How not to be a compliance steamroller

Good communication can help overcome the clash between the business and compliance.

“A steamroller sent to crush the business.” A description of the compliance function from a salesperson during a particularly gruelling training session.

Those of us working in integrity risk management must remember that we are (often) seen as an oppressive constraint. How could we address this clash while maintaining necessary standards of ethics?

  1. Assess and understand the levels of trust.
  2. Focus on the customer experience.
  3. Give it to people straight.

Honesty, communication, accountability

Trust breaks down for many reasons. Typically, fissures occur around honesty, communication, and accountability. We need to understand who thinks what. We could schedule meetings with people across the organisation, hold focus groups, or conduct surveys. I’d start with the latter, as it’s Pareto principle stuff – you cover 80% of the ground in 20% of the time, allowing time for targeted in-depth follow-ups.

The skill here is asking questions that are:

  • simple for the person to answer;
  • use varied response options;
  • include a couple of negative questions.

Breaking that down, we struggle to answer questions that are too broad (“Do you trust the management team?”) or require estimations we can’t provide (“My team respects my manager”). In the first question, “trust” the management team to do what? I can’t answer the latter question for my teammates; ask them!

Don’t assume people who build tech are good at gathering human intelligence.

We need to break trust down into how management:

  • sets an ethical example;
  • is held accountable; and
  • promotes speak-up cultures, etc.

I recently trialled a couple of the best-selling human resources culture survey apps. Many of the questions were dire – convoluted, compound, and confusing. Don’t assume people who build tech are good at gathering human intelligence.

But don’t scrimp on tech, either. I’m sure you’ve completed some awful MS Forms survey where there’s a Likert scale (strongly disagree to strongly agree), and you click the middle of five buttons, maybe hovering on button two or three. If the response option is always the same, we become primed and drift into autopilot, especially on long surveys.

Try and keep questions to 20 or below (max. 25). Include different options – don’t allow fence-sitting (the middle option) if it’s a question that shouldn’t need an “I don’t know” option. A few binary Y/N questions are OK. For instance, “I am incentivised to behave ethically.” With varied response options (scales, swipers, multiple choice, radials, etc.), we have to pay attention – better data in, useable data out.

Add a negative question or two. They shake us awake and make us think. For example, “I never feel pressured to do something unethical.”

User experience

UX, or user experience, is a buzz phrase I had to learn when I built assessment software. Those lessons now extend to all content we develop. It’s pretty simple but surprisingly rare. Most risk content appears to be drafted for the author (or the regulator), not the user. Imagine a mathematics professor’s notebook as they work on a complex equation. That’s only slightly worse than a non-native speaker picking up your garden variety risk policies.

UX is the subject of books, but if I had to distil the core thought process, it might go as follows:

  1. Who needs to know?
  2. Why does this matter?
  3. What does the reader need to do?
  4. Where can it go wrong?
  5. How can they get further support?

You won’t need all five in every bit of content – training, policies, communications – but you will need a CTA (call to action). The “what the hell am I meant to do with this?” answer. These steps force brevity, often missing in risk content. Less is more, focus on the CTA and direct those who need more information rather than trying to cram everything into a one-size-fits-none message.

Three ways to be honest

The phrase “to be honest” is so weird, implying that we’re generally not honest. In organisational settings, that’s sadly true. Waffle and BS abound. We have so many euphemisms for things that epic bingo cards exist. In this context, we risk folks might find we can win more allies by giving it to people straight, especially the so-called bad news. How?

  • Share speak up and reporting data – not confidential cases (obviously), but trends, themes, resolution, and improvements.
  • Set realistic expectations in investigative or crisis settings – no one has a zero-failure rate, and we can’t guarantee outcomes.
  • Communicate openly and consistently about disciplinary matters.

Lawyerly butts may be clenching at the prospect of open reporting data, especially in the era of the corporate leak. But, back to building trust and UX, how do you think a whistleblower feels? Terrified, often. In surveys, we’ve asked people what happens after they speak up and if they’re confident they won’t face retaliation. You can guess the responses.

We can’t build cultures of speaking up without more transparency – the benefit for bosses includes the innovation boom that can occur in environments where we can raise ideas and concerns openly. We also increase the perception of detection to any would-be malcontents.

Investigators and crisis responders suffer from the same malaise impacting all experts: the curse of knowledge. It may be glaringly apparent that proving competitors rigging tenders is incredibly challenging in most situations. But the whistleblower whose job security was contingent on that lost tender and brought the issue to you doesn’t know. They’ve never had to gather evidence before. Take The 12-year-old Test in these situations – explain the process as you would to an intelligent but inexperienced pre-teen.

Employee awareness

The responses to questions about accountability often highlight a lack of employee awareness. We can solve this by maintaining clear and consistent communications around disciplinary matters.

Think back to your childhood and early career. Was there a caregiver (teacher, mentor, boss) you respected? Someone who taught you well but took no nonsense?

In risk, that’s our role. We’re here to prevent harm and set standards. Yes, we can be educators, counsellors, colleagues and friends. But if someone steps out of line, we generally have to respond.

What were the traits of the respected authority figure in your life? I’m guessing they included these:

  1. Honest.
  2. Clear.
  3. Fair.

Be that.

Rupert Evill is the founder of Ethics Insight, providing risk assessment, program implementation, and investigative support. He has operated in over 50 countries in his 22-year career, spanning investigations, ethics & compliance, intelligence gathering, due diligence, and crisis response. He is a Certified Fraud Examiner and author of Bootstrapping Ethics: Integrity Risk Management for Real-World Application.