3 best practices for building a better compliance program strategy

As ethics and compliance professionals continue to be challenged by the business and regulatory environments, vigilantly improving the organization’s compliance program is a key driver to mitigating risks and improving company culture. Last week at the Ethisphere Global Ethics Summit, LRN Senior Advisor Susan Divers was joined by ethics and compliance professionals for a discussion on actions they have taken to advance their compliance programs and best practices to consider when building out a better compliance program strategy. The panelists included: 

  • Ritu Jain: Executive leader – Global governance and assurance at General Electric (GE) 
  • Dan Oseran: Vice president, legal, and chief compliance officer at Intuit 
  • Callie Pappas: Vice president, chief ethics and compliance officer, and deputy general counsel at Schnitzer Steel  

In LRN’s 2022 Ethics & Compliance Program Effectiveness Report, 82% of 1,200 respondents surveyed said their ethical culture became stronger as a result of their experience since the pandemic began. Moreover, 78% of respondents reported that their firms emphasized company values rather than rules and procedures to motivate employees to do the right thing. These results underscore that organizations need to do more than just deliver training content if they want to advance their compliance program. A greater understanding of what employees need to know—and how best to communicate and provide according to their needs—is a large part of the success. 

Here are three best practices the panelists recommended to help enrich ethics and compliance program strategies. To listen to the full panel discussion, click here. 

Stay agile and flexible—as a compliance team and as an organization

In an environment where the future of the workforce is unknown, much of what organizations went through during the pandemic—and even today—demonstrated that learning to be agile and flexible is one of the keys to program success.  

“Throw out what isn’t working and focus on what does work.”  

—Ritu Jain, General Electric 

Callie Pappas provided a perfect example of how she and her team had to pivot at the onset of the pandemic. Schnitzer Steel, a steel manufacturing and scrap metal recycling company, remained open while most of the world went dark because it was an essential business. As many organizations do at the beginning of the year, Schnitzer Steel was planning to roll out a refreshed E&C program. However, as the pandemic progressed, Pappas and her team quickly realized that rolling out a new program did not set a good tone given everything going on around the world, in employees’ personal lives, and outside of work. Instead, they shifted their focus on bringing the company together. They asked everyone to take a video of themselves talking about the company’s core values. Focusing on a very human element allowed employees to showcase empathy—and reminded them that they were all in this together.  

Other organizations, such as Intuit, had a smoother transition to working from home because they had the proper technology in place. But as a business, they had to pivot to this new virtual work environment quickly. Dan Oseran noted that their compliance team needed to adapt to the changing needs of the business as well. As a financial software company, Intuit was significantly affected by Payroll Protection Program (PPP) at the onset of the pandemic. As part of the compliance function, Oseran and his team were responsible for setting up all the necessary functions that enabled the business to power clients’ financial prosperity and accomplish its goals—fast. 

Overall, the panelists agreed that getting broad with your E&C goals can allow for greater flexibility in a working world where things are changing much more quickly. Having the ability to pivot is what differentiated companies with effective E&C programs from those without during these last couple of years. As long as organizations have a strong ethical foundation in place, they can figure out how to adapt to shifts along the way. 

Leverage quantitative and qualitative data to measure E&C program effectiveness 

To better understand the overall effectiveness of their E&C program and identify specific areas of improvement, Schnitzer recommended overlaying various data points—including safety records, turnover rates, profitability, misconduct reports, and employee satisfaction survey results. When Pappas and her team looked at the data and narrowed it down to specific office locations, it helped them set the objective to improve lower performing areas.  

“One of the key things to separate out is looking at the data that’s right for you.”  

—Callie Pappas, Schnitzer Steel 

Similarly, Oseran recommended looking at data with a specific purpose in mind to help determine what needs to be fixed. Taking the data and building a good story to support internal and external clients can ultimately help scale your program and be more proactive than reactive.  

Ritu Jain also noted that General Electric brought data together and looked at patterns affecting members of the organization to help identify and prioritize compliance needs for the business and understand their program effectiveness. Some questions they considered were:  

  • Are we delivering the right content to the right people?  
  • Are we anticipating the context in which our team is experiencing our program based on what we sell, how we sell, and who we sell to?  
  • What geographical regions do we operate in, and how does that impact our program elements?  

Understanding the needs of the organization through data collection—and adapting program elements to meet those needs—is ultimately how compliance teams can measure success in their program. While the panelists agreed that data can build the backbone to measuring your program effectiveness, they also believed it is not the end all, be all. Organizations should continue improving the tools they have while keeping their program’s core intact—and not lose sight of the human factor that forms a large part of E&C program effectiveness. 

Collaborate cross-functionally

No matter their size, compliance teams often need support from various departments. Pappas, for example, has five members within her ethics and compliance team and continues to leverage partnerships across other departments—including human resources for training implementations and security for internal audits. One of the newer partnerships her team is pursuing is with internal employee interest groups. Partnering with both LGBTQ+ and Black employee resource groups provided valuable feedback that Schnitzer’s E&C team could have only gleaned from more intimate conversations. This helped the compliance team understand the finer details that are not always spoken about during larger, company-wide meetings, and it has informed new messaging around these concerns. 

“It’s only effective if you make it everyone’s business.” 

—Ritu Jain, General Electric 

Jain also emphasized that the compliance team cannot drive company culture alone, nor can they mitigate risks by themselves. If something goes awry, it comes down to who is impacted—and it’s usually not members of the compliance team. All members of an organization have to consider the implications of their actions: how they might impact future deals, talent, and the larger work environment. Articulating that E&C is everyone’s responsibility can help get buy-in from other internal stakeholders. 

Compliance doesn’t have distinguishing industry benchmarks and clear borders due to the nature of the function, so collaboration with different departments and their input is crucial. Oseran suggested that leaning into creativity and data can help programs feel more relevant, encourage buy-in across the company, and give E&C teams a seat at the table to make sure the compliance voice is heard.

The key takeaway 

Organizations need to consider qualitative and quantitative pieces to build out a better compliance program. As Schnitzer Steel has exemplified, empathy has played a huge part in the business's success through difficult times. Data analysis has allowed compliance teams, like those at Intuit and GE, to be proactive rather than reactive. Finally, this work showed that collaboration was crucial to the business's success and risk mitigation. To listen to the full panel discussion, click here

For more resources and information on E&C program effectiveness, download the 2022 E&C Program Effectiveness Report and check out our practical tools for building an effective E&C program at LRN.com.