No manager wants their company to be the next one in the news for a corporate scandal, employee-led data breach, or insider trading charge, especially in highly regulated industries, where corporate misbehavior is watched closely by lawmakers and the media.
And unlike many other aspects of business, scale is no one’s friend in this situation. Any misstep by those at the world’s biggest companies will not only tend to come under more scrutiny than those at smaller firms, but misconduct is hard to manage when you have to control the actions of hundreds of thousands of employees.
Analysis of over 200 publicized compliance failures found that three causes were at least partially responsible for almost 70% of them – company gain, personal gain, and a permissive culture. Interestingly these causes had one thing in common: they could all be addressed by improvements in a company’s “corporate culture.”
Culture is Critical
CEB data from more than 1.6 million employees on how they perceive their companies’ cultures of compliance show that, for pharmaceutical company employees, about two-thirds viewed their company’s culture very favorably. On the other end of the spectrum, 5% had an unfavorable view. While seemingly insignificant, in a company of 50,000 employees, that’s 2,500 people that have a negative perception of the company’s culture.
This is important because employees with unfavorable perceptions of their company’s culture observe misconduct 8.5 times more often than employees with very favorable perceptions. Further, when they do observe misconduct, they report it less frequently. For large companies, this means thousands of incidents of misconduct are seen by employees, but unseen by compliance and HR departments. And these incidents can quickly add up – compliance failures caused by a problematic culture had the highest average costs of fines and settlements – close to $40 million on average, according to CEB analysis.
But having a strong culture of compliance does more than just reduce the levels of observed misconduct and increase reporting rates. Managers that exhibit corporate values can improve employees’ performance by 12%, and a strong culture of compliance can also increase an employee’s intent to stay with their organization by 39%.
That means less “regretted attrition” (employees that you don’t want to quit, doing just that), less time for new employees to get up to speed, and fewer costs associated with retraining staff – all positives for the bottom line.
Changing Cultural Perceptions and Employee Behavior
It may seem daunting to try to change a company’s culture and to do it quickly. But corporate compliance teams can take a few steps immediately to start to build stronger corporate risk management.
Measure employees’ perceptions of the existing culture: Poor perceptions of a company’s culture and a behavior of not reporting misconduct are rarely evenly distributed across an organization. Compliance and HR professionals are best equipped to intervene and address employees’ concerns if they know where issues are and what specific aspects of culture are in need of attention.
Start by running an employee-wide survey to understand what employees think about those aspects of a corporate culture that are most relevant in situations where they might observe misconduct or those aspects that will encourage them to report it.
Help employees feel comfortable speaking up: Despite anonymous hotlines and non-retaliation policies, employees are often hesitant to report misconduct. The primary reason is that they fear retaliation, but many others fail to report because they don’t believe the company takes action on them.
First and foremost, organizations must demonstrate zero tolerance for retaliation. To ensure this, some companies have taken the extra step and reconnected with employees months after they report serious concerns to find out if they have seen a change in work responsibilities, management assignment, or anything else that might amount to retaliation.
Create manager-specific training on compliance issues: Most corporate compliance departments rely on hotline call volume and content to track reports of misconduct, but unfortunately almost two-thirds (63%) of reports are made to employees’ direct managers, according to CEB data. How managers respond to a report will not only determine if it is routed to the correct function in the organization but can also have a transformative effect on employees’ perceptions of the company’s willingness to act.
Given that they receive the majority of employees’ reports of misconduct, managers are often Compliance and HR’s first line of defense against it. To help managers handle these reports in the right way, organizations should design compliance training specifically for them and help them understand how to handle employees’ concerns in the moment.
A version of this post first appeared in Pharmaceutical Compliance Monitor.