Program Measurement, Reporting and Benchmarking

Thoughts and insights from a group of compliance executives

Last week, we hosted our first Compliance Tech Talk event. Just in case you missed our blog post about this new event series, Compliance Tech Talks bring compliance executives together for a interactive roundtable discussion to share challenges and what is working (or not working) in their current compliance program. It is a great opportunity for compliance professionals to improve their compliance strategy, grow their knowledge base and build their networking circle.

These type of events are one of my favorite parts of my job. Yes it is fun to go visit a new city, but it isn’t about that. It really comes down to the relationships and learning that comes out of the sessions. Not only do I leave with a much better understanding of a compliance professionals challenges, goals, needs and wants, but I also see attendees walk away with new insights and solutions they can apply to their own organization by learning from their peers.

The most recent Compliance Tech Talk was hosted in Portland, Oregon and it was a full house. Portland is a very engaged community when it comes to compliance, which was exciting to see. Companies from Portland and Washington joined including Intel, ESCO, Cambia Health Solutions, Con-Way, NW Natural, Intertek and others. The titles varied from Chief Compliance Officers to General Counsel to Vice Presidents of Compliance and more. The topic of the event was themed around one of the biggest challenges compliance professionals face today – reporting. Below are the key topics that were discussed:

How do you measure the effectiveness of your compliance program?

If you’ve been reading the Compliance Report over the last few months, you’ve seen a lot of stats in regards to how organizations manage compliance i.e. 53% rely on spreadsheets. So, when we introduced the first question, how do you measure the effectiveness of your compliance program, I’m sure you can guess the first answer we heard…spreadsheets (surprise, surprise!). A few challenges when reporting from spreadsheets include:

  • Manual process = time consuming!
  • Lack context and it doesn’t paint a full picture
  • No real-time data making it harder (and more time consuming) to identify or address problematic cultural or behavioral issues
  • It doesn’t offer analytic depth or richness that CCOs are striving to get and offer to the C-suite and boardroom

On a positive note, compliance teams are catching on. A lot of attendees had moved away from spreadsheets and are using technology to measure the effectiveness of their program. And, the ones that are currently using spreadsheets, said they were moving towards technology to have real-time data and dashboards to help quickly address risks, achieve objectives and measure their progress effectiveness.

The most popular metrics that attendees are reporting on included hotline (how many calls, where are they coming from, etc) and training (are we training on risk areas, completion, etc). Even though these metrics are critical, CCO’s are striving to report on more. Being a relatively new field means that compliance teams are trying to figure out how and what to report on expand to more metrics than just hotline and training. Some ideas include conflicts of interest, gifts and entertainment and being able to understand that root cause of why something happened.

How much do you focus on why something happened vs. what happened? 

With so much of compliance focused on identifying organizational risks and putting measures in place to monitor and mitigate those risks, it’s clear that preventing issues is top of mind. However, this group of compliance professionals understood that identifying the root causes and influencing factors of noncompliance isn’t simple, but is key to help spot holes in their program or cultural trends that need to be addressed.

One example shared that had a lot of heads nodding was about how to manage human behavior by separating it in two different buckets:

  1. Bad people doing bad things
  2. Good people doing things

Of course, compliance helps find all the bad people doing bad things (no matter how great a company is, there are always a few bad apples) and fire those people 100% of the time. In regards to the good people doing things, the compliance team starts to analyze the root cause and contributing factors in cases of misconduct to understand why. In various cases, a lot of the time these employees don’t realize they are doing something wrong. Here are some common behavioral and environmental favors that commonly contribute to noncompliance:

  • Lack of awareness – “I didn’t realize the conduct was wrong.”
  • Lack of sensitivity – ” I wasn’t aware my conduct would have that effect on others.”
  • Company loyalty rationalization – “I was generating profits for the company.”
  • No harm rationalization – “It didn’t really hurt anybody.”
  • Legitimate action rationalization – “Everyone else is doing it.”
  • Operational burden – An undue operational burden left insufficient time to perform in a compliant manner.
  • Financial or performing incentives – Incentive compensation or a performance reward drove violation.

Who, if anyone, do you deliver a report about compliance effectiveness to? 

Overall, majority of the room (if not all of it), had at least two meetings a year with leadership, executives or the board. Some even met quarterly with their board. Compliance teams are also meeting with HR, sales and management to share compliance trends, cases and investigations to work together to stop noncompliance. In addition, some companies are even sharing a compliance report with their entire company to be completely transparent on what is happening throughout the organization. Yes, that means that every employee has visibility to cases, investigations, terminations and more!

Since sharing compliance information to the entire company was surprising to some, Patrick shared the annual report done by Jones Lang LaSalle (JLL), Ethics Everywhere, which is a 7 page summary of the company’s ethics program. It highlights types of integrity concerns investigated that are categorized and compared to previous years. It even drills down to the exact number of investigation for each category and the overall number of investigations for the year.  A few examples of the categories includes improper employment practices or behaviors, improper vendor payments or conflict of interest, inappropriate use of internet, business computer or other communications as well as termination of employment, job changes or transfers, suspensions, formal warning deferred promotions and/or reduces bonuses. The report is very robust and a great way to promote the ethical culture at JLL.

How do you benchmark your programs both internally and externally?  

When it came to benchmarking internally, attendees were confident that they could do this well. Many examples of internal benchmarking were shared and stated that it was possible through surveys, hotline reports, training stats and so on. Most of the group admitted that doing the same survey year over year or every 3 years provided them with the benchmarking information they needed.

External benchmarking seemed to be the exact opposite. Since the industry is still young, the integrity of the data is young which challenges compliance professionals to get external benchmarking they can trust. Since there are various benchmarking reports that are released annually, compliance professionals can use these to get a ballpark on where they are, but it does not give them the apples to apple comparisons they are looking. This is an ongoing challenge for compliance professionals because leadership and the board are constantly asking the question “How does this compare to other companies?” and  “Is this what other companies are seeing?”

One great suggestion provided by one attendee was to set up a meeting with another company that is not a competitor to discuss your compliance programs. This allowed his past compliance team to learn and compare to another company of a similar size, but in a safe environment. If a handful of these meetings can be set per year, you can provide some additional external benchmarking data to your board. In time, compliance professionals hope that external benchmarking will continue to mature so they can easily and effectively provide the answers to their board and leadership teams.

Other popular topics throughout the session were on complexity of cases and how that can help with response time, working with other departments to make sure everything that is being brought to managers is being reported and pulling in key information from other departments like HR. Currently, a lot of programs have great technology for hotline, training and other compliance solutions, but they aren’t able to pull in HR data, which is also very important and needed to get a full picture and understanding of what is going on throughout the organization. Overall it was a great session and we look forward to our next Compliance Tech Talk in Denver next week.