Back to Blog

How to Build a Compliance Culture

Posted August 10, 2016 • Organizational Culture • by Jennifer Goldman-Wetzler, Ph.D.

On July 28, 2016, as a panelist at the global Risk Assistance Network + Exchange (RANE), I spoke about how to build a compliance culture.  Following are a summary of my comments as a panelist:

In order to have culture truly impact all parts of the organization, you need to ensure that culture touches every part of the organization, including leadership, strategy, talent, organizational structure, and systems.

So often in organizations today, especially financial services and other large global firms for whom compliance with regulatory requirements is so critical, senior leaders don’t think about compliance being intimately connected to every part of their organization.  They think about it as something separate.  They say, “Thank goodness for the VP of Compliance, he keeps us straight!”  That’s not going to work in today’s world.  If you really want a culture of compliance, you have to infuse compliance into everything you do.

Here are some examples of a few things you can start doing today to make a difference:

Leaders throughout the organization have to model what compliance looks like on a daily, even moment-to-moment basis. This involves not only doing what is requested of you, but also more intangible things, like how you speak when you’re out for drinks with your colleagues; who you keep on your team, and who you let go because they acted unethically, or out of alignment with the values of the firm.  Keeping people on the team who have publicly violated the values of the company, and/or the law, compliance-related or otherwise, is sending the wrong message.  People take cues from your behavior—both your actions and your inactions– more than from anything you post on the wall or write in a newsletter.

For example, I was consulting to a global bank based in London a couple of years ago.  While my colleagues and I were facilitating a workshop for 100 of their senior people, the news broke that one of the current leaders of the firm had been charged with illegal activity, allegations that were widely understood inside the firm to be true. You could feel the confusion in the room.  What were people supposed to make of this?  Should they defend the guy, or should they acknowledge that what he had done was wrong?  At that moment, strong leadership was needed to send a very clear message that this type of behavior was not acceptable, was not the way the firm wanted its people to represent themselves nor the firm.  Sadly, in this case, the message from the CEO was silence.  The people were on their own to draw conclusions about this leader’s behavior. What impact do you think this had on the morale of those 100 people?  What message do you think it sent to them about what type of behavior is acceptable at the firm?

A compliance culture starts at the top.  You’ve got to walk your talk, and when things happen that are out of alignment with your organization’s values, you need to communicate quickly, clearly and strongly to let people know your views on the topic, and what’s going to happen next.

You also need to think about how a compliance culture can be supported by the systems in your organization.  Take HR systems, for example.  You want your incentives and rewards and your hiring and firing policies to reflect your commitment to compliance.  If you say you want a culture of compliance, but you don’t incent or reward your people for it, you’re shooting yourselves in the foot when it comes to building a compliance culture.

Same thing with your IT systems.  For example, another one of my clients, a global healthcare firm known for its innovative practices and brash CEO, already had a monthly lively video with thoughts by the CEO and other senior leaders posted on the company intranet site.  To develop a stronger compliance culture in the company, the Chief Compliance Officer, who I was coaching at the time, decided to integrate important compliance information into this video series so everyone got the compliance message.  They didn’t need to go somewhere new or different to hear his message.  And they got the information in an engaging, surprising way—not the way most people expected, which made it more accessible to employees up, down and across the organization.  Of course, this required new types of behaviors on the part of the head of compliance (who wasn’t necessarily used to giving lively, engaging video performances).  But his effort was well worth it when we saw the uptick in employees’ responses to his messages.

Now let’s talk about roles. Particularly for your most senior compliance roles, select, hire and retain C-level, mature, solid leaders who deeply understand your business.  Invite them as equal members to the C-level table and conversation.  Doing this sends a clear message to everyone in the organization: we take compliance seriously.  Compliance isn’t just something we merely have to do, but rather compliance is critical to the excellent functioning of our business.

In summary, if you want to build a compliance culture, think about how a compliance culture can show up inside every aspect of your organization.