Research conducted over the past twenty years has provided an evidentiary basis for what has – for just as long – been accepted wisdom in the E&C community: that an ethical organizational culture is even more effective than a strong E&C program at preventing and detecting misconduct. 1/ Research has also shown that a strong E&C program is correlated to a strong culture, and that leadership support – the tone at the top – is one of the most important drivers of an ethical corporate culture. 2/ Thus, when seeking to assess the efficacy of an organization’s E&C program, one should also seek to assess the organization’s ethical culture, which includes understanding the tone at the top.
The Sentencing Guidelines indeed recognize the importance of an ethical culture by providing, in relevant part, that “to have an effective compliance and ethics program…an organization shall…promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Similarly, the FCPA Resource Guide states, in relevant part:
…compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company. Managers and employees take their cues from these corporate leaders. Thus, DOJ and SEC consider the commitment of corporate leaders to a ‘culture of compliance’ and look to see if this high-level commitment is also reinforced and implemented by middle managers and all employees at all levels of a business. …
A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards. Compliant managers, in turn, will encourage employees to strive to attain those standards throughout the organizational structure.
In short, “tone at the top” plays a crucial role in establishing and maintaining an organization’s culture.
Finally, one cannot meaningfully assess a company’s compliance program without understanding broader cultural issues the company faces – some of which can pose particular challenges to promoting E&C and others of which can provide tailwinds for such an effort. This is another reason that – at least as a general matter – program assessments should generally include a cultural component.
Turning from the why to the how, the notion of ethical culture is quite broad, and there is no one right way for assessments of this sort to be conducted. But hopefully the following will be helpful to companies seeking to undertake a cultural assessment.
First, with respect to tone at the top, one might explore the following;
– what senior managers say to underscore their expectation that employees will act lawfully and ethically;
– the related but distinct question about what senior managers do to underscore the expectation that employees will follow all dictates of the organization’s C&E program, such as those concerning taking training or conducting vendor due diligence;
– whether senior managers’ own conduct undermines their C&E messaging; and
– similar questions regarding various levels of management besides those at the very top, such as functional or business unit leadership or those further down the organizational ladder. (One best practice to consider: having those at or near the top engaged in a visible way in reminding delinquents of the need to take mandatory C&E training.)
Beyond tone at the top, another essential area for assessment concerns an organization’s “speak-up” culture. It is important in this sort of inquiry not only to assess the environment regarding true C&E matters but also the speak-up culture as it relates to other types of workplace concerns and questions, as reticence to speak up in one area may affect (or reflect) reticence in others. Relevant to a company’s speak-up culture is its degree of “organizational justice,” and the extent to which wrongdoing is responded to in a fair and sufficiently rigorous way.
A third and somewhat less obvious aspect of culture assessment concerns rule following, and the extent to which it is genuinely expected in an organization. Here too it may be helpful to think beyond core compliance program rules to those concerning other aspects of a company’s business, such as some of the various other rules covered by a delegation of authority policy. Note that for the ethics component of an assessment, a strong rule-following culture may be less than ideal. But from a pure compliance perspective, it is hard to beat a deep embrace of rules.
A fourth and also less obvious area for assessment concerns industry culture. While not true of all or even most companies, in some industries, the industry culture may be more of a source of risk than the organizational culture. This is particularly true of industries with a significant degree of inter-company mobility.
Fifth, as is obvious from many cases over the years of non-compliance – most recently the high-profile Wells Fargo scandal – a key aspect of culture is the extent to which pressure/incentives make it difficult for employees to do their jobs in an ethical and law-abiding way. Indeed, this may be the most important cultural attribute of all – and should be explored fully in any assessment, with aspects of this inquiry including both economic “carrots” and “sticks,” as well as non-economic incentives.
Finally, we should reiterate that this piece is not intended to be a comprehensive overview of all areas to cover in culture assessments, which is a complex and hugely important topic. Indeed, we anticipate publishing more on this topic – including posts by guest bloggers. But hopefully it will be helpful to some of those designing assessments.
1 See, e.g., Linda Trevino, “Managing Ethics and Legal Compliance: What Works and What Hurts,” California Management Review, January 1, 1999; Ethics Resource Center, National Business Ethics Survey, 2011; Corporate Executive Board, “Ethical Leadership: The Important Links Between Culture, Risk Management, and Business Performance,” (September 13, 2011).
2 David M. Mayer, Karl Aquino, Rebecca L. Greenbaum and Maribeth Kuenzi, Who Displays Ethical Leadership, and Why Does It Matter? An Examination of Antecedents and Consequences of Ethical Leadership, Academy of Management Journal, Vol. 55, No. 1 (July 9, 2013).