So much of a compliance officer’s job comes down to influencing people’s behaviors and getting them to do the right thing. Yet, this is one of the hardest parts of compliance, because there isn’t simply one approach that is guaranteed to work for every member of an organization.
Each individual is motivated differently. There are many reasons people do bad things and are non-compliant. Similarly, there are many reasons people do the right things and are compliant. If you want to minimize compliance violations, it’s important to understand what makes different people tick so you can provide the appropriate mix of reward and punishment to drive the right behaviors.
In this blog post, we’ll highlight eight approaches you can try to get employees to be compliant. These approaches come from a few different fields including criminology, psychology, and sociology. They were presented by Andrew Kandel, a seasoned compliance officer and Lecturer in Law at the University of Pennsylvania Law School in a course called Effective Compliance Programs. Having knowledge of these theories can help you build a culture of compliance.
1. The Nudge Theory
The Nudge Theory became popular with Richard Thaler and Cass Sunstein’s book called Nudge: Improving Decisions About Health, Wealth and Happiness. This book talks about how to keep a topic on people’s minds and help people build new habits (e.g. eating healthier). It asserts that using indirect encouragement, visual cues, and gentle pushes in the right direction can be effective in changing behaviors.
Although Nudge didn’t specifically address compliance, the nudge theory is still applicable. For example, in addition to having a policy that directs people to dispose of sensitive information by shredding the materials, it’s helpful to have plenty of shredding bins around the office. Instead of having certain messages come from the compliance department, it may be better for messages to come from other departments. For example, messages about compliance topics such as cyber-security alerts, email rules, and the proper use of passwords can come from the head of IT instead of the chief compliance officer.
Compliance officers can also use environmental cues to send a message of compliance. For example, Andrew Kandel designed a mouse pad that had his company’s general ethics principles and the phone number of their ethics hotline on it. These mouse pads were placed on every person’s desk after they completed the annual compliance certification process. This ensured that employees would see a compliance message many times a day, every single work day.
Source: Andrew Kandel
2. The Punishment, or “Scare Them”, Theory of Compliance
This theory asserts that punishment and scare tactics are effective deterrents for compliance violations. There are two parts to this theory: The first part involves punishing people when they violate compliance policies and procedures, including the code of ethics and business conduct. For example, someone who violates the password policy gets locked out of their computer and is forced to go to IT to resolve the issue. This inconvenience serves as a warning, or minor punishment. Someone who repeatedly violates a certain policy may receive greater punishment, such as the loss of a bonus or termination of employment.
The second part of the theory involves scaring people by using examples of regulatory or law enforcement actions. In practice, this could involve training sessions where you show people the results of compliance violations at other companies. After all, no executive wants their company to incur large fines or face prison sentences. To use this tactic effectively, the examples you highlight should include violations and issues the employees can relate to that are covered by your organization’s policies and procedures.
3. The Rules Theory
In any organization, you’ll find some employees who always follow the rules as long as they know exactly what they can and cannot do. Giving people guidelines and rules can certainly be helpful, but you want to make sure you aren’t creating loopholes or leaving big questions unanswered. It may be difficult to foresee every possible scenario and define all the rules that people need to follow. To make life easier, you can tell people that the published set of rules is not comprehensive and that if they have any questions, they should check with the compliance officer or another designated liaison such as the head of HR.
4. Ubiquity Theory
The idea here is that if people know the authorities are always watching, they will do the right thing. Thus, if you create the impression that your compliance team is everywhere, perpetually monitoring all aspects of business operations, employees may follow established policies and procedures more diligently. However, this shouldn’t be a one-way street. You also want to make sure employees perceive the compliance team as approachable so they are willing to raise questions when they have a concern.
There are lots of ways to create the impression of ubiquity. For example, you and your team could walk around the office, stopping at employees’ desks, asking them questions and having casual conversations. You may also consider sending out regular compliance alerts to remind people that compliance is all around them. Mr. Kandel also suggested monitoring employees’ emails and asking a few questions about why they wrote what they wrote in an email. He believes this is an effective way to remind people that the compliance team is reviewing their correspondence.
5. The “Reward Me” Theory
This is the idea that employees become more motivated to do the right thing when they see certain behavior rewarded. Are there employees within your organization who would feel amazing if they were recognized for going the extra mile to be compliant? Depending on the culture at your organization, it may make sense to institute an award that recognizes the most compliant employee each year.
6. Habit Theory
How many of us take the same route to work every single day? Chances are, most of us do because we’ve put our commute on auto-pilot. Habits, once formed, are hard to break. In compliance, if someone is accustomed to following a certain compliance policy or procedure, it’s likely they will continue that behavior. Thus, if you can make certain compliance procedures repetitive and expected with the goal of creating good compliance habits, it can lead to a practice of routine compliance.
Habits form more easily during certain occasions, such as onboarding. You can create positive habits early if you take the time to meet with each new employee to lay out the ground rules and expectations as soon as they join your organization.
7. The Broken Windows Theory
The broken windows theory was first put in place in New York City by Police Commissioner Bratton and Mayor Rudy Giuliani back in the early 1990s, when crime in New York City was rampant. According to its Wikipedia page, the theory says that “visible signs of crime, anti-social behavior, and civil disorder create an urban environment that encourages further crime and disorder, including serious crimes”. However, if the police does not allow minor crimes such as vandalism, public drinking, and fare evasion to build up, they can prevent more serious crimes from occurring.
In compliance, the idea is the same: when you direct attention to even minor compliance violations and don’t let them build up, you can prevent more egregious violations.
8. The Target Theory
Because compliance resources are finite, it’s important to focus on the individuals who are considered most likely to breach compliance policies and procedures. To put this in practice, you would identify a specific group of “risky” individuals and target your intervention on them. These employees could be considered “risky” for a number of reasons, like their job duties putting them at greater risk of violating a certain policy, them having a track record of not being compliant, or them not completing their compliance training on time. You may invest extra resources to educate these employees about certain compliance issues and then monitor them more closely than others, until they no longer need to be included in that target group.
One size doesn’t fit all
If you want to foster a culture of compliance, it’s important to embrace a diverse set of approaches tailored to your corporate culture and specific employee population. Compliance officers should recognize when to use rewards and when to use scare tactics, and figure out ways to make the compliance team or officer seem like they’re everywhere. By identifying what your employee population responds to and using a variety of compliance tactics, you can truly elevate your compliance program.