Perhaps the most disturbing conversation I heard this year went as follows:
Me: “So what interaction do you have with your Ethics and Compliance (E&C) team.”
Head of sales at large multinational business: “Once a year I get an email from them listing who has not done their annual Code training.”
Ok maybe not the ‘most disturbing’ – I have two teenage children, but right up there.
Sadly this was not an isolated event; so when did some E&C departments become events planners? These focussing on a few annual tick box events, sending out invites, chasing RSVPs and following up on non-attendance.
I have the good fortune to work with lots of outstanding E&C professionals and this is not what they signed up for. The overwhelming majority want to positively impact the culture in their organisations, knowing that given the opportunity they can make a difference.
How did we get to this position?
In many ways it is due to the success of the ‘E&C industry’ and the push from regulators for data. However, from positive intentions it appears we have industrialized many of the E&C activities when what was really needed was to humanize them.
We are overwhelmed with learning and content management systems that schedule, deploy, track and report on how our users are ‘progressing.’ The sad reality is, that in many cases they are not progressing they are ‘complying’ with a programme and in an age where increasingly what matters is what you measure this is deemed good enough. It really isn’t and regulators are waking up to this.
So who is to blame?
The road to hell is paved with good intentions – none of the early compliance explorers set out with negative intent. But in the drive for process over effect we are all to some extent culpable. The regulators did set the tone – for example in the early days of anti sexual harassment training in California it was a requirement that employees spent two hours doing training every two years, so systems evolved to deliver this, exactly this and nothing more than this.
Business leaders like to be able to track and report – rightly so, but what we track are completions and confirmations, not understanding and commitment.
Those of us in the E&C industry need to shoulder some of the responsibility, with some fantastic exceptions we have failed to successfully make the case for a better balance between process and completions and driving thoughtful E&C discussions. Discussions where teams can debate and grapple with their E&C ambitions and come to more considered and sincere commitments. There is much more compliance today than ever before but I’m not sure that there is less poor conduct. This is a challenge, but it is also the most enormous opportunity.
Why is the conversation so important?
When was the last time that a compliance issue came into an inbox labelled as follows?
Subj: Evil plan to price fix and screw over the consumer
Attch: Highly sensitive pricing plans
Bad stuff often develops gradually; you have been on the standards committee for years, there has always been a bit of banter with your competitors but times are tougher and the conversations are a bit more pointed or you are heavily emotionally and intellectually invested in a deal and at the last minute a new third party is introduced who can seemingly guarantee success. These are not issues of knowledge – taken in isolation most corporate employees could identify exchange of sensitive information or bribery risks. The issues are behavioural.
The subtlety of workplace situations is hard to convey in an eLearning module or a 145 slide deck on Sapin II. Compliance may be the last area that many still attempt to deliver in the abstract. When instructing an employee on how to drive a fork-lift truck we don’t spend the session explaining the internal workings of the motor. Before using MyHR to record leave requests I don’t need a thorough grounding in object orientated programming.
On most workplace activities we look at knowledge, skills and behaviours. When it comes to compliance matters we all too often neglect the behaviours. You will need a few experts who can navigate the minutia of export controls but for most employees this is unnecessary, confusing and can actually get in the way of doing the right thing.
What can be done?
Dealing with human conduct is seen as more difficult. It’s hard to measure and many organisations have no process for this kind of intervention. We are now seeing more and more organisations embrace the 70/20/10 model which has been pushed forward by learning and development teams for many years. This model suggests that:
70% of learning is informal on job related learning
20% is from peer to peer interactions
10% from formal classroom events
Most E&C interventions are firmly in the 10%, is this really addressing the needs of our employees or the demands of the regulators? More and more legislation is looking at how organisations are embedding the regulations within normal operating procedures rather than as an end of line check. The new GDPR regulations are an example of this change focusing on ‘privacy by design’. This focus on application and usage will need to be matched by the education that supports it. Doesn’t it seem a bit bonkers to have a generic 40-minute data privacy module when what really matters is how your organisation has implemented the controls?
I’m not for one-minute advocating throwing out the systems and the measurements, they do have a critical role to play. But in my view we’re letting them dominate the heart of E&C too much. As a species, we are at our core social beings; we emerge into this world with very limited capability and spend our formative years learning from the interactions happening with and around us and through this we develop capability.
When it comes to E&C we have to recognise the potential of the interactions we spark, we need to move from events to conversations and increase the frequency with which we have these discussions. We need to get happy with less control of every E&C conversation, but gaining more true reflection, discussion and mutual development of E&C commitments. We need to sell a more active role for all leaders and managers, not just by highlighting the downside, but by leading with the release of discretionary effort and the increase of engagement levels when teams see an alignment of stated values and leadership actions.
None of this means we lose annual sign-offs, strong process and controls, but they exist to support a companies working culture ambitions, not to define the culture.
Putting conversations at the heart of learning are nothing new. Socratic discourse is a well-worn path to understanding. There is not much in compliance that will be earth shatteringly new for most employees. The real challenge is to cause the reflection points that enable an employee to identify potential risk points and to recognise our often faulty decision making processes. A more positive conversation then goes:
Me: “So what interaction do you have with your E&C team.”
Head of sales at large multinational business: “My team talks with them most weeks, we see them as key partners in enhancing our culture and therefore our performance. I have regular E&C discussions with my teams and I expect that of all our leaders. It’s a core capability for thriving here.”
Me: “You had me at my team talks.”