HR has a role to play in establishing an organization’s compliance program and culture, according to workplace law experts. Breaking down cross-functional silos, building credibility by knowing relevant laws and drawing on existing competencies are the strengths and tools HR needs to use.
“You simply must have a working knowledge of the key laws and requirements,” said Reid Bowman, attorney and general counsel of NAVEX Global, a Portland, Ore.-based ethics and compliance firm, during a Nov. 15, 2012, SHRM webcast titled “HR’s Role in Workplace Ethics and Compliance.” Knowledge and expertise are your tickets to the table, he said.
Compliance and ethics programs need to be embedded into an organization to prevent noncompliant conduct and to provide a mechanism for detecting and deterring it.
“Simply having a program or simply having a policy is not adequate,” said Bradley Siciliano, an attorney and shareholder at Littler Mendelson in New York, during the webcast.
In a webcast poll, 70 percent of the more than 600 participants reported that HR plays a strategic role in their ethics and compliance efforts, while 27 percent said HR doesn’t play a strategic role and 3 percent said they don’t know whether HR plays a strategic role.
“The good news is that many of the skills that the folks on this call regularly use already actually help shape your organization’s ethics and compliance function,” Bowman said
He noted HR is “fabulous” at drafting, deploying and enforcing workplace policies; fielding formal and informal complaints; directing, conducting or participating in investigations; recommending employee discipline for policy violations; and training.
“As a result, HR in many organizations is really looked at as the standard-bearer for ethics and compliance, and many people now leading up this function started in HR,” Bowman said.
Nevertheless, organizational silos can hamper effectiveness when complaints or concerns are not shared. HR should ensure there are clear and appropriate avenues through which employees can raise concerns and help monitor compliance developments and the compliance culture, Bowman said.
More Oversight, More Misconduct
It’s not surprising that compliance is keeping the C-suite awake, driving board expectations and generating more scrutiny from audit committees and government regulators. Penalties include multimillion dollar fines and jail time. Recent cases, governmental guidelines and new statutes are raising the bar, webcast speakers said.
They added that new federal sentencing guidelines, the Sarbanes-Oxley Act of 2002, the Dodd-Frank Wall Street Reform and Consumer Protection Act, and the Federal Acquisition Regulation are keeping corporate officers on their toes.
There appears to be more foul play afoot, as well. According to a 2011 National Business Ethics Survey, 65 percent of employees reported that they had observed misconduct in their organization, up from 53 percent in 2007. Meanwhile, the study found that 22 percent who reported misconduct experienced retaliation, up from 12 percent in 2007, and 42 percent reported weak “ethics cultures,” up from 35 percent in the previous study, Siciliano said.
What Makes an Effective Compliance Program?
Siciliano offered several hallmarks of effective compliance programs:
- They prevent, detect and deter noncompliant conduct by making compliance “part of the culture of an organization,” he said. Often, auditors and government regulators complain that programs are too “individual-based,” and that while there may be a good compliance officer or “good people in HR,” the programs haven’t “sunk in all the way down. It needs to be part of your organization’s DNA,” Siciliano said.
- They’re tailored to the company’s risk profile. There are no off-the-shelf codes of conduct or compliance programs. Successful programs factor in the business culture and size, the countries in which the business operates, and business history and risks.
- They are deemed by the government as effective.
Seven Pillars of Effective Compliance Programs
Siciliano said that an effective compliance program tends to have these features:
- Written standards, policies and procedure, such as a code of conduct and gift and entertainment policies.
- Independent senior compliance authority. The program is run by someone with a “high level of visibility and respect” who is independent from revenue-generating areas, such as sales, Siciliano said.
- Education and training. The program broadcasts written standards and procedures and promotes them through online or live training.
- Self auditing and monitoring. Siciliano recommends making a “fake” call to the company hotline to see how the compliance officer responds.
- Enforcement, discipline and incentives. The program makes clear that there are consequences to wrongdoing and incentives for reporting misconduct.
- Reporting channel. In addition to anonymous hotlines, a good compliance program has things like business unit compliance liaisons for reporting concerns, Siciliano said.
- Response and prevention. If the same issues arise repeatedly, it’s clear that it may be time to adjust policies and training.
- How Can You Evaluate Compliance Programs?
- Compliance programs can be evaluated using surveys, benchmarking and focus groups to gauge employee understanding. Siciliano recommends checking invoices and expenses in “high-risk areas” and doing self-assessments.
“A lot of companies have compliance committees that meet on a monthly basis and do qualitative analysis” he said. Exit interviews can provide candid feedback on a program.
Steps HR Should Take
According to Bowman, HR professionals who want to play a key role should do the following:
- Learn “the stuff and the lingo. You need credibility and credibility starts with knowledge,” Bowman said. He recommended Littler’s Corporate Compliance and Ethics practice group; the Ethics Resource Center, which has benchmarking surveys and educational tools; and the legal mandates section of NAVEX Global’s website.
- Influence the structure of the organization’s compliance program. Are essential stakeholders involved and does the program allow people to work in an integrated and coordinated way?
- Leverage policy and training expertise. Make sure policies are consistent and coordinated. Consider “curriculum mapping.” Determine appropriate training groups, and then sequence training to cover necessary topics and provide an adequate refresher without overwhelming employees.
- Ensure clear and appropriate avenues for employees to raise concerns and to ask ethics and compliance questions internally. Make sure managers are trained to recognize a complaint, address it—almost always involving HR or senior management—and to not retaliate.
- Help monitor compliance developments, culture, and the work environment, and then adapt the compliance program accordingly.
Pamela Babcock is a freelance writer based in the New York City area. To read the original article, please click here.