by Joe Murphy
In the compliance and ethics field we have in the past spent much time discussing things like codes of conduct and training. However, these are inputs intended to promote compliance. Today we have increased awareness that programs also need to be evaluated to determine how well they are working. For example, the Sentencing Guidelines standards include the need to evaluate programs as a minimum requirement. Both the US DOJ Criminal Division and the Antitrust Division, in their evaluation questions, expect companies to be evaluating how well their programs work. Merely determining that X% had completed training or signed the code does not meet this standard.
We need to be checking out our compliance efforts to see if they really work, and where there might be weaknesses. In Keith Read’s book, “The Unconventional Compliance Officer,” p. 93 (2022) he delves into one of these evaluation techniques called mystery shopping. This draws from a management technique used in retail, where paid observers shop at the company’s retail outlets to test how well transactions are handled and how well the store is run. Keith wisely observes that the same can be done for compliance purposes.
I have heard of this being done in pharmacies, where mystery shoppers observe whether items have been removed after passing their “sell by” date. This technique can also test pricing accuracy, which has both business and compliance implications.
There is, of course, a risk that any form of testing if performed thoughtlessly, can hurt corporate morale. Employees can interpret this as a lack of trust. But any form of testing and checking requires intelligence in how this process is run. The company should explain that “friendly” critical advice is better than being caught by an enforcement sweep. The compliance team will want to be sure people know how to do the right thing and that management is more careful in checking how work is done.
Checking and testing also can appeal to employees’ sense of justice and fairness. After all, employees don’t like seeing those who engage in wrongdoing rewarded, while those who make a point of doing the right thing fall behind. So when it is clear that the mystery shopping program is really to protect them and is not a “gotcha” they can understand and also be alert to any misconduct so that compliance observers give their shop good marks.
While it is clearly important to have good inputs such as accessible policies and engaging training, companies are also held accountable for what all of their people do. So the program must accommodate both those who act in good faith and those who do not. Thus mystery shopping and other tests should have a place in the list of compliance tools.
Search the site
While some organizations bar conflicts of interest in all cases, many opt for allowing COIs to exist where appropriate. But how should appropriate be defined for these purposes?
Attending SCCE conferences is always a source of insights and new information. In these conferences I have seen quite a bit of focus on data analytics, and deservedly so.
The first time I saw Kristy Grant-Hart she put on a show about magic compliance dust and then brought the audience to reality by breaking the news that there is
In our years of assessing compliance and ethics (C&E) programs, my partner Jeff Kaplan and I have pinpointed several key attributes that we consider essential to an effective program, including