Tip One: Talk the talk-from the top on down
A culture of compliance starts at the top. Senior management is responsible for placing and keeping compliance on the corporate agenda. The importance of compliance needs to be a core corporate message. It should be communicated, not by the chief compliance officer, but by the CEO, president and COO. And it shouldn't be communicated all at once, but in pieces on a regular basis, so employees have the opportunity to digest everything.
Tip Two: Walk the walk-consistently
For compliance to become second nature, everybody in the company needs to see that there are real consequences for compliance and non-compliance. You can use the carrot or stick approach (or some combination of both) based on your organization's culture. With the carrot approach, you reward compliance through financial incentives, promotions, and corporate-wide recognition. The stick approach involves a spectrum of reprimands from a slap on the wrist to termination. Not all violations are created equal, so the punishment must be scaled to the severity of the violation. Non-compliance by an executive that is not addressed sends a very bad signal. It must be clear that non-compliance-at any level of the organization-will be taken seriously. You also want to support employees by making it easy for them to get more detailed information and to ask questions or report questionable activities via a web site or a hotline.
Tip Three: Measure the measurable-and take action
You don't want to discover that you are not compliant through a bad, public event. If you have orderly, visible processes to measure compliance, you can avoid ugly surprises that damage the brand. The ability to measure compliance needs to be woven into your regular measurements for core business operations and audits. In addition you will want to do a compliance assessment at least once a year. This assessment should include a gap analysis and action plan to close the gaps that represent your biggest risks. Senior management needs to make sure that this action plan is properly funded and executed.
Compliance initiatives that focus on specific regulations are a short-term fix at best. To protect the company's brand and to attract and retain the best employees, you need a culture of compliance. To get there-talk the talk, walk the walk, measure and take action.
About the Author
Jeff Lawrence is senior vice president and treasurer at Iron Mountain, the global leader in information protection and storage services.
For more information on Jeff Lawrence, please contact Cheri Lapane:
Weber Shandwick Worldwide
101 Main Street 8th Floor
Cambridge, MA 02142
T: 617.520.7043| M: 781.258.6727| F: 617.661.0024