Culture & the Optimal Degree of Compliance

Even in this environment of regulatory expansion, additional investments in compliance infrastructure and controls may have diminishing returns. The key to reinforcing proper conduct inside organizations is already present. It’s the unalloyed good of culture.

Businesses across the globe spend substantial time and money on compliance activities, and many have built sophisticated compliance programs—rightly so in a world where compliance failures can have devastating consequences. Yet behavioral change often remains elusive, and compliance failures are a too-common occurrence. Business leaders who have supported these programs for years are left to wonder if they are getting their money’s worth.

In fact, there is a limit to what compliance programs can achieve—a limit that many companies have reached—when these programs are perceived and function primarily as a set of rules and procedures, that is, when they are “compliance” programs. Beyond a certain point, compliance activities can actually harm the organization, imposing unnecessary costs and undermining proper conduct. To be truly effective in moving behavior, and moving an organization forward, leadership must move from a compliance to a culture mindset. Focusing on actions that will build and maintain a values-based culture will mean less compliance activity, less cost, and real, valuable behavior change.

The Cost Of Compliance

By now it is a commonplace, but no less true for being obvious, that companies should devote significant resources to compliance with legal requirements. Employees must obey the law, both because it is the right thing to do, and because the risks to the enterprise from a significant compliance failure can be devastating. All companies engage in some form of compliance-directed conduct, whether they have a dedicated compliance function or not, and best practice includes a host of controls, including policies, procedures, review mechanisms, hotlines, training and auditing of various sorts.

These efforts are important, and the resources devoted to them generally are well spent, but they will never be completely successful. There is no way to achieve 100 percent compliance in an organization of any size. Moreover, it is not worth trying. There is, in any organization, an optimal degree of compliance.

By “optimal,” we do not mean “the best scenario in a perfect world.” By that definition, the optimal degree of compliance obviously is 100 percent. But in this world, compliance comes at a cost. Control mechanisms, including policies, procedures, review protocols, and auditing, to name a few, require resources to develop and implement effectively. These resources include company money, of course, but more importantly, employee time.

There are obvious benefits that derive from these costs, particularly for a well-run compliance program, but at some point the costs will outweigh the benefits. This is a matter of basic economics. For virtually any action intended to prevent harm, the first dollars spent on prevention will generate more benefit than later dollars. That is, as the marginal cost of preventative behavior increases, the marginal benefit declines. So, for example, for a company that has engaged in little or no compliance-related activities, taking basic steps like establishing a code of conduct and other relevant policies, putting in place procedures to enforce these standards, including reporting and approval requirements and other controls, establishing mechanisms for employees to ask questions and report misconduct, and undertaking basic education on the code and other policies, will pay significant dividends. As the program matures, however, and these basic elements are in place, the implementation of additional controls and policies, greater enforcement or more education, while still likely to improve compliance, especially if spent wisely, will not have as great an effect as the initial ramp up of the program. As the diagram below illustrates, at some point the cost of additional compliance activities will become greater than the benefit derived. When the curves cross, a company has reached the “optimal” degree of compliance.

There is no way to achieve 100 percent compliance in an organization of any size. Moreover, it is not worth trying. There is, in any organization, an optimal degree of compliance.

bribery-act5

Rules and controls and training programs are essential in any organization, but at some point, the burdens imposed by intricate matrices of rules, complex reporting and approval processes, and seemingly never-ending training requirements become a net drag on the business.

The cost of more controls, more policies, and more training programs extends well beyond the salaries of compliance professionals and money paid to vendors. It includes the often significant burdens placed on the business. Rules and controls and training programs are essential in any organization, but at some point, the burdens imposed by intricate matrices of rules, complex reporting and approval processes, and seemingly never-ending training requirements become a net drag on the business. This point will differ, of course, for each business and for different compliance activities. Those in highly-regulated industries, for example, will derive greater benefit from more compliance activities, all other things being equal, than will companies that are not highly-regulated. Similarly, companies who do business in the developing world, or who derive significant income from government contracts, will find that their optimal degree of compliance activities related to corruption is greater than for many other compliance activities. But in all cases, there will come a point when additional compliance activities are not worth the cost, even if they may result in some level of further risk reduction.

