Joe Murphy – Compliance & Ethics Professional – January 2017
Compliance and ethics professionals have enough lists of things to do. There is the Sentencing Guidelines list of seven steps. The OECD Good Practice Guidance contains a good, practical list. Various agencies have provided guides with steps you can add to your lists. So we can assume the matter is fairly well covered.
Yet there is a compliance concept that I have generally not seen discussed in the literature in our eld. So to tee up this point, consider this simple question: Of all the compliance steps, which one is the most effective?
Some might point to training. It is certainly important, but can you count on it to prevent violations? Some might say screening to ensure you hire good people who won’t do bad things. True, but all people are fallible, so even the best system will have failures. Perhaps making sure you have a fully empowered chief ethics and compliance officer? That is essential, but no CECO can be everywhere covering everything, and the CECO still has to deal with the reality that people are imperfect.
So what is the element I think is best in preventing violations? This goes back to something I learned while in-house, in a corporate quality initiative. It is a strikingly simple point. What is the best way to prevent quality defects in a process? Eliminate the process. If there is no opportunity for something to go wrong, then you do not need anything else.
The same concept can be applied to compliance. Of course, like the example of quality in production, there is much you cannot eliminate. But the point is to start with the question: Is there any way to make violations impossible? Instead of fixing a process, is it possible to eliminate the process?
This is not to suggest that crime is easy to eliminate. Rather, it is to open up our thinking a bit. Instead of thinking of policies, training, and auditing, the first question should be: Is there a way to make violations impossible?
What about the many instances where this is not possible? I suggest a second level of analysis. Can you make it easier to do the right thing than the wrong thing? If you can get inertia on your side, you have a real advantage.
So before you think about the training, the code references, and the audit plan, try asking first: Is there a way to make it impossible for someone to commit the violation? If not, can you make it easier and better for people to do the right thing than the wrong? This might inspire you to ideas and approaches that you might otherwise have passed by if you always start with your list of steps.