Compliance: Strategic or Cosmetic?

An Open Letter to Colleagues

A dozen years ago, I changed my career from business risk and IT to ethics and compliance consulting; even now, it surprises me how much compliance and how little ethics I do. Like new years’ resolutions, each year I witness well-meaning colleagues and thought leaders churn out column after column claiming that we’ve achieved “Compliance 2.0/3.0” — claiming we’ve finally turned the corner toward building more ethical companies. From where I’m standing, that’s wishful thinking (at best). Except for the B-corp movement, which integrates values into company charters (but represents a negligible piece of the business pie), what I hoped would be a 70% compliance/30% ethics split in our work is still closer to less than 5% actual ethics. Why, after Enron, WorldCom, the subprime debacle, the Volkswagen scandal, and the currently-unfolding Boeing coverup, are we still a reactive discipline more concerned with mere legal compliance than building ethical businesses?

We’re unlikely to make progress toward more ethical firms without a fundamental change to the way individual states charter corporations. Over 99% of C- and S- Corps are legally obliged to prioritize profit over all other considerations. Comparatively, a human who put her short-term utility above all else would be considered sociopathic. This is the crux of the problem. There is no incentive for businesses to behave ethically when nearly all companies are chartered to privilege shareholder value to the exclusion of all else. The only preventive measures to the business-as-sociopath scenario are legislative and regulatory regimes that attempt to regulate externalities (pollution) and bribery.

Instead of a proactive government that helps put guardrails on laissez-faire capitalism, the US Supreme Court has poured gasoline on the fire with the Citizens United decision, and the current administration has put dismantling regulatory guardrails at the top of its to-do list. Capitalism works best if its risks and excesses are acknowledged, and governments have the regulatory tools to mitigate and constrain them. The demos in democracy stands for the people. When each person has one vote, we have the opportunity to work together, and, at least theoretically, push back for the greater good. Until very recently, there was a consensus among Americans that the wealthy and their corporations shouldn’t have more say than the rest of us.

Citizens United introduced a fox into the electoral henhouse and gave corporations unlimited ability to tip the electoral scales through investing in Super-PACs. The outcome has been distressing, yet entirely predictable. Now, companies not only have no existential reasons to act ethically, but they wield far more power in actual electoral, legislative, and regulatory processes. And while we previously had issues with the revolving door of our representatives becoming lobbyists, we now have the lobbyists themselves appointed to oversee the regulatory agencies that they once lobbied against. The regulatory oversight that compliance programs are designed to enforce is waning.

Finally, regardless of one’s politics, the way the President has been abusing whistleblowers, the rule of law, and the power of his office is providing a tragic example of leadership behavior. His transparent, chaotic bullying and attempted retaliation toward the Ukraine whistleblower(s) could create knock-on effects in both private and public arenas. My exposition on the lack of ethics in business is trivial when a president of the world’s largest democracy treats the office like it’s his own personal piggy bank, mercenary force, and re-election campaign. We all preach the importance of “Tone at the Top,” but right now, the “Leader of the Free World” is acting more like a Mafia don than a CEO; we have some big political fish to fry before we can structure a properly functioning capitalist economy.

Even without the current administration’s aspiring kleptocracy, if we honestly reflect on the underlying goal of compliance and ethics departments, it can often be reduced to “protecting senior management from a ‘perp walk’ in front of the news media.” For most companies, the motivation behind complying with the United States Federal Sentencing Guidelines is purely defensive and legal, not expansive or inspirational.

If ethics was principally important, we would see firms creating compliance and ethics departments without strong legal incentives and integrating them within strategic, operational, and technical decision-making. While there are firms that apply a superset of the USFSG requirements and use ethical standards as part of their branding appeal, they are few in number and often ring hollow. In my last decade as a consultant, I’ve met with exactly one CEO of a Fortune 1000 company who believed that ethics made his company more competitive. The rest of the senior managers I’ve talked with would confess they consider compliance and ethics to be a burdensome cost center that slows them down and decreases competitiveness.

So what do we do, with the triple threats of shareholder-value supremacy, weak oversight, and legal or political obstacles? Our Codes of Ethics, policies, and training are not aimed at the strategic, big-picture questions of whether our companies are choosing right or wrong paths, helping or hurting society, or accelerating the destruction of the planet. Instead, these Codes focus on keeping employees in line, saving firms money from fines, and avoiding deferred prosecution agreements.

I’d ask my colleagues to reflect, as I have: are you having a positive impact on the world beyond keeping your CEO out of jail? If not, is there anything we can do to expand the “ethics” part of our job in a world that desperately needs it? This is a discussion that we badly need to have.

