How to Support Policy & Procedure
The New York Times had a fascinating article last week about discrimination in hiring practices at large corporations. The article also cited a powerful remedy for discriminatory hiring practices — one that compliance officers might want to ponder at length, for what it tells us about effective compliance generally.
Let’s start with the article itself, “What Researchers Discovered When They Sent 80,000 Fake Résumés to U.S. Jobs.” From the headline alone you can surmise the experiment the researchers (a trio of economics professors) performed. They conjured up 80,000 résumés with roughly equivalent experience and qualifications, but various names to suggest whether the fictional applicants were white, black, male, or female.
The researchers sent the résumés to 100 of the largest employers in the United States, in response to roughly 10,000 entry-level jobs those employers had advertised from 2019 to 2021; then they waited to see which candidates received calls back for further interviews. Don’t die of surprise here, but employers followed up with the white applicants 9.5 percent more often than the black applicants.
The article then explores the nuances of which companies discriminated in what ways against the applicant pools. For example, two auto parts retailers (AutoNation and Genuine Parts Co.) favored white applicants over black ones more than any other business in the researchers’ sample group. Companies with the smallest gap between black and white applicants included some of the largest and best-known companies in the United States. (See Figure 1, below.)
Certain industries favored male over female applicants or vice-versa, and they fell along predictable lines. For example, manufacturing companies tended to favor men, while apparel companies favored women. The study also explored any gaps (or the lack thereof) in age or LGBT status.
OK, all fascinating stuff — but what single business practice strongly predicted less discrimination in hiring? A centralized HR function.
Why Centralization Helps So Much
The researchers recorded the voicemails that companies left when responding to those fictional resumes, and here’s where it gets interesting for compliance officers.
When a call came from an individual hiring manager — say, the foreman at the loading dock, or the manager of a retail outlet — those inquiries correlated to more bias in hiring selection. When calls came from a central office of some kind, they correlated to less bias.
One can see why this is. Calls from a central office would typically come from an HR representative, someone trained in hiring procedures and anti-discrimination law and under less pressure to fill a role immediately. Calls from a local hiring manager come from someone trained in operations, and most likely under pressure to fill a job right away so that manager can keep the team moving forward on performance goals.
But the lesson for compliance officers goes deeper than that. It’s not just that HR professionals are trained in policy and procedure, because local hiring managers are trained on anti-discrimination policy and procedure too — and yet, those local managers were still more likely to exhibit bias.
The deeper lesson here is that if you want the best results, you must bake policy and procedure directly into your organizational structure.
That is a crucial ingredient for strong compliance management. People make mistakes all the time: sharing system passwords, allowing high-risk contracts without necessary approvals, injecting bias in hiring decisions, and more. Sometimes those mistakes are deliberate; sometimes they arise from employees acting under pressure. (The New York Times article even noted that calls from local managers “often sounded frantic and informal, asking if an applicant could start the next day.”)
Either way, one wise remedy to all that risk is to use your organizational structure to support policy and procedure. Design roles and responsibilities so that employees have less opportunity to engage in risky behavior, and then you can channel employee activity in the proper direction.
Policy and Procedure at Scale
We can take that point and derive numerous other examples of how it might work in practice. For example…
- A centralized procurement function will help you lower bribery and supply chain risks, rather than leaving sourcing in the hands of local business unit managers.
- A centralized accounting function will also help you lower bribery risk, since they’ll be sticklers for documentation than local business units.
- A centralized IT team will help you lower privacy and security risk, since they can enforce system access controls more diligently (especially if they have close ties with a centralized HR function, telling IT which employees should have what access, and when).
- A centralized compliance team can perform better on pretty much everything, rather than have local compliance officers answer to local general counsels. (Which is exactly the structure that got Walmart into its famous FCPA troubles in the 2010s.)
Financial compliance people will read all this and mutter, “Duh, you’re talking about segregation of duties and we’ve been doing that for SOX compliance for 20 years.” They are exactly right. My point is simply that the rest of the enterprise needs to take that concept and run with it, thinking innovatively about how to define roles and responsibilities into an org chart that lowers compliance risk.
This isn’t a cure-all, of course. Companies will always need a strong and supportive corporate culture, too, so that employees won’t feel the need to take actions that might break the rules. The org chart alone won’t lead to strong compliance performance, and corporate culture alone won’t either. You need both.
Envisioning what you need for a strong culture, however, is easy. (Even if senior leadership then ignores your sensible advice.) Envisioning what makes sense for roles, responsibilities, and the org chart can be a lot harder. Give it the time and attention it deserves.