Two Reports CCOs Should Read Right Away

Sometimes useful material floods into the corporate compliance world, and this week is one of those times.

We have two new documents worth your consideration: a report from the Society of Corporate Compliance and Ethics; and new guidance on measuring corporate culture from the U.K. Financial Reporting Council.

Each one deserves in-depth analysis in its own right. I promise to do that eventually—but since Radical Compliance is only the work of one man, let me first give a quick summary of both, and how a CCO might want to place them both in today’s business context. Then I recommend you start downloading.

SCCE finds that opinions differ on purpose of compliance programs. Many thanks to the SCCE for its always-useful research. This latest survey examined what compliance officers believe the purpose of a compliance program is, versus what other executives believe the purpose is—and, to regrettable but little surprise, we have a big difference of opinion.

Half of all compliance professionals said the primary purpose of a compliance program should be to promote an ethical culture, and another 35 percent said the purpose should be to prevent misconduct. But when those same compliance professionals were asked, “What does senior management believe the purpose is?” 42 percent said management believes the purpose is to satisfy external reporting requirements. Promoting an ethical culture placed a distant third at 13.3 percent.

My first reaction is that a perception gap that wide means compliance officers still have lots of work ahead to achieve “Compliance 2.0”—a world where compliance is taken seriously by the board and other senior executives, and where those groups want to cultivate an ethical culture because it saves regulatory headache in the future and might even give the company a competitive advantage.

Beautiful idea. The numbers aren’t backing it up yet.

UK gives some ideas on boards and corporate culture. The Financial Reporting Council is Britain’s regulator for the accounting profession and to promote high-quality corporate governance. It just published a report, “Corporate Culture and the Role of Boards,” to explore what CEOs and boards mean when they talk about corporate culture, and how their thoughts about culture color everything else they do to oversee the business.

Partly the report is a bit frustrating, because it brims with all the usual keywords in a discussion of corporate culture: lots of talk about alignment and strategy and risk objectives, as we always see in other guidance about corporate culture. Middle management must be engaged, silos must be avoided, trust with stakeholders must be cultivated. Yawn.

The more useful parts are a few lists of questions that board directors can ask themselves and senior managers, to be sure that they are focusing on corporate culture in productive ways. The report also includes a few case studies that might give you ideas to bring to your own organization, and that’s always helpful.

The really interesting exercise, however, is to ponder all this talk about ethics, culture, and leadership raised in the FRC report—and then try to square that with the disconnect over ethics, culture, and leadership in the SCCE survey. The two narratives don’t mesh.

For example, the Financial Reporting Council includes some statistics of its own, from a poll of several dozen CEOs and board directors. One question was how often the board discusses ethics and culture as part of its regular agenda: 33 percent said every six months, 28 percent said once a year, and only 6 percent said quarterly. The sample size is admittedly small (18 people) but these are senior executives at large, publicly traded British companies—their answers are telling.

If senior executives in the FRC report say they are talking about ethical culture more and more, but only a handful devote board time to the subject on a regular basis… well, that kinda supports the disconnect that chief compliance officers are reporting in the SCCE survey. It suggests we have more work to do putting ethical culture into practice, and that perhaps senior executives like saying that ethical culture is important (just try saying otherwise), but aren’t necessarily putting real muscle behind those words.

At the very least, as a certain presidential candidate known for not taking things seriously might say, something’s going on.

1 Comments

  1. Donna Boehme on August 9, 2016 at 3:32 pm

    Matt nice post. This tells me that CCOs have a lot more work to do to educate Boards and management about their roles in Compliance. This is also a hangover from the old, flawed Compliance 1.0 model driven by Legal. It is silly to expect non SMEs to be able to articulate the purposes of the multidimensonal effort that a Compliance program requires. In a Compliance 2.0 world, true Compliance SMEs are positioned to pursue their independent mandate, which includes supporting a culture of ethical leadership. accountability and transparency. When CCOs with true SME are positioned for success, they have the independence, empowerment, line of sight, seat at the table and resources to do the job well, and this includes being impactful at senior levels without being filtered or misdirected by any other senior official like the GC or CFO. It’s no surprise that Compliance 1.0programs led by lawyers with no true SME trying to “do” compliance like ‘paint-by-number’ (‘DIY compliance”) would be missing critical features that support good cultures of integrity, accountability and transparency. Real CCOs with true SME understand these nuances, but labor law oartners (VW) and in-house legal draftees (GM) do not. These are missing from their paint-by-number kit. As you point out, the new model f Compliance 2.0 should help to close these gaps in the organization. One of the first tasks of the Compliance 2.0 CCO is to educate everyone in the organization, including management and the Board, about the purpose and operation of the compliance program – as the critical management too that it must become.

Leave a Comment

You must be logged in to post a comment.