Getting help, inside and out.

If you are an ethics and compliance officer, you should join a professional organization. A good organization (like the ECI) connects you with like-minded professionals who seek to elevate their game.

You should also consider creating a separate network of business leaders in your company, leaders who understand the importance of E&C. Start with one and explain that your goal is to find a third, then a fourth, and so on. Hold regular meetings during which you discuss a challenge that needs to be addressed, identify an ally who can help you, and convince them to join your network. Do this systematically, solving problems month after month, and see the network’s influence grow and attract more members.

In other words, get help inside and out.

Choice architecture

I recently returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

I love paradigm shifts.

I love how they tickle my brain and put me in a state of awe.

My favorite ones are the shifts who force me to see myself differently. It happened recently when someone told me I was a “choice architect.”

Choice architecture is often associated with consumer influence. But the practice goes beyond lowly tricks to make people spend money they don’t have to buy stuff they don’t need to impress people they don’t like. For example, we use round tables to foster group discussions. Or we paint lines on the road before a steep curve to provide the illusion of speed and make people “choose” to slow down.

It turns out that similar tricks can make people more ethical. If we ask employees to promise to tell the truth before they complete a questionnaire, they will be more truthful than those who certify after the fact that they have answered truthfully. If we create a cross-functional team, its members will consider a broader set of ethical perspectives than if we have a homogeneous team. If we place tent cards about ethical decision-making on conference room tables, more people will raise concerns during a meeting.

I never thought of myself as a choice architect but all ethical leaders must see themselves as such and create environments where ethical choices are easier to make.

Now I can look at everything I do under a new light. I have a new tool. It’s like starting fresh.

I’m tickled.

Tribal bonds

I recently returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

There is a story about a United States Marine who halted a fellow soldier about to commit a war crime by saying “Stop! This is not what Marines do.”

The Marine didn’t pull out a copy of the Geneva Conventions and point to a specific article prohibiting the conduct. He simply explained that “people like us don’t do things like this.”

It’s tempting to point to the law when we want people to do or not do something. But no one likes to be told what to do. We’d rather feel in control. At the same time, we want to belong, we want to be part of a group where “people like us do things like this.”

Consider this the next time you write a policy or create a training or implement a control. Are you pointing to a force external to the group (like a law) or are you drawing on a tribal bond? One is stronger than the other.

When it’s not your hand in the cookie jar

I recently returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

Behavioral science has demonstrated that it is easier for people to rationalize unethical behavior when they are not the one doing it.

For example, a child might resist the temptation to steal a dollar at home to buy cookies at school. But if her big sister steals the dollar and offers to split the cookies with her, she is likely to accept them. After all, she didn’t steal the money.

Or take the adults that worked at Wells Fargo. Many of those who supervised the front-line employees opening fraudulent accounts knew what was going on. But they weren’t the ones opening the accounts.

As ethics & compliance professionals, we should be on the lookout for similar dynamics in our organization. It’s often risky to grant approval powers where the pressure and opportunity is greatest (once again, the fraud triangle at play). When we identify a dangerous situation (usually after an investigation), we need to take action either by removing the pressure or elevating the approval/responsibility up the chain of command.

For 5 years, Wells Fargo allowed its supervisors to rationalize the unethical behavior of their direct reports by making sure the supervisors had no part to play in actually opening the fraudulent accounts. Where do you see a similar pattern in your organization today?

Is it safe to report wrongdoing?

I recently returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

According to a 2018 report from the Association of Certified Fraud Examiners, 40% of workplace wrongdoing is identified through tips provided by employees. No other form of identification comes close (internal audit, IT controls, surveillance, etc.).

This is noteworthy for at least two reasons, both related. First, this high percentage is achieved despite a strong fear of retaliation by employees (reports of retaliation doubled between 2013 and 2017). Second, we can unleash even more reporting if we invest in our speak-up culture rather than in our controls.

Companies should make sure they have an anonymous reporting channel and a non-retaliation policy in place. Beyond these program elements, they should focus on creating a culture where people don’t feel pressured to compromise standards and feel safe when reporting concerns (i.e. don’t fear retaliation). If done well, I would like to think that 80% of wrongdoing could be identified by employee reporting (and the rest by controls).

How can you start down that path today? Identify a business pressure and tell your employees you do not expect them to compromise their standards to overcome this pressure. Then – and this is key – ask them how they intend to meet their goals despite this pressure. They won’t believe you truly want them to do things the right way until they truly believe you care about how things get done. Once that belief is set, they will feel safe to report wrongdoing and won’t fear retaliation for doing so.

If you pay peanuts, you’ll get monkeys

I recently returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

If you grossly underpay someone, don’t expect superior performance.

Or ethical performance.

Of course, a small percentage of people will perform ethically and flawlessly no matter how little you pay them. Similarly, a small percentage of people will perform miserably and unethically no matter how much you pay them. But, eventually, the first will quit and the other will be fired (after costing you dearly).

The vast majority falls in the middle. The danger with underpaying someone, or with treating them unfairly in any way, is that it allows them to rationalize their bad behavior. They steal company property, they cheat on their expense report, they lie to a customer – all because they feel financial pressure and injustice. It’s the classic manifestation of the fraud triangle.

So unless you lead a volunteer organization, treat your employees fairly and pay them a decent wage. It will directly and positively affect their business and ethical performance.

