At the SCCE Compliance & Ethics Institute, I was in the packed auditorium for Principal Deputy Assistant Attorney General Nicole Argentieri’s remarks on the key changes to the Evaluation of Corporate Compliance Programs (ECCP) (see our team’s summary here). There was certainly a buzz of excitement (or nervousness?), along with a dawning realization that for some who can quote chapter and verse, there’s another round of learning and adapting to be done.
You’ve no doubt had some time to digest and are thinking of all manner of changes to your current program. Are you also thinking about this from a human-centered and data-driven perspective?
As a behavioral scientist, this is what I’m focused on:
- Mapping ‘speak up’ culture in a way that allows you to act and change things that aren’t working (and support things that are): The DOJ already seeks to understand whether a company has fostered a ‘speak up’ culture. As an organization, you’ll need to triangulate data points – both stories (qualitative) and numbers (quantitative) – to get to the bottom of how people perceive speak up. Engagement surveys are the traditional method to do this. However, I’ve spoken with organizations whose employees felt too unsafe to answer a psychological safety questionnaire honestly! Collecting the stories that employees are telling about speak up is more likely to help you identify patterns of behavior that you can help support or shift.
- Incentivizing whistleblowers to use internal channels first: There’s a tricky balance on incentivizing whistleblowing, especially when there is a hefty rewards program being offered in certain cases (see the Whistleblower Pilot Program). If a whistleblower makes an internal report before going to the DOJ, it may increase their reward. If a company self-reports following internal whistleblowing, it may be eligible for a declination. While research from the social sciences tells us that incentives don’t always lead to the outcomes we might expect, the DOJ is encouraging whistleblowers to raise matters internally first. In terms of your internal channels, don’t get caught in the trap of assuming all incentives are monetary. By understanding how people perceive whistleblowing and understanding their motivations for speaking up, you can help to prime your own program to be the first point of call. Your people will tell you what works for them.
- Limiting the risk of unintended consequences from implementing new technologies: There are significant behavioral questions when adopting new ways of working. When you are trying to get relevant information directly into the hands of risk takers (e.g., using a chatbot), consider whether those risk takers will interpret differently the answers they receive from a bot rather than a compliance officer.
- Building into training programs opportunities to fail and feedback loops: The DOJ is asking companies to learn lessons from their own failures, and is asking those in the market to update their programs and train employees. Impactful training that is designed to shift behavior and attitudes needs to be open about failures and be designed to allow compliance teams to capture data about employee perceptions. One-size-fits-all training, despite the apparent efficiency it brings, won’t cut it – especially for key risk takers. Giving participants an experience they want to turn up for, and where they have a safe space to articulate concerns and try approaches (with feedback) helps to ‘plumb in’ ways of working they can use when faced with a dilemma.
Apart from my newly-reframed behavioral attention, there is also a key change my colleague David Yanofsky is focused on:
- Ensuring compliance data capabilities are as robust as the rest of the business’ data capabilities. Prosecutors will be considering whether compliance programs are getting the same resources and technology to understand compliance data as the rest of the business has for understanding its other activities. This means enterprises will be looking to unlock tools and integrate data so that business intelligence tools, visualization software, and internal data APIs have access to monitoring, audit, training, and investigations information.
Lots to reflect on, and some big questions to answer. In doing so, make sure you are set up to explore the space in a human-centered and data-driven way.
About our practice
The Ropes & Gray Insights Lab is a differentiated solution for corporate governance and risk in complex business environments. Combining legal talent and subject matter experts in compliance, data, culture, and behavioral science, we help clients assess risk, map organizational culture impacting that risk, design and retool compliance programs, and implement actionable insights from qualitative and quantitative data.
For more perspectives from our team, check out the Culture & Compliance Chronicles podcast series.
Subscribe to Ropes & Gray Viewpoints by topic here.
Authors
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.