Compliance and ethics is not the same today as it was a few years ago. The forces shaping compliance are likely to continue to influence the trajectory of compliance and ethics for years to come. In the past, compliance was distributed and disconnected. The relationship of ethics to compliance was inconsistent. Organizations may have had a centralized compliance function to manage critical compliance issues bearing down on the business, but compliance in reality was fragmented and distributed with highly redundant approaches taxing the business. This resulted in a maze of processes, reporting, and information. Each department relied on document-centric and manual approaches that did not integrate, and compliance professionals spent more time managing the volume of documents than it did actually managing compliance. There were inconsistent formats for policies and procedures, issue/incident reporting, and assessments.
Like battling the multi-headed hydra in mythology, these redundant, manual, and document-centric approaches were ineffective. As the hydra grew more heads of regulation, ethical challenges, and obligations, the scattered compliance approaches became overwhelmed and exhausted and were losing the battle. These problems led to a reactive approach to compliance, with silos of compliance failing to coordinate and work together. This increased inefficiencies and the risk that serious matters could fall through the cracks. Redundant and inefficient processes led to overwhelming complexity that slowed the business, even as the business environment required more agility.
Compliance and ethics today is in the midst of transformation. The pressure on organizations is requiring us to rethink our approach to compliance. This new approach is focused on what OCEG calls Principled Performance: “The reliable achievement of objectives, while addressing uncertainty and acting with integrity.”
Compliance is evolving to focus on the integrity of the organization. Compliance and integrity is becoming how we do business as opposed to being an obstacle to business. Compliance operations become federated to overcome inefficiencies of the decentralized approaches of the past. This requires a centralized coordinating role for compliance while working with federated compliance functions throughout the business. Organizations are looking to monitor and measure integrity of the organization through information, activities and processes coordinated across the organization.
These trends point in one clear direction: a compliance architecture that is dynamic, proactive, and information-based. That is, a new model for ethics and compliance that:
- Is aligned with stakeholder demands for transparency and accountability;
- Functions as a strategic partner with executives and aligns with organization strategy and values;
- Takes full advantage of emerging technologies to improve efficiencies;
- Provides an easy-to-use and engaging interface to get information and participate in compliance process; and,
- Measures integrity through an integrated framework of metrics.
The result is an approach to ethics and compliance that not only delivers demonstrable proof of compliance effectiveness, but at the same time shifts the focus of efforts from being reactive and “checking the box” to proactive and forward-looking. This shift enables compliance to monitor integrity by processing and managing metrics across the organization in the context of rapidly changing business, regulatory, legal, and reputational risks to ensure compliance is operationally effective.
Through an integrated compliance architecture the organization will have an optimized infrastructure to report on metrics, benchmark integrity, and understand compliance in the context of business strategy and execution. Measuring integrity requires that the organization have clear insight into metrics supporting the development and communication of clear policies, continual feedback from employees, effectiveness of training programs, incident reporting, and the engagement of employees with these systems. All of these lead to an efficient and effective compliance program responsible for being the champion of organizational integrity.