What is a "Culture of Compliance" anyway?
Lately I’ve been thinking a lot about what it means to have a “culture of compliance.” I know … I sound super fun at dinner parties!
The business often thinks a culture of compliance is when the CEO or another executive tells her team that we take compliance rules seriously. This isn’t enough.
At its core, a culture of compliance is an environment where the entire business management team is committed to doing business the right way. This environment fosters compliance curiosity throughout the organization, a shared understanding of what activities are riskier and a willingness to adopt more conservative rules or greater documentation requirements. This environment makes people feel comfortable to ask questions and raise issues when behavior seems problematic.
Practically, when I think about a culture of compliance, these are the attributes I look for:
Your legal and compliance teams are seen as partners that help to solve the problems of the business. They are routine participants in business meetings and proactively consulted. An organization or manager that seeks forgiveness rather than proactive input is problematic.
Your legal and compliance teams have educated the business on the highest risk activities. Every compliance rule is not equally important, and business teams should understand what’s a land mine versus a speed bump so they can focus compliance curiosity on these issues.
Compliance questions and concerns are raised proactively to legal and compliance either directly (ideally) or through a helpline. Don’t assume that just because questions or issues aren’t being raised that it means there are no issues. It could also mean that people don’t feel comfortable coming to compliance. In my experience, most whistleblowers become a whistleblower because they feel the company wasn’t or wouldn’t listen to them.
Once compliance issues are raised, employees believe concerns are taken seriously and, if necessary, properly investigated. This means the business supports a thorough investigation done through standardized investigation guidelines and doesn’t hesitate when a senior leader or superstar sales person is involved. I’ve heard business people say we don’t want to dig to deep because we might find more problems. In the life sciences business, problems will find you if you don’t find them first.
Legal and Compliance teams are eager to have discussions and provide clear communications in response to questions about whether an activity is appropriate. Lawyers and compliance professionals need to be able to explain both why behavior is problematic and, if it is not problematic, why it is ok. If we can’t explain why something is appropriate then the business needs to think a little more about the activity.
I’d love to hear from others. What am I missing here? What are your challenges to creating a culture of compliance?
If your company is also thinking about its culture of compliance, I conduct effectiveness compliance assessments designed to assess these issues, can help you optimize your investigation protocols and work with legal and compliance teams on risk evaluation and clear communication. DM or email me!