Why compliance encompasses more than integrity

21 Jan 2022 | Author: Shirani Alfreds

It is also an intentional communications strategy.

As 2022 starts with renewed ‘intentions’ (replacing the more traditional notion of ‘resolutions’), there is no better time for businesses to ‘intentionally’ think through their compliance strategies for the year ahead.

This is especially given various headline-making, high-profile breaches in 2021, ranging from the mismanaged risks of financial services heavyweight Credit Suisse, to the misuse of data by Amazon Europe, and the ethical breaches of Meta (formerly known as ‘Facebook’).

The above range of breaches displays how compliance has transitioned from hard law offences to including more values and ethics-based transgressions. Organisations are consequently modifying their compliance approaches from being rules-based to integrity-based, which also enables building culture.

Yet, there are still breaches, indicating something is missing. This could well be the lack of an intentional communications strategy which:

(i) internally stipulates and streamlines behavioural expectations of an organisational ‘code’ of ethics, values, and principles (a ‘code’); and

(ii) externally reaffirms the same code to clients, investors, and other stakeholders creating accountability.

It is essentially no longer enough to hope that an organisational playbook with vague notions of ‘integrity’, and management murmurings of ‘walking the talk’ can create a robust and ethical culture. The code must be consistently reinforced and affirmed via a communications strategy that simultaneously reduces corporate and organisational risks, and builds positive culture.

Distinguishing between rules-based and integrity-based codes

Source: FreshBooks

Understanding the difference between rules and integrity-based codes is fundamental to creating a strategy, given their very different premises.

The former ensures good behaviour by avoiding legal sanctions, and usually involves external measures in preventing, detecting, and punishing non-compliance. The latter is more self-policing, relying on individual integrity (defined as ‘the quality of being honest and having strong moral principles’) to govern appropriate action and behaviour.

Organisations are increasingly adopting the latter approach as it encourages greater independent thought and autonomy. For example instead of stipulating ‘if you engage in bribery, you will go to prison’, or ‘those who sexually harass will be fired’, an organisation would say ‘we value transparency in business transactions’ or ‘we believe in diversity, equity, and inclusion’ (DEI).

This also empowers individual ethical behaviour which stands a greater chance of adherence than a rules-based code. This is because a rules-based code can easily be abused with people attempting to find loopholes in the letter of the law, instead of trying to abide by its spirit.

An integrity-based approach can also be more easily applied across various departments and types of breaches. For example, from information technology and human resources to supply chain management – stipulating DEI as a value can address hiring bias, harassment problems, or pay gaps.

This additionally builds positive culture by placing the onus on both employers and employees to evaluate and moderate their ethics and values which govern workplace behaviour. It empowers the challenging of undesirable status-quos and any subsequent modification if policies are found to be unabiding by their own code.

An integrity-based approach can also be more easily applied across various departments and types of breaches.

Identifying hurdles

Although an integrity-based code is more adaptable and encompassing, it can also be tougher to inculcate and follow given its nebulous nature. This is where communications are crucial, and being mindful of hurdles in understanding can help formulate a more effective strategy.

One hurdle is that ‘integrity’ is relative as everyone is brought up with different values, ethics, and priorities that may or may not be representative of their backgrounds. They could therefore have very different notions of what it means.

This could be further complicated by people who compartmentalise their lives applying varying ‘codes’ and ethics to different contexts. Some might think, for example, that personal ethics and values have nothing to do with the workplace and that lying to get a promotion is acceptable, for example, but lying in an intimate relationship is ‘different’.

Integrity can also be culturally informed, and organisations with offices and employees around the world may face challenges in formulating a code applying across geographies.

Different cultures might have different understandings of what is or is not acceptable as a matter of norm or practice, or what is legally permissible. A ‘grey area’ in some parts of the world could be a ‘black and white’ one in others (such as paying to receive more expedient services over others). Some actions might be culturally acceptable even if illegal, as laws aren’t enforced.

Understanding these complexities across individuals, offices, and regions requires sensitivity and dedication of thought to eke out what an organisation truly stands for, defines as representative of its code, and which is translatable across regions. This can then be honed for different geographies if necessary, before embarking on a communications strategy.

Communicating internally with clarity and reinforcement

Source: Voice Sifter

As an organisation and its policies can only be as compliant as the people it comprises, ensuring every employee understands expected standards of behaviour is vitally important.

