How Dell and GE Embed a Culture of Compliance

By Kristin Casler, featuring Mike McLaughlin, vice president, chief ethics and compliance officer, Dell Inc.; and Al Rosa, chief compliance director and senior executive counsel at General Electric; and Susan Frank Divers, senior advisor, LRN.

Do your employees simply obey compliance and ethical rules because they know you’re watching them? Or do they believe in doing what’s right? Companies like Dell Inc. and General Electric say that a companywide culture of values and integrity helps them boost morale and corporate reputation, avoid costly compliance missteps and ensure compliance with laws and regulations.

Creating a culture of integrity goes well beyond offering an employee reporting hotline and checking the “completed” box next to “Compliance & Ethics.” It requires instilling a top-to-bottom environment of  achieving business goals with a commitment to compliance. It’s using data analytics, companywide open reporting and training “gamification” (using gaming tools) to help employees believe to their core that their conduct is right for the company, right for them and something to be proud of.

Turning obeyers into believers requires considerable work and resources. But Mike McLaughlin, vice president, chief ethics and compliance officer of Dell, and Al Rosa, chief compliance director and senior executive counsel at GE, say it’s very doable. Besides, just imagine the potential negative impact to your company and potentially to individuals if you don’t.

Take it from the top:

“Leaders have no greater responsibility than to shape the culture.”

–Jeff Immelt, CEO, General Electric

Today’s corporate culture should be one of integrity, McLaughlin and Rosa agree. You hear “set the tone from the top” from a lot of companies, but understanding how that tone gets cascaded throughout the organization is critically important. Rosa said GE leaders have to participate personally and passionately in compliance initiatives.  When it comes to leadership on integrity—setting priorities, communicating expectations and allocating resources—it must be done by leaders.  At GE we tell our leaders, “Do it, don’t delegate.” “We need for them to make the tough calls on compliance, and when it impacts their business strategy, to emphasize and teach employees that ‘making the numbers’ or satisfying a customer request can never come at the expense of our reputation.”

“Leaders must incorporate regulatory and compliance risk into their business planning and operating models. If they don’t do so, then managers who report to them won’t do it, either. We lose a critical element of operating success,” Rosa said. Leaders also must act promptly when confronted with an issue. They are judged from the moment they learn about a problem. They must communicate about compliance with sincerity and conviction, and about their expectations.

“One of the most powerful messages a leader can send is to allocate resources—time, money, personnel—to the integrity program,” Rosa said.  “Every company around the world is stretched for resources, and it speaks volumes when one of those precious resources—especially if it’s a senior resource—is allocated to work in the integrity program.”

It’s also critical to hold managers—not just the compliance leader—accountable when mistakes and “attaboys” arise in their program. Rosa said GE doesn’t just set those standards, it teaches managers how to operate the processes and gives them positive and negative examples from other leaders to learn from.

Don’t let this happen to you

So, how do you get employees to look beyond individual short-term gain and think about what’s best for the company and the communities in which they serve? How can you convince employees to comply, not because they are being watched, but because it’s the right thing to do? “Show them that they are serving a higher purpose, that they’re doing something bigger than themselves, and that it’s more important than just their own self-interest,” McLaughlin said. “You have to win their minds and hearts.”

The ideas for training and awareness have to be relevant, practical and solutions based, and they have to work with the business culture and goals, McLaughlin said. It can’t be something esoteric or academic. McLaughlin said he is a huge believer in stories. Dell has story decks related to many topics—privacy, anti-corruption, trade compliance. They include cases from around the industry, put in the context of the rules, so that people remember them. In many cases, Dell lets its leaders tell the stories.

“We also actually tell stories about our own cases, and there’s pluses and minuses to doing this, but we’ve decided that it’s important enough that we do it,” McLaughlin said. Once a quarter, McLaughlin sends a confidential note called “Don’t Let This Happen to You” to all employees that talks about cases without breaching the confidentiality of the persons involved.

Besides stories, McLaughlin said humor sells compliance. Humor is memorable. Every compliance professional wishes that he or she could whisper in the ear of an employee who is about to make a bad choice for the company.  The next best thing to that is having them remember the compliance advice they heard at a training six months ago.  Humor and stories help make that happen.  

You also need to make compliance personal. The U.S. government has made it clear it is targeting individuals and holding them accountable. “Without scaring or being the fright police, we really have  to make it very clear to people that there’s personal involvement, and that doing the right thing is not only good for the company but the best thing for all employees involved as well,” McLaughlin said.