Compliance and ethics professionals have to stop our self-congratulation and take a hard look at what we’re accomplishing (and not accomplishing). We need to initiate discussions that will establish ethics as a driving force in business. Until ethical decisions are considered alongside ROI (Return on Investment) and DCF (Discounted Cash Flow), we’re adding little more than a veneer of respectability to the sociopathy of unconstrained return to shareholder value. This will require compliance professionals to step out of the comfortable world of writing Codes of Ethics and developing compliance training….we will have to actually consider what is right and wrong in the business world and do some real ethics by stepping into the worlds of strategy and politics.

Rules, Risk, and the Dodd-Frank: They Earned It

Whenever I see a parent who has a toddler at the end of a leash, my first reaction is one of horror.  But my girlfriend always reminds me that nobody just gets the leash. No parent arbitrarily decides putting their kid at the end of a tether would be a good idea; they do it because, at least once, their toddler tried to run out into the street. Though the Chamber of Commerce seems to be horrified by the proliferation of regulation under the Dodd-Frank Act, it’s precisely the same situation. The financial services industry earned the leash.

I try to steer away from political topics on the blog. They tend to divide people more than they bring them together and often provide more heat than light. A post by the formerly mainstream, now free-market-fundamentalist Chamber of Commerce has inspired me to break that proscription, however, because it goes directly to the issues of ethic, risk, and compliance.

The page,, features a very well-done graphic on the number and scope of rules and regulations mandated by the Dodd-Frank act.  The contention is clearly that the overwhelming profusion of regulatory activity is going to damage U.S. competitiveness as a provider of capital market services.

What it missing from the discussion is a review of why Dodd-Frank was enacted in the first place; the capital markets have proved, over and over, utterly incapable of regulating themselves. The fact is that there were trillions of dollars of real value lost in the financial meltdown of 2007/2008, and no one has gone to jail, and almost no one lost their job, and all the bankers and bond traders and rating agency executives got to keep the billions of dollars in bonuses they made in the run up to 2007. So the scoreline reads Wall Street 3-0 Main Street.

We have laws for a reason. In a world with both limited resources that must be competed for and the unlimited right to stockpile those resources, some people will do things that may not be illegal but that are unethical. In some spheres of life the social pressure against doing the unethical countervails the reward. Additionally, some people are just decent and won’t exploit others on principal. But as the rewards grow into the millions and billions, like they do in the capital markets, internal and external non-legal pressures fail and we get collusion, insider-dealing, and revolving-door quid-pro-quo deals.

Furthermore, risk is hard. All the academic research suggests that people are not wired to understand risk well, especially when it occurs at the far ends of the bell curve (we tend to overestimate rare risks and underestimate common risks). Without incentives to understand it correctly (i.e. that the companies themselves will be left holding the bag in case of failure), it gets ignored and/or externalised.

And that’s precisely what happened in the subprime, derivatives, and insurance scandals of the last half of the decade. And, as above, what essentially resulted was a huge wealth transfer from the investors and taxpayers to the financial services companies. Through both the bonuses that happened in the run-up and the the bail-out in the aftermath, the capital markets firms internalised return but externalised risk.

So while the infographic on the COC website might make Dodd-Frank seem like an overreaction, remember what it  is reacting to. There is absolutely no reason, given the evidence of recent and/or past history, to think that the capital markets can overcome the human tendencies for greed and risk ignorance. In the long run, prudent regulation makes the capital markets more competitive by increasing stability and transparency.  And that’s what really want out of Wall Street, not seven figure bonuses.

Strategic Value of Ethics and Compliance

Like most consulting and audit firms’ white papers, this report from KPMG Advisory, The evolution of risk and controls: From score-keeper to business partner is long on sales and short on specifics. There is enough meat to make it worth reading, however, and it addresses an important question: are audit, compliance and/or corporate ethics programs ever more than a cost of doing business or can they add strategic value? I think the latter can be the case, but because most businesses see compliance and ethics as constraints and not as enablers, they lack the imagination to see where ethical business practices can give them an advantage in the marketplace. Clearly, since this is close to the central question I’m looking at these days from a research standpoint, more will come on this topic.

The relationship between compliance, risk, and ethics

Although he claims not to like the word “ethics” because he feels it denotes too firm a demarcation between permissible and impermissible activities, David Chillders does nice job of linking ethics, risk, and compliance in this 50 minute talk. While I disagree with some of his intermediate conclusions, the founder of EthicsPoint is right track and this is well worth a listen if this topic interests you.

I’m finding the issue of strategic default to be a rich one for reflection, so the blog post on it will be posted later today.