The Five Not-So-Daunting Steps T...
The Five Not-So-Daunting Steps To Buildi...

The Five Not-So-Daunting Steps To Building A Culture of Compliance

Developing a strong compliance culture is good for you and your employees, your bottom line, and the world at large

Kelly Maxwell Content Marketing Specialist, OneTrust

clock10 Min Read

Featured Image

Corporate culture is one of those business phrases often thrown into conversation with little thought given to what it actually means. In our rapidly-evolving society, how can you make sure that your corporate culture doesn’t just talk the talk, but it also walks the walk? Developing a strong compliance culture within your organization isn’t just good for you and your employees, it’s also good for your bottom line and the world at large.

To find out how, we spoke to two heavy hitters in the world of ethics and compliance: Noshin Kahn, OneTrust’s Compliance Counsel, Ethics Center of Excellence, and Gbemi Yusuff, Senior Compliance Counsel, OneTrust. They shared their secrets into what the benefits are, how to measure compliance across your organization, and what the cost of non-compliance really is.

Step One: Establish Your “Why” 

Building a culture means that you must be a part of that culture and it can’t just be “my way or the highway.” A culture is formed through mutual accountability and responsibility, rooting everything firmly in your “why.” According to Gbemi Yusuff: “The first step to cultivating a strong and sustainable culture of compliance is understanding your “why” – this will help you determine the values and behaviors that embody it, and in turn, effectively embed them into your organization.”

Gone are the days of smoke-filled back rooms, behind locked doors of power, where leaders made decisions and never had to disclose their reasoning. Business has evolved. We are living in a world of regulations, benchmarks, and endless data, so when you’re considering your compliance culture, you must be transparent in order to get buy-in. Your “why” is just as important as your “how.”

A compliance culture is built on a strong foundation of trust. To establish trust, you must do what you say you’re going to do, you say you’re going to do it, and explain how you’re going to do it and why. It isn’t just about the words you use when discussing your organization’s commitment to compliance, but rather, it’s about what you do, day after day, to show that you actually believe it. “Your culture is how your people behave when nobody is looking. Take every chance to remind them what that behavior looks like, especially by leading by example,” adds Yusuff.

Here are a few questions to ask in order to determine your “why:”

  • What are your company values? How can these be embedded into your day-to-day behavior?
  • Do your employees and public stakeholders believe that your company possesses the courage of its convictions?
  • Do your employees know that you also hold yourself to the same standards?
  • When rules are broken, do your stakeholders, both internal and external, trust your company and leadership to do the right thing?

Concerned that your reporting rates aren’t what they should be? Think your workforce may be afraid of retaliation? Download our How to Build a Speak-Up Culture ebook today and learn to raise awareness for your helpline and overcome reporting reluctance.

Step Two: Practice Makes Perfect

So, you’ve committed to building trust and transparency in your organization. That’s great! The second step in building a compliance culture is practice. According to Noshin Kahn: “An ideal ethics and compliance culture is the one an employee can apply beyond the general framework, but also in their personal lives because what is right, is right no matter when and where you are. Get your employees inspired to do the right this in life and not just at work.”

When you establish your “why,” think about where you can layer that deeper meaning in with existing business structures and operations. You and your employees will start to embrace your role as ethical ambassadors, no matter their individual title or area of expertise.

For example, when you’re practicing a piece of music, regardless of skill level or years of experience, the most frequent piece of advice you’ll hear is “Simplify, simplify, simplify!” Your odds of success increase when you break things down into easier to digest parts. When building out your “why” and the supporting initiatives, the same advice applies. “Set simple and meaningful values that resonate with your business and your employees, easy words they would know by heart and could see in their daily job; this is where the feeling of belonging to a culture they will want to protect starts,” says Kahn.

Here are a few questions to ask in order to put your “why” into practice:

  • Are you constantly evaluating what genuinely makes sense and what is meaningful and what’s not?
  • Over time, do you stick to your convictions and clearly demonstrate how each benchmark, regulation, and data point serves the overall goal of compliance?
  • How can you, as a leader at your organization, successfully “set the tone from the top

Step Three: Bake Psychological Safety Into Your Every Move

Beyond simple compliance – that is, adhering to your industry-specific standards and laws – fostering a compliance culture can help your staff and every third party who interacts with your company feel good about the work they do and who they work with. Have you ever worked in an environment where your physical well-being was on the line? Have you ever worked at a company where your psychological health was deteriorating because of toxic culture and personalities? If you have, then you know the implications: When you don’t feel safe, either physically or psychologically, you will never be able to do your best work.