A low-cost, low-tech method of predicting wrongdoing

I just returned from the latest ECI Fellows meeting, which focused on behavioral ethics. This post is part of a series where I share my insights and lessons from the meeting.

With today’s technology, it is tempting to turn to sophisticated tools to predict wrongdoing.

But the allure of a shiny new toy should not make us forget a long-standing, low cost and low-tech predictive method: watching those who are nearing a goal.

The employee who exceeded her quarterly goal three weeks early is not nearly as dangerous as the one who is just short of it with only three days to go. For her, the temptation to lie to a customer or to forge a signature is much greater.

So set aside some time each week to read the latest articles on behavioral ethics. You are likely to discover simple ways to prevent, deter and detect common forms of wrongdoing.

Ready to work on your culture? Don’t neglect your program.

I just returned from the latest ECI Fellows meeting, which focused on behavioral ethics. I will devote the next few posts to insights and lessons from the meeting.

Research from the Ethics & Compliance Initiative (ECI) has demonstrated that organizations with a robust compliance program and a strong ethical culture generate outcomes that reduce business risks.

Findings from the 2007 ERC National Business Ethics Survey

That research, first published in 2007, also found that while a strong culture has a greater effect on the outcomes, that effect is manifested only when a robust program has been put in place first.

In a more recent report (2018), ECI demonstrated an additional benefit of starting with a robust compliance program: the stronger the program, the more employees perceive that they work within an ethical culture. In other words, without any effort towards improving your culture, you improve it by working on your program. As if this wasn’t cool enough, it means that your outcomes will also improve by an order of magnitude.

Let’s test this. Imagine two employees freshly hired in two different organizations where no effort is made on programs or culture, except that one of the organization has a code of ethics. Which employee is more likely to feel like they just joined an ethical organization? Which employee is more likely to pause before doing something that seems wrong to them?

Of course, a code of ethics alone does not make a robust compliance program, nor will it create an ethical culture. The hypothetical above was exaggerated for effect. But when an organization builds a program, drip by drip, with a code and policies and training and controls, etc., it sends a message that it cares about doing the right thing.

So while many organizations today are rushing to work on their culture because that’s what everyone is talking about, they should not neglect the importance of keeping their programs fresh and keeping them front of mind for all their employees.

Love the process

I’m not going to be happy just when I finally buy the New York Jets. I’m happy now trying to buy the NY Jets. You have to love the process.

Gary Vaynerchuk

Ethics and compliance professionals aim for specific outcomes. We strive to reduce the pressure that employees feel to engage in wrongdoing, to reduce the number of instances employees notice wrongdoing around them, to increase their levels of reporting when they do see wrongdoing, and to decrease instances of retaliation when they report wrongdoing.

We engage in specific actions to reach these outcomes. We seek to draft simple policies, to create effective training, to communicate clear expectations, to investigate swiftly, and to discipline fairly.

As with all in life, we have more control over our actions than we do over our desired outcomes. Thus the key to a happy work life for an E&C professional is to love the process, to do each task as well as we can, in the present. If we devote ourselves to this art, we should get the outcomes we seek. If we don’t, we’ve been handed a learning putting us back on the path to mastery.

ECI Best Practices Forum on Technology

Last week I attended the latest Best Practices Forum organized by the Ethics & Compliance Initiative. This one focused on the use of technology in E&C.

The highlight of the event for me was the Technology Showcase. During a two-hour session, about 10 companies presented on stage how they implemented a new technology, and then showcased that technology at a booth, taking questions from the attendees. There was a mix of low-budget and not-so-low-budget applications. A most practical approach to learning.

Here are some of my notes from the event:

  • E&C is not keeping up with innovation. Attendees blamed a lack of resources and cultural misalignment. I believe it has a lot to do with the fact that regulators are not keeping up with innovation. For decades, organizations have taken their cue from the law to shape their compliance program. Now, regulators are watching advances in blockchain, artificial intelligence, machine learning and deep learning, and can’t seem to understand what can or must be done.
  • Data used to be provide to humans. Now humans create the data by using mobile devices (e.g. phones), platforms (e.g. Facebook), wearables (e.g. watches), and thousands of products linked to the internet (e.g. thermostats). While everyone is generating data, only a few are leveraging it, some for good and some for bad. This data is never anonymous but instead needs to be anonymized. Because this data is created, analyzed and leverage by human, it is tainted by human biases (e.g Amazon recruiting AI project who hired more men than women).
  • When deploying new technology, start small. Think of a narrow piece of a problem. Identify your smallest viable audience/product. Just small enough to learn the benefits and dangers of the technology. Then scale as necessary. If using a vendor, ask for a beta.
  • Chat bots are relatively easy to create but they need several months/years of use to get smarter. When creating a chat bot, see the previous bullet (start small and narrow). They are a perfect tool to direct employees to existing information on the intranet (e.g. policies). They replace the need for E&C professionals to respond to emails and phone calls, improving their job satisfaction.
  • Technology has created a new wave of employee activism (e.g. Microsoft/ICE, Google/military drones).
  • Marketing has been using behavioral analytics for decades trying to sell us stuff. E&C should be using the same science to nudge employees towards compliance.
  • To my surprise, appears to be a viable platform to create certifications, chat bots, CMS, etc.
  • Notable quotes
    • Education is not training. Education is information; training is application.
    • Trust and innovation are the two currencies of business today
  • Book recommendations
    • Nudge