The Straw Man Compliance Program

There is much in the compliance and ethics literature that holds value for us

To keep up with developments in the compliance and ethics field I sometimes read articles about the field written by academics. There are a number of writers I have worked with who are quite sincere in their efforts to improve our field and who approach it with true intellectual curiosity. They keep up with the literature, but also engage with practitioners in respectful exchanges of ideas and experiences. It is my hope that more people in academia will study our field and help us reach greater heights with this profession. There are brilliant minds that have the potential to move us much further along in the development of truly credible and effective compliance and ethics programs.   

But some writers just do not like compliance programs

There is, however, another side of the literature that is less productive. One message that comes across often in reading some of these academic writings,[1] is that they do not like the idea of compliance programs.  While I am frequently a critique of how compliance programs are currently being done (e.g., companies too often ignoring the essential area of incentives, having CECOs without real independent power, failing to evaluate how the program is really operating), I base this on what program elements are actually enumerated in the various standards of what an effective compliance program is, including the US Organizational Sentencing Guidelines (USSGs).

But in a significant amount of the literature this type of constructive criticism, based on what is actually in standards like the USSGs, is often absent.  Rather, the approach is more an attack on the whole concept of compliance programs including the USSGs, based on an emaciated straw man compliance program.  They do this by using their own definition of compliance programs that almost never includes some of the essential points set out in the USSGs.  Although the USSGs standards are remarkably brief and to the point, nevertheless authors frequently do not seem to have read or applied the language of the standards.   

Meet the straw man compliance program

The typical straw man program almost always draws attention to codes of conduct (although codes are nowhere mentioned in the USSGs.)  It will have a compliance officer (never a CECO with real power), a hotline (usually nothing about a program to prevent retaliation), and always a reference to standards/policies and procedures. Unlike the USSGs, the authors use “standards” and “procedures” as synonyms, despite the fact that the USSGs define “procedures” (in the brief “notes” section) as “internal controls.”  An internal control would be an actual process that makes it more difficult or close to impossible to commit wrongdoing.  But this is not explored in such negative academic writing. 

The straw man may have a reference to investigations, but not about the need to do a root cause analysis.  It may cover discipline, but not the USSGs’ requirement to hold managers responsible for failure to take steps to prevent misconduct.  And they typically do not even hint that the standards contain any coverage of incentives. Some writers criticize the very concept of compliance for not covering incentives, overlooking the actual words of the USSGs which include incentives.  

The straw man almost never references the need for diligence in hiring, and does not cover the part of the notes to the USSGs that make clear that the diligence requirement also applies to promotions – i.e., that those who don’t support legal and ethical conduct should not be rewarded by promotion. 

There may well be reference to audits and sometimes monitoring in this literature, but usually castigating this technique as some form of evil “command and control.”  There is not, in that context, reference to the USSG’s requirement to evaluate the effectiveness of the program.  Note that this provision in the USSGs does not call for box ticking; it is not merely counting up what was done, but rather asking the far more difficult question, is it working. 

In essence, their straw man program is mostly paper and preaching, with an approach to controls described as if it were borrowed from the military.  What causes this extremely negative reaction by critics of the USSGs and similar standards?  Possibly because the USSGs are from a legal source (the US Sentencing Commission) they assume the standards must be legalistic and formulaic, without giving it much objective analysis. 

We could all do much better with practical help from the talented writers in academia

But we all suffer from the impact of this lack of deeper analysis.  Compliance and ethics programs, when accurately defined, have enormous potential.  There are thousands of compliance and ethics professionals around the world giving their best, every day, to protect the public, employees, investors and the environment.  But until they have the very things that really matter, and that these writers omit from their descriptions of the standards, they cannot meet the full potential of compliance and ethics. Ironically, the very professors who create this straw man and criticize this mistaken construct, are in fact complicit in continuing the weaknesses that have developed in compliance programs in practice.  

Our friends in academia could help us all and perform a tremendous service to our communities if they read the intelligent and practical standards like the USSGs with an open mind, and pointed out where we are in fact missing the mark in our day-to-day work. This is a tremendous opportunity for insightful research that could produce valuable advice for compliance and ethics professionals.  These researchers and writers are in position to offer us useful insights and point out examples of how we could apply these standards more effectively.[2]  Accurately describing what is in the USSGs, and then helping compliance and ethics professionals to be more effective in preventing organizational misconduct would be a service for all of us.     

[1] These writers usually describe one another as “scholars,” whereas compliance and ethics people are not recognized as professionals, and more typically are referred to disparagingly such as being in the “compliance industry” or even a “cottage industry,” as if the entire field was a scam.  Also, as a matter of practice, at least in the articles I have read, they do not discuss organizational crime and misconduct in universities, and overlook the opportunity to discuss the compliance program that exists in their own university. 

[2] For example, the Fall 2023 SCCE Compliance and Ethics Institute included a presentation on how to word survey documents so they will draw more accurate results.  Surveys are a useful tool in measuring how well a compliance and ethics program is working, but take  more skill to draft than many people realise.  There are many areas like this where analysis and research could have practical benefits.