Thu, Nov 11, 2021

Culture as the Basis for Compliance Effectiveness

In each of Kroll’s 2021 anti-bribery and corruption (ABC) surveys, most respondents expressed high levels of confidence in the effectiveness of their compliance programs. Yet, the compliance function has long been overburdened and under-resourced for many years. This paradox is created from compliance programs that are designed to meet external expectations from regulators rather than organically nourishing ethical behavior. Having a culture of compliance needs to go beyond simply checking a box and something that is embedded within the organization from the top down.

Since 2016, when the U.S. Department of Justice (DOJ) launched a pilot program targeting violations of the Foreign Corrupt Practices Act (FCPA) and established the expectation of ethical culture as the basis for effective compliance programs, culture is rightfully an increasing focus for organizations. Culture is now accepted in the compliance community as the bridge between what an organization defines as ethical workplace conduct and what happens in reality.

This year’s ABC survey shows organizations are continuing on the right track. Globally, 78% of survey respondents said their organization is meaningfully committed to a culture of integrity. Respondents in Asia Pacific and the U.S. and Canada were most confident at 86% and 82%, respectively.

Culture as the Basis for Compliance Effectiveness

Top-down communication is the starting point for many organizations when assessing their compliance cultures. They focus on tone from the top to indicate the level of commitment and management buy-in of the organization’s values. Seventy-five percent of survey respondents agreed that there is a clear message from the top of the organization that compliance and accountability are important, with U.S. and Canada respondents in strongest agreement at 86%.

However, organizational commitment doesn’t end with top-down communication. This communication should also be embraced and reinforced by management at all levels of the company to ensure it is made actionable for specific roles and functions.

The role of the chief compliance officer (CCO) is another key indicator for how relevant the value of integrity is to the strategic decision-making process. Rather than the compliance role only delivering updates to the executive committee, ethical organizations are more likely to have a CCO that sits on an executive board or reports directly to the CEO.

Designing Compliance Programs to Match Company Values

Culture as the Basis for Compliance Effectiveness A compliance program that is designed to match a company’s value for integrity rather than exclusively consider external expectations from regulators must include a holistic set of policies that are sensitive to both business needs and local conditions.

More than 70% of respondents globally agreed that their compliance processes are adapted to the local market and cultural nuances. European respondents were a clear outlier in this aspect with only 58% agreeing. In Kroll’s experience, the classic fraud incident or compliance failure can originate in a far-flung office that either has yet to adopt policies, systems or protocols from headquarters, or they have been forced to adopt a program intended to meet expectations from regulators thousands of miles away. This leads to a disconnect between the compliance function and local business reality, further creating risks from box-checking exercises.

Incentivizing the right business behaviors is another challenge for large, diverse multinational corporations. Globally, 73% of respondents agreed that their performance goals and incentives do not conflict with compliance processes. Latin America respondents had the lowest agreement among the regions with only 64% agreeing. Companies with the strongest compliance cultures purposely integrate integrity into their performance incentive and evaluation frameworks. Without incorporating a company’s values into how it approaches business development, employees can be tempted to cut ethical corners to meet challenging sales targets.

Hitting the Reset Button

Given how abstract and immeasurable culture is, companies teetering on the edge of a compliance failure rarely see the cracks in their compliance cultures until a problem is found. An effective cultural assessment of a company focuses not only on policies but also on organizational messaging, training, resourcing, commercial incentives and response and remediation mechanisms. If we use this as the lens to evaluate recent FCPA enforcement actions, weak cultures are cited as the underlying cause of bribery. Enforcers point to how the compliance program works in practice when determining effectiveness rather than how it was designed.

In 2021, the end of the pandemic has felt for many societies like the light at the end of the tunnel that is just out of arm’s reach. With many companies expecting to reach that end in 2022, now is the time to meaningfully plan what a “new normal” will look like for their compliance cultures. If a company’s culture of integrity went in the wrong direction either due to supply chain disruption, financial issues or remote work, now is the best time to re-assess and pivot. The right kind of new normal requires transformational change—change that is embraced enterprise-wide by all stakeholders.



Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.

Background Screening and Due Diligence

Comprehensive spectrum of background checks, screening and due diligence services.

AML Compliance Due Diligence

Kroll helps clients navigate the complexities of today’s regulatory environment through a broad suite of anti-money laundering compliance screening and due diligence offers.


Compliance Program Consulting

Kroll is trusted by companies worldwide to help establish policies and programs aimed toward preventing fraud and complying with anti-money laundering (AML) and anti-bribery and corruption regulations.

Compliance Portal

Your Process. Our Technology.