Getting Started on Compliance Incentives

Last week I had the privilege of moderating a webinar on how to structure and use incentives in an ethics and compliance program. This is good, because incentives are one of those ideas that we all know should be in your program somehow, but using them smartly and at scale is tricky. My notes are below.

First, let’s remember that regulators do want to see incentives in corporate compliance programs. For example, the Justice Department’s guidelines on effective compliance programs say that you should have both positive incentives for good behavior and negative incentives for bad behavior. The guidelines offer examples of positive incentives for all employees (“promotions, rewards, and bonuses for improving and developing a compliance program or demonstrating ethical leadership”) and suggest that compensation packages for senior executives should be structured to include incentives, too: “What percentage of executive compensation is structured to encourage enduring ethical business objectives?”

The Department of Health and Human Services, meanwhile, has its own guidance on effective compliance programs and devotes two pages to incentives, including this:

Entities also should develop appropriate incentives to encourage participation in the entity’s compliance program … Excellent compliance performance or significant contributions to the compliance program could be the basis for additional compensation, significant recognition, or other, smaller forms of encouragement.

OK, message received: regulators want to see compliance programs include incentives that drive employees to better behavior. But how, exactly, do you build an incentive program that works? That’s the part the guidance never really talks about.

First, Focus on What Matters

Back to last week’s webinar. Both speakers stressed the importance of careful planning so that your incentive program succeeds. Compliance officers need to figure out (a) the ethical behaviors that support your organization’s overall business objectives; and (b) which incentives will drive those ethical behaviors. What’s more, those ethical behaviors need to reflect your company’s biggest compliance risks.

For example, say you’re a pharmaceutical company that does lots of sales to doctors or healthcare practices. That means you probably host lunches, research symposiums, and the like; and that one of your primary compliance risks is the Anti-Kickback Statute, which prohibits you from showering medical professionals with goodies so that they’ll buy more of your product and bill it all back to Uncle Sam.

To comply with the Anti-Kickback Statute, you need to keep meticulous records of which doctors are invited to your symposiums, how much money you spend on food and travel for them, and so forth. So that’s the compliance behavior you want to emphasize, with incentives that reward sales teams for compliance with your documentation protocols. 

On the other hand, if you’re a global logistics and transportation business, your big business risk is working with an overseas partner that’s under U.S. sanctions. In that case, your compliance objective is to perform thorough due diligence on overseas partners before entering a transaction with them. So you want incentives that reward employees for performing due diligence checks and reviewing large transactions. 

Different businesses, different risks, different compliance behaviors you want to drive; which all means different incentives.

Could both companies above also offer incentives for, say, employees completing their compliance training? Sure, and developing incentives for training completion probably wouldn’t even be that hard. But training completion rates are rarely going to be your primary compliance risk, and they don’t tie to the company’s business objectives — certainly not in the same way that documentation matters for pharma companies, or due diligence matters for global shipping businesses.

The name of the game here is alignment. Your incentives need to drive behaviors that align with your most important compliance risks, and with the business objectives your company wants to achieve.

The Administrative Structure

OK, let’s say you know what your primary compliance risks are and the incentives you want to use to address those risks. What then? How do compliance officers take your incentive ideas and weave them into daily enterprise operations? We spent a fair bit of time on our webinar talking about how compliance officers must work with other voices in the enterprise — principally HR and the leaders of First and Second Line operations teams — to get that done. 

For example, most companies have some sort of internal compliance committee that meets regularly to discuss the compliance risks that the business faces and how to keep those risks at acceptable levels. That committee is an excellent place to start the conversation about incentives, since it already brings together most of the voices in your organization whose support would be necessary for incentives. You could, for example, just raise the issue in the next compliance committee meeting: “Can we discuss ideas for incentives to drive better compliance behavior?”

If you’re trying to launch compliance incentives for the first time, be prepared for other team leaders to be wary of your intentions. Executives tend to be territorial about their teams and how those teams are run, so if you start by presenting a formal and complicated plan — “Here are the criteria we’ll be using to measure employees’ integrity, and if they fail they might be fired” — you’ll be lucky if you’re not tossed out the conference room window.

Instead, you’ll need a strategy of collaboration and consensus. One webinar speaker said she began by convincing HR to add a compliance-related question to performance reviews: “How has this employee contributed to the company’s integrity and ethical goals in the past year?” 

A question like that accomplishes two things. First, the answers help HR and compliance understand what employees are doing (and what you might need to encourage for behaviors they aren’t doing enough). Second, it acquaints team managers with the idea that assessing employees on ethics and integrity is something they should do.

Practical Challenges for Incentives

OK, so what are some of the objective criteria compliance officers might use to assess employees’ ethics and compliance behavior? Our speakers and attendees rattled off a list, including:

• Completion of compliance training
• Completion of other compliance duties, such as third-party due diligence checks
• Expense reports that fall within defined requirements
• Code of Conduct violations
• Policy violations, including data privacy or cybersecurity failures
• Reports of retaliation

Those are all solid criteria, but I do see a weakness here: most of the above are compliance-focused criteria, where an employee can be punished for doing something bad. That’s not the same as integrity-focused criteria that reward the employee for doing something good. 

That is, sure you can trim an employee’s bonus for various failures to follow every aspect of the compliance manual. But what about a senior sales executive who turns down a lucrative deal because the business partner stinks? How do we reward someone who demonstrates ethical leadership? What should that reward even be: fulsome praise from the CEO, or two extra weeks of vacation? Or a guarantee that no, the sales executive won’t be moved up the layoff list for missing his or her quota? 

We struggled with that issue quite a bit. Everyone knows that positive reinforcement to reward good behavior is better for corporate culture and long-term success than negative reinforcement to dissuade bad behavior. Translating that simple concept into actual compensation incentives, however, is a maddeningly difficult task — and yet, remember what the Justice Department guidelines say: “What percentage of executive compensation is structured to encourage enduring ethical business objectives?” You’re supposed to figure this out somehow.

That’s enough for today. If you have great incentive strategies that you’re willing to share (confidentially is fine!) drop me a line at [email protected] and tell me what works for you!