Study: Most CCOs Don’t Review Incentive Risks
A new report from the Society of Corporate Compliance & Ethics finds that most chief compliance officers don’t review incentive-based compensation for possible misconduct risk—an alarming conclusion, since incentive pay is often what causes misconduct in the first place.
According to the report, which surveyed more than 400 compliance professionals, only 23 percent have opportunity to review management incentive plans before senior executives approve those plans; another 8 percent could review the plans after approval. A whopping 52 percent said they never review management incentive plans at all.
What about incentive plans for rank-and-file employees? The numbers are marginally better, but still troubling: 25 percent can review those plans before approval, 12 percent review them after approval, and 46 don’t review at all.
Even worse, a solid majority of companies offer incentive plans, particularly for managers: 73 percent at for-profit companies, 57 percent at nonprofits. So not only do we have this blind spot of conduct risk; it also exists at organizations all over the place.
“This incentive study might shock some board members. There may be no greater return on your time and effort to build a compliant and ethical culture than to align the organization’s incentive program to it,” SCCE’s chief executive, Roy Snell, said in a statement accompanying the report. “This may be the single greatest missed opportunity I have seen in compliance and ethics programs.”
Snell is not alone. Earlier this year William Dudley, president of the Federal Reserve Bank of New York, raised this precise point in a speech to bankers in London. First, he said, a bank must decide what its core values are; then it needs to ensure its incentive plans support those values rather than ignore them. Those observations apply well beyond the financial sector.
Moreover, the Justice Department is getting in on the incentives act too. In the guidance it release in February about evaluating the effectiveness of compliance programs, the department specifically asks: “How has the company considered the potential negative compliance implications of its incentives and rewards?”
Now It Gets Awkward
The most important point above is that the Justice Department is asking about incentives and misconduct as it evaluates your compliance program—which means you need to provide an answer. And right now, if the SCCE report is any indicator, for a majority of companies the answer is to say, “Ummm…” and stare at your shoes.
That’s not a good answer.
So compliance officers need to bring up this issue with HR, the audit committee, the CEO, or whomever at your organization establishes incentive pay plans. That conversation isn’t likely to be easy, because a good incentive plan will (as Dudley argued in his speech) support the company’s core values and priorities.
If the company truly wants to be an ethically rigorous organization, then, it will need to articulate exactly where ethical conduct falls on the priority scale. You’ll need to say it’s more important than hitting sales goals, or meeting market expectations on earnings. Those ideas are easy to say, and rarely do we meet a senior executive who says anything but “ethical conduct is our highest priority.”
But put those words into the action of an incentive plan. It’s much harder to do.
In fact, we should split a few hairs at this point. We do increasingly see companies say they include ethics and compliance as criteria when reviewing senior executives’ annual compensation package. That’s a good practice, but it isn’t what the Justice Department asks about in its guidance, nor what the SCCE talked about in its survey.
Including ethics and compliance in compensation reviews is rewarding people for doing the right thing, or punishing them for doing the wrong thing—after the conduct is done. The Justice Department’s question is trying to get at how much the company considers whether incentives might tempt employees into misconduct before they do anything.
We all know the compliance horror stories caused by misguided incentive programs. The obvious example is Wells Fargo: its incentives were negative, pressuring employees to meet sales goals or they might get fired. A more subtle, sophisticated version of the threat, however, is Mylan Labs. Its incentive program for senior executives was positive, in that it drove them to a strategy of relentless price increases for its Epi-Pens—perfectly legal, but offensive to most people’s moral sensibilities.
That’s the sort of conduct risk chief ethics & compliance officers should worry about, and I suspect many of you do. Unfortunately, the SCCE report implies that at many companies, you’re the only one who is. Let’s hope that changes in the future.