Changing Social Norms Are Expanding the Compliance Officer’s Role

Since the death of George Floyd on May 25, there has been a growing recognition globally of changing social values and the need to change the status quo. Consequently, compliance officers are increasingly expanding their scope to manage respect and diversity initiatives.

Why? Because finally, CEOs and boards of directors are seeing shortcomings in respect, equity and inclusion as large risks that can threaten the organization and its brand. Prior to May 25, these topics were viewed as routine risks encountered in the course of doing business and were assigned to the HR function to manage. But we’re experiencing a social revolution and, with it, demand for equity and inclusion on par with the civil rights movement in the 1960s. And social revolutions are not “routine risks encountered in the course of doing business.” In fact, they are anything but routine.

We’re experiencing fast-changing social values while marginalized groups fight for opportunity, equity and inclusion. Those dynamics, combined with the transparency and connectivity of the web, means business is directly impacted by our changing society – both from workforce segments looking for change and segments who are resistant to change. Those dynamics lead to large risk turbulence and conflict.

Business today is just one social media post away from public scrutiny – from regulators, consumers, shareholders and the workforce – all of which result in damage to the brand and loss of enterprise value. So, respect, equity and inclusion issues, which are in flux and trigger intense emotion, are potentially a higher enterprise risk right now than the more traditional business risks of FCPA, antitrust, insider trading, etc. And if it’s the biggest risk, then the compliance officer should be responsible for proactively managing it so the enterprise is not blindsided and put into reactive mode.

Consumers, partners, shareholders and employees are demanding real change, not just pro forma window dressing. The days of rolling out a policy with a one-directional corporate message and a one-and-done training module (either instructor-led or online) or a single town hall meeting are over. In an environment where the status quo is so blatantly insufficient, sponsoring status quo solutions is triggering to many, increasing business risk not decreasing it. Again, the nature of the present risk demands the influence and resources of the compliance officer to bring real change.

The compliance officer is also needed to help change the status quo, because HR has been complicit in a litigation avoidance system that has preserved the status quo for the last 30 years – since the early 1990s. As a result, employees don’t rely on HR to fix enterprise problems. Emtrain’s survey of more than 100,000 employees found that less than 20 percent of employees will go to HR for help. The litigation avoidance system is a top-down, containment strategy where the employer circles the wagons and marshals its resources to defend against litigation at the expense of actually solving potential problems. And while that may help defend against one claim, it actually allows problematic dynamics to continue and grow. Five years ago, there wasn’t a realistic chance of those underlying dynamics becoming public and posing an enterprise risk. Today it’s inevitable.

Part of the problem is that business leaders lack tools that provide visibility into trending problems. The systems we have in place were designed 30 years ago, and they don’t reveal root causes of problems. For example, the enterprise has a hotline that typically isn’t consumer-friendly or easy to use. As a result, only a small percentage of employees will actually ever use a hotline – and then, only after there is a full-scale problem. So, the corporate hotline shows trailing indicators at best (given the low usage percentage); it does not show leading indicators. Further, business leaders may track claims and litigation metrics, but again, those are trailing, not leading indicators that provide visibility. Right now, only direct managers have visibility into emerging concerns, and typically, those folks lack the broad perspective, framework and skills to proactively solve culture problems.

So, what can compliance officers do?

5 Steps to Bring Real Organizational Change and Reduce Enterprise Risk

1. Identify the root dynamics of any culture problem.

All culture problems can be traced back to three main pillars: ethics, respect and inclusion. There are root dynamics that lead to bad outcomes in each area. Know the root dynamics and create a framework that provides visibility into how prevalent (or absent) each dynamic is in your organization.

2. Use a shared language.

Bias, harassment, equity, exclusion… these are triggering, emotional terms, and all of us have different images in our mind when we use these terms. We need to create a shared language so that we’re talking about the same conduct. One suggestion is to color code conduct to make it simple and clear to describe conduct, not people.

3. Create an online listening and diagnostic strategy.

Compliance officers should be looking for programs or applications that allow them to “listen” to what’s happening in the workforce and spot trends that relate to a root dynamic that affects workplace culture. By listening and spotting trends around a root dynamic, compliance officers can measure and score issues and prioritize their time and resources accordingly.

4. Create a feedback loop.

These are tricky culture issues; they’re not one-and-done topics where delivering a top-down message or policy and expecting people to memorize the content will lead to better outcomes. Equity, respect and inclusion are workplace skills, and they take practice to develop. Addressing these topics as simple rules is what businesses have done for the last 30 years. It hasn’t been helpful; they haven’t changed behavior. They need programs where information flows bidirectionally: where leaders get just as much information from the program as the employees, and business leaders get visibility into the trending risks and where they should focus their attention.

5. Aggregate and benchmark your diagnostic data.

Organizations need data and visibility to the root dynamics impacting their culture, and they need context for the data, which means benchmarking their “score” on specific dynamics so they know what to focus on. Remember, you can’t change what you don’t measure.

We are experiencing a social reckoning in which the public is demanding changes to the status quo. Organizations responding to this demand are doing so in the court of public scrutiny, which creates a large organizational risk. Compliance officers are tasked with managing the largest organizational risks, so we’ll increasingly see an expanded scope of compliance officers to manage respect, equity and inclusion initiatives.