We follow the leader wherever we go, and that applies to compliance, as well. While federal and state laws require organizations to adopt compliance programs, a low level of commitment to these compliance efforts from the highest levels of management can pose a serious threat to the implementation and sustainability of such programs. It is easy to say “we are committed to compliance,” but how do organizations put this into practice? Employees must be able to trust that their leaders are first buying into the organization’s compliance policies and are following the appropriate processes themselves.
The Occupational Safety and Health Administration (“OSHA”), which enforces the whistleblower provisions of 22 federal statutes, has published Recommended Practices for Anti-Retaliation Programs. According to the Recommended Practices, management leadership, commitment, and accountability are the first elements to effective compliance. Management can demonstrate its commitment by backing up words with actions, such as:
- making readily available a written Code that is clear and equally applicable to everyone in the organization;
- ensuring that there is a manager who is responsible and accountable for the enforcement of the reporting system;
- ensuring managers have access to senior management for compliance concerns;
- engage in a dialogue with employees to create and improve management awareness of potential issues and anti-retaliation policies and practices;
- requiring training for senior management so that they understand their legal obligations, and are able to identify issues that may impact these obligations;
- implementing a mechanism to accurately evaluate employees’ willingness to report concerns and the employer’s actual record of responses to the employees who report; and
- when appropriate, publicly recognizing the positive contributions of reporting employees.
Once it is clear that the management team understands the need, benefits, and processes of a compliance program, it can effectively contribute to building awareness of the rules throughout the workplace and educating employees about the proper procedures for reporting concerns. Active leadership and commitment by senior management will reinforce the written standards and signal to employees that ethics and corporate governance are essential to the sustainability of the organization.
On June 26, 2018, Michigan State University put these principles into action when it announced the creation of a new Office of Enterprise Risk Management, Ethics and Compliance. The Office is intended to ensure the University adheres to its internal polices as well as legal and regulatory requirements. The Office is the direct result of a request from the University’s Board of Trustees to help maintain the University’s integrity and develop a culture of compliance. In connection with the new Office, Michigan State intends to hire a Chief Compliance Officer to oversee the development of an ethics and compliance program to identify, prioritize and manage risk. The COO will also develop training and communication strategies as part of the compliance program. The COO will report to the University President, but will work independently with the Board’s newly established Committee on Audit, Risk and Compliance.