In this post I continue my exploration of the article in the summer 2013 issue of the MIT Sloan Management Review, entitled “Designing Trustworthy Organizations”, by the quartet of authors: Robert F. Hurley, Nicole Gillespie, Donald L. Ferrin and Graham Dietz. In case you missed Part I or are reading Part II first, let me start by reiterating – IF THERE IS ONLY ONE ARTICLE THAT YOU READ ON ETHICS AND COMPLIANCE IN 2013 THIS IS THE ONE TO READ. This the single best article I have ever read on how to build or maintain a culture of compliance, as it gives a specific road map to the compliance practitioner, in-house counsel or any other business executive on how to instill a culture of ethics and compliance in your company. Today I will discuss how to build ethical organizations which do business in a compliant manner. In Part III, I will conclude with the steps a company can take to rebuild trust in an organization after a catastrophic failure.
Building an Ethical Organization
To do this the compliance practitioner needs to instill ethics and compliance into the organization. This can include “setting formal and informal constraints, incentives, expectations, values and norms” all of which influence the behaviors of employees and even third parties with whom the company does business. The authors note that employees are influenced by both formal and informal controls; which can promote either “diligence and honesty—or recklessness and malfeasance.” Lastly, positive signals, through various mechanisms, all help but if you have mixed or “deviant messages” this can lead to cynicism or unethical behavior by your company’s employees.
Near and dear to my heart is the role of such anti-corruption legislation as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act, which the authors acknowledge play an integral role in supporting a company’s ethics and compliance program. But they note the warning, as voiced in the FCPA Guidance, that such laws are only the starting point to create an effective ethics and compliance regime. Moreover, and this next statement speaks directly to those who believe that a compliance defense will lead to more companies following the prescripts of the FCPA, the authors note “Sadly, external regulation may give organizations a false sense of security that can lull them and their stakeholders into complacency” about their ethics and compliance regime. Once again, witness GlaxoSmithKline PLC (GSK) which had about the strongest paper program that a company can provide.
The authors have devised a six-step approach which they call a “Model of Organizational Trust” (Model) and I believe are six steps you can use to build up a culture of ethics and compliance. This Model is based upon their collective research and study, systems theory and strategic organizational design. The Model, which allows you to embed such a culture of ethics and compliance into your organization, weaves the six signals that employees draw upon when making decisions of trust into “their infrastructure and core processes” which the authors believe over time earns the trust of the various company stakeholders. Their Model of Organizational Trust and some key questions pertaining to each step are as follows:
The authors write that all six of these concepts must be fully integrated. So an “effective organizational infrastructure (strategy; leadership and management; culture; structure and systems)” should work to generate and sustain the “effective core processes (development, production and delivery of products and services).” For the compliance practitioner, this means that elements of doing business ethically and in compliance must be woven into all elements of infrastructure and core company processes over time. If not, ethics and compliance failures are likely to occur, “when important elements are allowed to become misaligned.”
But, at the end of the day, the authors report that the “key differentiator between companies that violate trust and those that sustain it is integrity and consistency within and across the organization.” While every company says it does business with integrity, this review shows how the message from the top of an organization can be driven down through the DNA of the entity. Not to be overlooked is the second part of the phrase; that being ‘consistency’. If leadership sends out mixed signals about the values that it deems paramount, then all the talk about doing business ethically and in compliance may well be for naught.
In the final review of this article I will look at three companies which the authors believe have restored their business’ commitment to doing business ethically and in compliance. Until then…
Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013
For more information about LexisNexis products and solutions connect with us through our corporate site.