Compliance and ethics. Compliance and ethics? Compliance AND ethics! Those three words are said very differently depending on who you work for and what topic you’re discussing.

In the financial services industry, the focus has been on Compliance with a capital “C.” In the 10 years since the financial crisis, regulators have enacted sweeping changes to promote financial stability. This not only affected how financial institutions are regulated, it also changed how they approach compliance and ethics. The most successful programs strike a balance to help employees consider rules and values to make the right choices.

Intent and impact

As risk and compliance functions have grown to ensure compliance with new regulation, policies, standards, guidelines and employee training have proliferated. But we can’t lose sight of the intent of the rules.

Consider an analogy from the primary and secondary education field, which also has strong governing oversight and relies heavily on standardized testing. An unintended consequence can be “teaching to the test,” with lessons and curricula focused on test preparation. While this may help improve scores, it can leave students without functional understanding of concepts or processes.

In our organizations, are we empowering employees to use common sense to execute our policies? Recent headlines about corporate misdeeds indicate that some companies aren’t. More policies aren’t always the best answer. We also have to consider human nature, and that’s where ethics comes in.

Rules vs. values

As compliance and ethics professionals, we’re beginning to recognize the importance of both rules and values in the design and function of programs. In the financial services industry, behavior risk and conduct risk are starting to show up in conversations with regulators. For example, the Financial Conduct Authority has published a number of white papers and essays about how to transform culture using behavioral science. Paying attention to human nature and behavioral norms is becoming essential to the care and feeding of our compliance and ethics programs.

To understand the relationship between rules and values, picture a glass jar full of rocks. The rocks represent rules. Whenever we create a new policy, we put another rock in the jar. We keep adding rocks to the jar until the jar looks full. If we create enough rules, we may believe we’ve anticipated every situation. The unintended consequence, however, is that people begin gravitating toward the small spaces between the rocks. They say, “I’ve read all the rules, and they don’t say I can’t [insert poor behavior here], so I guess it’s all right.” It’s human nature.

Doing the right thing

Our global ethics team works with our compliance team and partners with our human resources, employee relations and fraud investigations teams to address the spaces between the rocks. Visualize our jar of rocks filled with water. The water is the values that fills the voids between the rocks (rules). Our goal is to empower employees to turn to their personal values and our company values when they’re not sure what to do. We want them to ask, “Is this the right thing to do for our customers? For the company?” If they’re unsure, we want them to speak up.

Don’t underestimate the power of strong partnerships between the compliance and ethics functions, even if they sit in the same group. That collaboration can help create and foster a do-the-right-thing culture that not only helps your organization comply with laws and regulations but also protects and enhances your reputation.

Evolving your program

I am a precious snowflake (unique, just like you), and my program is unique (just like yours). Once you strip out the pride of title, company or industry, I bet the similarities between our collective programs will outweigh the differences. Financial services, healthcare and many utilities are heavily regulated. While the regulators that govern each group are different, they’re all trying to make sure companies have programs in place to–as Roy Snell of the Society of Corporate Compliance and Ethics puts it–prevent, find and fix regulatory and ethical issues.

Is your industry ready for increased regulatory oversight? Do you rely on a rules-based program? Are you struggling to fill in the space between the rocks? To be successful, compliance and ethics functions need to work together. Having one without the other isn’t an option.

How do you get started?

• Google is your friend – There are thousands of resources available.  Scholars, practitioners and professional organizations provide thought leadership on almost every conceivable topic.
• Transparency – Connecting the dots and creating trust with your employees, customers, shareholders and other stakeholders is paramount.
• Collaboration – It’s not a matter of “if”, but “when,” your company will have an ethics or compliance problem that’s visible to external stakeholders. Make sure you have strong partnerships in place before something happens. How you respond may matter more than the original offense.
• Don’t re-invent the wheel – If a model or process works, even if it’s unconventional in your industry, try it. For example, we’re adopting an awareness model that’s often applied to public health issues. If you view ethical conduct as a part of a larger ecosystem, and define an ethical lapse as an “illness of behavior” that has many moving parts, then you have a path for gaining insight into your program. What models or examples have you seen that might work for your organization?
• Empathy – Remember your front-line employees. The effectiveness of your compliance and ethics program rests on their ability to navigate both the rocks and the water.

Rules, values and trust

As ethics professionals, we want employees to speak up when they have questions or concerns. But speaking up is hard. It may be one of the hardest decisions an employee faces in their career.

This brings us to trust. Employees won’t speak up if they don’t have faith in their organization’s ethics and compliance program, the humans behind the program or their own management. Having a mechanism to receive allegations, and having resources dedicated investigating allegations, analyzing trends and reporting outcomes, is only the start. You also have to study the behaviors that don’t show up on the quarterly allegations report. For example, if 90% of ethics reports are made anonymously, you may have a trust problem.

Asking people to speak up can’t be a one-and-done exercise. Rather, it should be the beginning of a long and ongoing conversation. Belief that no action will be taken and fear of retaliation are the primary reasons why employees don’t speak up. Open-door programs can create transparency and build trust between employees and managers. Training can help managers be present in tough conversations and actively support employees who raise concerns. These efforts can help create active feedback loops, giving transparency to compliance and ethics processes. This, in turn, can build employee trust in compliance and ethics programs.

Giving time and attention to “speak up”, “listen up” and, “follow up” helps them confidently navigate an organization’s rules and the values. Ultimately, this leads to a more effective compliance and ethics program that has better flexibility to adapt to situations as they arise.

By: Jonathan Ackman, CCEP, vice president and director of the global ethics office, USBancorp.

This article originally appeared in the Center for Ethics In Practice newsletter in Winter 2018.