Data analytics is the wave of the future in compliance and ethics, Rosa said. GE uses it to indentify the root causes of each issue. “When you do that over thousands of cases, what you can learn from are the trends,” Rosa said. You might find ineffective training in a specific area, and that confusion about the rules has given rise to issues, or that your control is not as effective as it ought to be. Or perhaps numbers reveal a trend of intentional misconduct.

McLaughlin agreed on the data analytics piece. “Imagine five years from now, in our profession, when you’re able to triangulate data points like travel expense statements, work location, customers served, vendors used, etc., and really focus on? training.” Instead of training 10,000 people for half an hour on anti-corruption, or gifts and entertainment, the data can tell you the 70 people who, because of what they spend, where they live, who they work with and other factors, could really benefit from a two-hour course. “Let’s deep dive with these folks, because data tells us that they’re the biggest risk to us,” McLaughlin said.

Gamification is also really hot. McLaughlin said Dell now has two compliance training games and another in development. In 2014, the company launched the first game and 25,000 of the company’s 100,000 employees took it, and it received a 94% approval rating. “We’re a competitive culture. People took it two or three times, to try and get a better score. That course was on anti-corruption and Dell now has a game-based compliance course on privacy and data protection as well.

Sometimes the key is to provide training without employees realizing it is training. Dell recently developed a course for 20,000+ sales makers around the globe called Leading From the Front. It is a sales training course, with compliance embedded inside it. It speaks to sales employees in their language and aligns to things like account planning and the sales cycle. “Now, when sales makers learn how to sell Dell solutions, they will remember the connection points and how to do it in the right way.”

Procedure Simplification

Getting employees to absorb the processes and take ownership of compliance is a struggle. Rosa said GE has embarked on a simplification campaign. Streamlining the global code of conduct by digitizing it and whittling it down to the bare minimum of words and volume more clearly expresses what is expected of employees. GE uses digital tools to layer in videos, online training and games that help employees reinforce what they’re learning without having to click through multiple systems and processes and tools.

“I think this concept of simplification is the next frontier for compliance, not only as it impacts policies and procedures, but globally across the program, including training, communications, operating reviews, and the like,” Rosa said.

Susan Frank Divers, Senior Advisor at LRN, said that simplification makes a great deal of sense for companies with multinational and multilingual workforces.

Grass-roots results

Like many companies, Dell encourages employees to flag potential problems. Employees on the Latin America team decided to take their compliance initiative one step further, McLaughlin said. They created a grass-roots ethics task force with the theme, “Do the right thing. Win the right way.” Task force members meet twice monthly on their own time, and talk about how they can continue to drive a culture of compliance in the region. Dell then successfully exported the idea to other regions around the globe.

Open reporting

GE has had an ombuds program since the early 90s so that employees could report questionable conduct without fear of retaliation. Today’s program is resourced with 500 part-time employees and a senior team of full-time leaders who promote open reporting in every GE business in every country where the company operates. The open channels include the departments for human resources, compliance, legal and audit and an anonymous help line. Then every concern is tracked to its conclusion to ensure the right action is taken, Rosa said.

“We find that our investigation work works best when our employees are talking to us and they feel that they can speak to us, and that things get done from the input they give us,” McLaughlin said.

Just as at Dell, GE is hyper-focused on response to concerns and uses compliance stories to explain how or why a violation occurred and how the company responded to ensure it doesn’t happen again. “Employees have to feel like there will be discipline in appropriate cases at every level of the organization, and that managers in particular are going to be held to a higher standard, because it is they, after all, who own the program,” Rosa said.

You can never rest on your laurels, Rosa said, because you can never be sure that employees are reporting everything in the proper chain. A previous employee survey found many workers first reported problems to their managers, but those managers were not always pushing the concern through the system. Working with the managers and better explaining the process to employees has resulted in more concerns reaching the proper ears.

Turning findings into fixes

That’s why, when it comes to investigations, McLaughlin said they don’t simply finish one and close the file.

“We want to make sure that we don’t just solve the problem that’s before us, but that we look at any control gaps or tone issues that we can address, so that we solve the problem going forward, and don’t face it again in another six months.” Each major investigation has a remediation program attached to it.

Sharing

The holy grail, the compliance experts agree, is achieving that share of mind. Companies must spend a great deal of energy making sure that they have the right tone, awareness and mindset to turn people who obey into people who believe and obey. Sharing best practices and creative compliance strategies among companies helps increase everyone’s chances of finding it. No company is perfect. There will always be compliance and ethics challenges. There’s always more to learn.

This article is based on a Webinar produced by HB Compliance Conferences with Susan Frank Divers. More at www.LitigationConferences.com.