After a code is identified, it might be expressed with explicit statements (such as) ‘we value transparency and honesty.’ There could also be further statements inculcating wider priorities to build culture such as stipulating ‘open-door policies’, ‘flat management’ or ‘flexible work arrangements.’ It is also crucial to explain any monitoring systems, reporting processes, and consequences (if any) for breaches.

Ensuring every employee understands expected standards of behaviour is vitally important.

Secondly, the method by which this is communicated should be well considered. Organisational handbooks and intranets may not be referred to as much as human resources and employers might hope, and do not verify understanding. A more personable and effective approach might be to hold workshops or talks that incorporate mechanisms for confidential feedback and perhaps, anonymous questions.

This allows a ‘safe space’ for all employees to clarify doubts without judgement and ensures everyone ‘gets the message’ — not only those in leadership or management. This can also be executed remotely, and globally.

Thirdly, once a code is identified and communicated internally, it must be constantly reaffirmed into the culture from the highest echelons of management to the newest intern. Robert Chesnut, former Chief Ethics Officer of Airbnb and author, identifies six steps as to how this may be instilled in a corporate environment.

One important way is to talk about difficult situations with statements such as ‘I feel uncomfortable with this — does anyone else?’. Engendering openness builds on other values (such as transparency), enables thought to change action or behaviour, and potentially avoids toxic, negative work culture which, in some cases, is a result of being allowed to propagate over time.

It is not enough to only focus on clarity however — reinforcing this with action such as deploying compliance officers within each department or making ethics a consideration for promotion demonstrates an organisation’s commitment to its code.

However, given an upwards trend in remote and hybrid working, some creativity is warranted as to how to execute reinforcement. This is because creating culture and monitoring breaches is more difficult with reduced office visibility.

One way could be to put in place tangible systems which directly impact compliance. For instance, if ‘transparency’ is identified as a value — given that anonymity and protection of whistleblowers are important to effect compliance (as codified in some parts of the world) — anonymous reporting systems can validate and underscore this.

If DEI is identified, a mobile application enabling reports to be uploaded at any time and anywhere reinforces how seriously a breach is regarded. These measures also ensure that responsibility for inculcating positive culture doesn’t only fall to leadership, legal counsel, or human resources, but the entire organisation.

Communicating externally to create accountability and build branding

Source: Rhythm Systems

With an acceleration of breaches, not only is there increased regulatory scrutiny for organisations to “dot ‘i’s and cross ‘t’s”, but given the transformation of corporate responsibility due to hyper-transparency and rise of ‘cancel culture’, there is greater public accountability.

In this day and age, higher ethical standards are expected not only of organisations but the individuals within them– especially those in positions of power or influence. For better or worse, everyone is expected to behave – but unfortunately, just knowing something is wrong doesn’t stop the wrongdoing.

Higher ethical standards are expected not only of organisations but the individuals within them.

This is where accountability is an important safeguard, and communicating a code explicitly to clients, investors, and other stakeholders creates a powerful one. If there is an external expectation that all employees will abide by their organisational code, this ‘gives permission’ to those parties to do something about it if it is breached.

White papers and environmental, social and governance (ESG) requirements create some level of corporate accountability, but all it takes is for one malfeasance to compromise a brand or reputation. As such, some companies have set up third-party monitored reporting mechanisms for the reporting of wrongdoing. Yet others might employ communications professionals to hold them accountable in conveying their codes responsibly.

This could also be done with prospective employees to protect organisational culture. For instance, to harness a Great Resignation trend (whereby employees are seeking jobs that align more with their values), communicating expected behaviour on hiring websites, through head hunters, or at the outset of an interview can help winnow employees.

Enabling ‘buy in’ from the outset of organisational values can help reduce the risks of non-compliance as people are more likely to abide by a code if they have consciously identified this to be resonant with their own values. This also promotes loyalty with less attrition, creating better culture.

Externally communicating the code consistently has the added long-term benefit of building corporate identity and reputation to eventually become a brand synonymous with positive ethical culture and organisational integrity.

A brave new (compliant) world

The ever-widening net of compliance, together with increasingly varied work arrangements, means that robust, committed thought must go into crafting a communications strategy that complements an integrity-based code. This can bring to life desired corporate and organisational values which reduce risks ranging from white-collar crime to DEI, and build meaningful culture.

Integrity also needs to be exercised in the process of crafting both the code and accompanying communications however, as it would defeat the purpose to stipulate idealised values and principles that cannot be practically abided. The code should be drafted honestly and transparently, as one which is known to be viably reinforced internally, and credibly communicated externally.

In doing so, organisations can better demonstrate their commitment to effecting genuine compliance — thereby affirming their own integrity.