A colleague recently told me about a problem with an employee at her company. Change a few of the facts about the industry or job position, and it’s a story that’s familiar to many human resources executives. The employee worked at night managing a network for a midsize wireless provider in the telecommunications industry. He knew about security and system protocols. He’d been taught not to duplicate software and other copyrighted content and had signed off on the company policies prohibiting such behavior. Despite all he had been told and everything he had read, he downloaded a bootlegged copy of a popular movie one night for his own use. He probably wasn’t thinking about the policies, or maybe he thought he could escape detection. But he was caught. He was fired and could have been subjected to civil and criminal prosecution. And his company faced a lawsuit from the producer of the movie.
The incident didn’t make the news, and the technician’s actions didn’t destroy his company’s reputation or stock value. But his lack of respect for the company’s values and code of conduct, and for the law, is increasingly common, as reflected not only in highly publicized corporate scandals involving corrupt executives but also in day-to-day ethical lapses among rank-and-file employees. The bottom line is that no matter what companies or governments do, some people are going to commit ethical violations, whether in the executive suite or in remote cubicles. Reissuing codes of conduct and requiring compulsory "check-the-box" training on subjects ranging from antitrust to workplace health and safety may be well-intentioned, but it won’t do much to combat these kinds of issues. As this example shows, the problem isn’t just a lack of policies or communication about what constitutes a violation. The issue is translating lofty vision statements and policies into simple forms of day-to-day behavior that are communicated, understood and applied as clearly as other corporate commitments.
The U.S. Sentencing Commission recognizes the problem and is developing solutions. The commission has proposed amendments to the Federal Sentencing Guidelines that will limit liability for civil or criminal violations if an organization can demonstrate that it has implemented effective compliance programs. Until now, the definition of "effective" was open to interpretation. Now the government’s message will be very direct: Don’t think that filling out forms, drafting carefully crafted policies or producing printouts of the names of employees who sat through training courses will reduce your penalty. The government expects a company to "build a culture that encourages commitment to the law" and to have workplaces that will actively prevent and detect violations. For many, this will mean addressing that disconnect between the policies and training and the way employees actually behave on the job.
Organizations building legal, ethical cultures communicate their vision through their leaders and then continue the process through communication and education. Training often includes learning about specific behaviors that are part of successful business performance. Employees know, for example, that no matter what the issue is and who is involved, lying, fabricating records or covering up problems is unacceptable. The standard is stated, repeated, applied and understood by everyone in the organization, regardless of job title or tenure.
Years ago I defended an employer in the chemical industry that had a manager who engaged in improper sexual conduct at work and appeared to have taken bribes from a key supplier. The company had a code of conduct in place and all the right policies. But as we investigated the case, it turned out that this wasn’t the only manager in the organization who had engaged in such conduct. The behavior hadn’t been reported because it was part of the real culture, not the "paper culture" designed by lawyers and human resources professionals. Building a culture to eliminate such long-standing practices is a continuous process, not an annual set of steps handled outside the senior executive office, like filling out EEO-1 reports or tax forms. It is not the sole responsibility of lawyers and risk managers; it’s the responsibility of the entire organization. While employees should know the laws governing their jobs, it’s more important for them to know that there is an internal commitment to lawful operations, a value that is fundamental to an organization.
The most visible recent offenses in corporate America have involved senior leaders. In my experience, company executives often exempt themselves from legal and ethical training that is compulsory for other employees. This sends a signal to employees that the company is delivering the training because it is required to, not because it is a fundamental, respected corporate value. The new guidelines will require decision-makers to fully participate if they hope to argue that their programs are effective. Their participation will communicate to others that respecting the law and acting ethically as defined by the organization in terms of clear behaviors are vital responsibilities.
In addition to attending training, top leaders must be aware of the steps the company is taking to prevent legal misdeeds and be readily able to discuss them credibly. I recently met with a group of senior executives who run a well-known consumer-products company. They told me that their CEO speaks passionately about sales, industry position and safety. But they also said that when he speaks about employees and ethical issues, his comments have been written by the communications department, whose script he reads word for word. And it shows. Employees say that his packaged delivery blunts the impact of the message.
Contrast this company with a prominent medical institution where I am working with a group of physicians to develop training to address behavior that can create legal risk and undermine productivity. The hospital is requiring its own physician leaders to conduct the training and is relating the professional treatment of colleagues to the organization’s commitment to excellence. This is the kind of program that is in line with the government’s message that executives can’t be superficial about how their companies prevent legal or ethical disasters, or profess that they are too far removed to know what’s going on and to take responsibility. In designing a compliance program, a company must determine what it has to accomplish in order to operate legally and to detect problems. Often the very first consideration is how much money and time the company is willing to devote to the effort. Then those arguing that their programs are "effective" will have to prove that the resources they allocated were reasonably adequate to prevent problems.
Combined with other governance reforms that increase institutional and leadership responsibilities, these proposed guidelines will force organizations to decide whether they are really serious about having effective compliance programs. If they are, they’ll need to invest and plan as they would for any other business initiative. And they’ll have to involve human resources strategists in an ongoing process to make sure a clear vision and continuing commitment are understood and regularly communicated to everyone in the organization.
Workforce Management, May 2004, p. 18 --Subscribe Now!