directors. One large global Fortune brand has done this by splitting responsibilities. They have legal compliance under legal that interprets laws and regulations and applies them to the organization’s context and they have operational compliance outside of legal where the CECO sits to ensure that compliance is done day in and day out in the organization’s operations, transactions, and employee behavior.
- Integrate ESG into Corporate Compliance and Ethics. At the end of the day, it is the same mission: what the organization commits to in ethics, values, and obligations are adhered to. It is a mission of integrity. Leading ESG – environmental, social, governance – initiatives are most often being led by the CECO and the corporate compliance and ethics department.
- Consider the Extended Enterprise. The modern organization is not defined by brick-and-mortar walls and traditional employees. The modern organization is an intricate web of suppliers, vendors, contractors, consultants, outsourcers, service providers, and more. Their compliance and ethical issues are the organization’s compliance and ethical issues. Compliance extends across the extended enterprise of third-party relationships.
- Equip the organization with the right compliance information and technology architecture. Operationalizing compliance requires that the organization have a unified compliance and ethics information and technology architecture to manage compliance workflow, tasks, assessments, reporting, and monitoring. Documents, spreadsheets, and emails do not work for compliance and slow the organization down when it needs to be efficient, effective, and agile in compliance. The right technology foundation is the key to operationalizing compliance in the modern enterprise.
Considering how technology can help boost organizations’ compliance performance, it is incredibly wise that business leaders choose a robust compliance software to operationalize and automate their compliance processes.