Compliance works this way because it comes at a cost. It is imposed on the business. And anything that comes at a cost eventually will reach a point at which more is not worth it.

The deleterious effects of too much compliance activity include much more than a drag on productivity. A system that is overly-controlled, that has passed its optimal point of compliance activities, will engender backlash and bewilderment from those who are being controlled. Managers and other employees will balk at a sclerotic network of rules and processes, and they won’t and in many instances may not be able to comply. Rules and signoffs will be overlooked, and training courses never taken. Such backlash can actually move a program backward down the benefits curve. And when an employee population sees the compliance program as overly burdensome and poorly aligned with business reality, they will undermine the credibility of the entire enterprise.

Moreover, when employees are enmeshed in a web of rules and controls, employee conduct becomes about complying with the rules and avoiding consequences. At some level, this is necessary; every organization must establish basic rules of acceptable behavior and reinforce them. But an often overlooked cost of a system of too many rules is that it promotes rule-following as an end. And such a system is an obstacle to a sustainable values-based culture.

The Optimal Degree of Safety

An example from another realm of hazard prevention may help illuminate our point about the limits of compliance activities. Those in the business of creating vehicles for public consumption must devote significant resources to ensuring the safety of their products. Crumple zones, air bags, crash testing and the rest have become necessities for those who manufacture cars. But there will always be something more that a manufacturer can do. Thicker steel, more reinforcements, stiffer padding, additional warning systems can make a vehicle safer, but at what cost? An M1 Abrams tank is, by almost any measure, safer than an ordinary mid-size sedan. But a car manufacturer would quickly find itself out of business if it produced only cars built like tanks. These cars would be so expensive, so slow, and get such poor gas mileage, that no ordinary consumer would buy them. This is the reality of the vehicle manufacturing business. As coldly rational as it may sound, there must be an optimal degree of safety for any car or any car company.

But an often overlooked cost of a system of too many rules is that it promotes rule-following as an end. And such a system is an obstacle to a sustainable values-based culture.

Ethics & Compliance Programs Achieve Control, but Don’t Connect with the Business

Many ethics and compliance professionals are beginning to understand that their programs may have reached a limit, and they are searching for the key to sustained effectiveness. LRN’s 2010-2011 Ethics & Compliance Survey asked E&C professionals from a broad range of companies to rate the effectiveness of their programs on several dimensions. More than 70 percent see their programs as effective as an overseer, focusing on controls, risk management and education, but only 45 percent rate their programs as effective as a business enabler. At the same time, when they were asked about the importance of various program goals to their company, the goal most often listed by these professionals is aligning the company’s core values with day-to-day behavior. The key to that alignment is culture.

Home Guidance and Training
UK Bribery Act Webinar: Listen now

Jonathan P. Armstrong gives a practical guide to the UK Bribery Act.
UK Bribery Act Training Video

LRN’s newest course on bribery and corruption specifically focusing on the UK Bribery Act, its consequences and adequate procedures.
The Business Leader’s Guide to the new UK Bribery Act 2010
Your guide to why the new UK Bribery Act is good for doing business in Britain.

LRN Bribery Survey

Are you prepared for the UK Bribery Act? Unsure? Or just downright confused? Tell us what you think. Fill out the LRN Bribery Survey now.

LRN Preliminary Assessment Offer

Get a preliminary assessment of the adequacy of your company procedures. No charge. No obligation

Meet LRN's CEO, Dov Seidman

Called by FORTUNE Magazine "the hottest advisor on the corporate virtue circuit", CEO, author and thought leader Dov Seidman has pioneered an industry around the idea that the most principled businesses are the most profitable and sustainable.