When compliance is built into your corporate culture, your employees know that your company values their well-being. It seems overly simple, but when people come to work, they understand that everyone is working toward the same things, in the same way, and are accountable to the same standards. That produces a psychological safety that is deeper than any level or seniority. “Culture today is an open-door approach with your employees,” says Kahn. “Be authentic and fully transparent in order to win together and lose together. Don’t hide or make things up because employees will feel it and stop caring. You make mistakes when you don’t care.”

Maslow’s Hierarchy of Needs states when physiological needs are met (food, water, warmth, rest), an individual can attend to needs higher up the five levels of the pyramid. Once an individual covers their need to feel safe, they can then focus on their needs of belongingness and love, esteem, and finally, their own self-actualization. Any manager, regardless of industry or training, should strive to pave the path to self-actualization for their employees. If an employee feels free to achieve their own potential, they will add so much more value to the company culture by producing their best work and challenging themselves and others to do the same.

Step Four: Establish Organizational Trust and Buy-In

Fostering a culture of compliance means that your organization will always be striving to live up to its own standards. Implementing benchmarks, conducting surveys, integrating policy trainings into onboarding, etc. may all sound well and good, but in order to maintain organizational trust and buy-in, every level of your organization must play by the same rules. If your staff trusts the culture at your organization, they will not be afraid to  when they witness unethical or illegal behavior.

A double standard, at any level within your organization, will undermine any hope of establishing a positive company culture; there will be no hope of empowering people to speak up if they’re afraid and don’t trust you. It is of the utmost importance to take an accurate pulse on people’s sentiments, their feelings about accountability, and their behaviors at every level in the organization. A culture of compliance may seem like an overly intellectual endeavor, but without it, your organization is vulnerable to many more costly, dangerous, and unpredictable factors.

Communicating exactly what is expected from your employees, in an easy-to-understand format, is made easier with ethics program management tools

Step Five: Identify Blind Spots and Hot Spots by Layering Quantitative and Qualitative Sources

By now, you’ve seen how a compliance culture will benefit your company, but how do you measure such a constantly evolving and sometimes invisible entity? Your data will help you identify your blind spots and hot spots (more on that below), so its accuracy is paramount. Think your internal surveys are enough to get an accurate pulse on your corporate culture? You will need to rely on multiple data sources in order to get an accurate picture. Layering data, from both qualitative and quantitative data sources, will help you bridge the gap between what people tell you and what you see objectively. Only after enough data points are collected, can you figure out what kind of story they’re telling you about the ethical health of your organization.

So, you’ve gone out and conducted focus groups, surveys, and individual interviews. Still feel like you don’t have the hard data to measure your compliance effectiveness via more holistic qualitative methods? This is where you can really lean into the data available with ethics program management tools. An interactive portal with integrated analytics will show you which policies or questions get the most views, which regions are generating the most traffic, and much more. By dissecting your data in a variety of ways, seeing exactly where people are coming from and why, you’ll be able to identify where your blind spots and hot spots are, based on frequency, location, or department. These gaps and hotspots should be seen as opportunities.

The Cost of Non-Compliance: Keep Up with Cultural Expectations or Else

According to Yusuff, “We all know the criminal and financial cost of non-compliance, but what is equally, if not more, important are the reputational consequences. Even when there is no legal case to answer to, the court of public opinion never closes.” In a saturated news environment, every corporate misstep could land a company in the headlines. Businesses need to shield their reputations from any negative coverage in order to compete. Kahn adds, “We are living in a fast world of social media and scoring. People will check how many stars you have before trusting you or joining your company.” If you bake compliance into everything your company does, then you can spend less time worrying about preventing missteps from becoming public, and more time coming up with ways to publicize how your company lives up to its values.

By now, if you haven’t been convinced that cultivating a culture of compliance is in your organization’s best interests, consider the fact that your reputation can be a huge asset, impacting your bottom line. Credibility is a competitive advantage. Go back to the psychological safety of employees; it exists with consumers as well. When consumers are shopping around, a purchase may come down to the differences between corporate cultures and their perception in the marketplace. If you have a healthy compliance culture in place, your organization will benefit from that hard-earned trust.

Take a closer look at your compliance culture and put it into action with our speak-up culture ebook. Download our step-by-step guide to improving your speak-up culture today!

You Might Also Be Interested In

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

JANUARY 9, 2023

Navigating the California Privacy Rights Act as a HIPAA-compliant business

JANUARY 6, 2023

US state privacy bills on the horizon in 2023

JANUARY 4, 2023

3 steps to stay compliant while using consent-driven targeted marketing

Onetrust All Rights Reserved