By Jonathan Nwagbaraocha
What do you think of when you hear “compliance”? The answer to that question will determine how successful your company is at creating a positive compliance culture.
A positive compliance culture is one where compliance is embraced throughout the company and is fully integrated into a company’s structure, processes and management. “I have to comply” means you risk missing important opportunities, whereas “I want to comply” opens your door to proactive employee involvement.
Between the changing global regulatory landscape, customer requirements, and avoidance of non-compliance costs, the “I have to’s” present a strong case. But given the complexity and breadth of the challenge, the “I want to’s” will find the collaboration that nurtures a culture of positive compliance.
Does compliance at your company sound like “I have to” or “I want to”? Here’s why you want “want to.”
Catalysts for Culture Change
Corporate compliance programs have traditionally focused on finance, accounting, as well as anti-bribery and corruption. However, changes to the global regulatory landscape, customer requirements, and cost avoidance for failure to comply have expanded the focus of corporate compliance programs. Today’s list includes product chemical restrictions, information security, human-rights, and sustainability.
In fact, a recent article in the Wall Street Journal indicated how companies are melding their risk and compliance function with their environmental, social, governance and human-rights programs. With an ever expanding list of global regulations, a positive corporate compliance culture is necessary to ensure that all employees and products, no matter where they are located, conform with local laws and regulations.
The U.S. Department of Justice (DOJ) issued its Evaluation Guidance in 2017. The checklist highlights key topics that DOJ considers when assessing whether a company has established a robust compliance program. The elements all revolve around the concept of creating a positive compliance culture focused on leadership, risk assessment, policies and process, training, reporting, and auditing.
Customers are also pushing the shift to a positive culture of compliance. Similar to Xerox, many companies require their vendors to demonstrate that they have people, processes and policies to ensure compliance across several areas. While your customers want to know they are doing business with a reputable company, they also want to do business with a company that minimizes potential disruptions due to non-compliance. For example, the U.S. government, the largest purchaser of goods and services in the world, requires adherence to the U.S. Federal Acquisition Rules (FAR) which applies to federal agencies that procure goods and services. Moreover, FAR 52.203-13 requires vendors to have a robust compliance program in order to sell goods and services to federal agencies.
Corporate integrity at Xerox
The following links provide examples of how Xerox acts with integrity, and creates a positive compliance culture, include:
2018 World’s Most Ethical Companies – Xerox is one of only 13 companies that been recognized by the Ethisphere Institute all 12 years that they have published their list of the world’s leaders in ethical business standards and practices.
Code of Business Conduct – The code helps us resolve ethics and compliance concerns consistent with our core values.
Global Citizenship Report — Integrity and transparency are implicit in everything we do. From our requirements for employees, to our expectations of our business partners, and our governance guidelines for our Board of Directors.
Finally, a positive culture of corporate compliance helps to avoid costs of non-compliance. According to Gartner’s Risk Clarity Quarterly: Understanding the True Costs of Misconduct, types of costs related to misconduct include:
- Fines and settlements associated with a single incident of misconduct.
- Lost productivity through disengaged employees.
- Costs associated with increased employee attrition.
- Program time and costs associated with investigations.
- Other costs, such as reputational harm, lost stock value, and operational improvement costs.
The report specifically mentions that employees who observe misconduct will experience on average an 11 percent decrease in their levels of engagement. Observing misconduct will decrease an employee’s intent to stay by 16 percent on average, and 23 percent decrease for sales and financial violations.
Create a Positive Compliance Culture
You can think of a “positive compliance culture” in two ways: “I have to” and “I want to.” The “I have to” approach is not ideal because it can often result in compliance being seen as a barrier, which could mean your compliance process won’t change.
The “I want to comply” approach means that every employee understands how the company wants them to do business with integrity. They also understand the important, and active, role they have to ensure compliance with a variety of regulations. This results in more dynamic compliance processes where everyone is involved. Your employees understand existing requirements, and are involved in assessing risk for future changes in regulations or requirements. This allows your company to focus on identifying positive examples of compliance as well as deterring misconduct.
Creating a positive compliance culture does not happen overnight. It requires commitment from everyone in a company. Experts offer many recipes to create a positive culture of compliance, but Gartner’s 2018 Culture of Compliance & Ethics Essentials report lists 6 critical initiatives:
- Empower employees speaking up to report misconduct.
- Train high integrity employees.
- Develop managers into ethical leaders.
- Improve the tone at the top.
- Build integrity into business practices.
- Foster a sense of organization justice.
Insights from Gartner
They surveyed more than 2 million employees for more than 10 years. Gartner found that a strong culture of integrity decreases observed misconduct, and improves reporting rates, as well as overall business performance. Learn more from Gartner at Insights: Corporate Integrity.
Commitment to Compliance
As a global company, Xerox is expected to maintain an effective corporate compliance program that ensures compliance for a variety of global regulatory and legal requirements. Xerox is committed to creating a positive corporate compliance culture and doing business with integrity.
Additionally, in September 2017, we established the Office of Compliance to ensure sustainable compliance with applicable with laws and regulations, as well as to instill a formal enterprise wide compliance program. Sustainable compliance means effective and efficient compliance functions and processes focusing on the most material corporate risks, and striving for continual improvement. The Office of Compliance collaborates with subject matter experts, Office of Business Ethics, and Internal Audit to assess risk, prioritize, and continually improve compliance processes.
The Office of Compliance is committed to creating a positive corporate compliance culture with the Office of Business Ethics, Internal Audit, and all employees by:
- Help employees exhibit good behaviors in their work.
- Ensure senior leaders and all managers send consistent messages.
- Make colleague’s positive behavior more visible.
- Review and updating corporate policies to ensure they remain current with evolving regulatory and legal requirements.
“Xerox’s Compliance program ensures Xerox is meeting the ever more demanding expectations of all our stakeholders,” said Michele Cahn, Vice President, Global Government Affairs, Corporate Security, Philanthropy, and Sustainability. “It re-enforces our commitment to our corporate values of behaving responsibly as a corporate citizen in an increasingly complex word.”