The Ethics and Compliance Officer’s Many-Colored Hat

Jason Lunday PhotoBy Jason L. Lunday
From Compliance & Ethics Professional, a publication for SCCE members

The Business Ethics and Compliance field’s development over the last four decades reveals a multi-disciplinary history, replete with experts from a broad range of areas contributing to the field’s maturation. Law, moral philosophy, behavioral sciences, business audit—these are just some of the disciplines that have added to the field’s growth and advancement. This multi-disciplinary foundation makes sense since ethics and compliance issues occur across the business spectrum, with relevance in all corners of business activities.Compliance and Ethics Professional - The Ethics and Compliance Officers Many Many-Colored Hat

Likewise, ethics and compliance officers (ECOs) have come to their roles with backgrounds in law, moral philosophy, business management, auditing, behavioral sciences, communications and marketing, and human resources, among other disciplines. With so many fields contributing to the profession’s body of knowledge, a successful ECO benefits from competencies in a host of subject matters to effectively manage such a multi-disciplinary function. In effect, the ECO wears a many-colored hat—not multiple hats—because the marriage of these disciplines in ethics and compliance management (ECM) requires their effective cross-fertilization to yield the real value. The successful ECO does not divide his or her day by shifting from one subject to another but rather by effectively integrating the knowledge from each of these disciplines into an overall ECM solution.

This list of disciplines is extensive, making it a challenge for any one ECO to “know it all.” Some ECOs start their careers by specializing in one area and then expanding their knowledge base over time through assignments in other ECM segments; others begin as generalists and continue to build broad knowledge through the years. To balance the ambitious undertaking in managing a multi-disciplinary ethics and compliance program, a strong ECO has options. He or she can acquire the expertise oneself, borrow this expertise from another department (e.g., Legal, HR, Internal Audit), hire the expertise through an employee, or contract with an outside expert. If not doing the work oneself, the ECO needs to know enough about the area of expertise to manage the people performing the work. A wealth of prospective employees and service providers specialize in all of these disciplines and are very willing to sell the ECO their services. Unfortunately, such arrangements can fail due to unclear or missed expectations, lack of marketed skills, or poor project execution. For this reason, the ECO has to be sufficiently competent in the specific discipline to know what level of service he or she needs and the quality of the employee or provider to get the intended results.

At this time, attorneys comprise a large number of ECO positions. No doubt a legal skillset is important to ECM, especially for companies facing regulatory scrutiny. But having a principal background in law does not necessarily translate into the most effective ECO. In my experience, the most successful attorney-ECOs also have developed competence in, or can effectively manage those with the competence in, the many applicable disciplines. This also is true of an ECO coming from any particular discipline. An ECO who knows intricately a company’s legal requirements but not what may motivate an employee to act responsibly or irresponsibly does the company a disservice. Similarly, an ECO who understands how ethical reasoning should be promoted but not how the company’s culture influences an employee’s ethics decisions presents the same weakness. This is why integrating these disciplines for ECM is so critical.

Below are thirteen key disciplines that have influenced the Ethics and Compliance field and are important competences for an ECO to have or acquire through others to effectively manage an ethics and compliance program.

1.    Law and regulation

For many companies, an ethics and compliance program remains largely oriented around compliance with laws and regulations, and rightly so since these requirements embody society’s baseline ethics expectations. This is especially true for heavily-regulated industries or companies specifically under regulatory scrutiny. Further, the contract law that underlies a company’s many business agreements can be important to corporate compliance efforts, for which attorney-ECOs are well suited. An ECO from any background needs a good grasp of a company’s relevant regulatory requirements, developing regulations and case law, and regulatory compliance requirements or guidelines—or the ability to rely on a good lawyer to provide it. Some companies assign an in-house attorney as “compliance counsel” to support the ECO. In other companies, the ECO works with outside regulatory counsel or a litany of other outside counsel with topic-specific expertise (e.g., anti-corruption, data privacy, international trade).

2.    Moral philosophy and theology

This is where the field of business ethics began. The earliest writings and research emerged from professors of moral philosophy and theology, and continued progress in the field still emanates from universities’ Philosophy and Theology departments. These disciplines opine on such issues as the role and duties of for-profit companies in society, a company’s responsibilities to its stockholders and other stakeholders (stakeholder theory), the role and duty of senior managers to a company’s owners (agency theory), ethical reasoning, decision making and action, and duties and decision making in the professions, to name some of the more prominent areas of inquiry. While these topics may seem abstract with respect to an ECO’s daily duties, in fact they serve as a basis for how companies operate responsibly in the marketplace. An ECO benefits from a foundation in ethics theory and research in developing a program strategy, standards of conduct, communications, educational materials and guidance mechanisms, other ECM tools and resources, and especially in identifying emerging issues that can impact the company.

3.    Behavioral sciences

Much of recent progress in business ethics and compliance derives from the social sciences, such as behavioral research and organizational, professional, and stakeholder surveys. A host of related disciplines have contributed, such as developmental psychology, social psychology, industrial psychology, organizational behavior, dynamics and development, and even anthropology. These fields address, for instance, how corporate cultures develop and are maintained; how business people practice ethical reasoning, decision making, and action;  and how leaders, peers, and groups influence an individual’s decisions and actions and vice versa. An ECO should know about the social dimension of ethics and compliance to identify an organization’s challenges and opportunities and build practical ECM solutions, given how individuals, groups, and organizations actually behave.

4.    Communication and marketing

ECOs increasingly have begun to adopt the goals and methods of the communications and marketing discipline for ECM. With an eye toward promoting and improving others’ perceptions of ECM initiatives by aligning them with corporate goals and culture and attendant efforts, ECOs use communications and marketing methodologies, tools, and resources to capitalize on the success they can generate in employees’ improved awareness and understanding of, interest in, and commitment to ethics and compliance objectives and activities. Such efforts help in placing important messages about critical ECM activities front of mind for employees. For larger companies where the Ethics and Compliance function must reach a broader range of employees in disparate geographies, this role can be even more important.

5.    Education and training

An important discipline for ECM involves educating and training employees (and sometimes others) on a company’s ethics and compliance program. Without employees’ appreciation for, knowledge of, and skills in employing ECM tools and resources, the ECO’s other efforts are in vain. This skillset for an ECO typically begins with an understanding of adult learning theory. Next, skills involve assessing education needs; designing education programs to meet employees’ needs; transforming ECM messages into educational concepts; garnering employees’ attention; assessing their knowledge, skills, and perspectives; and supporting their retention of training content. An ECO in a larger company may hire someone with expertise in adult business education as an ethics and compliance training manager to navigate these attendant responsibilities, or the ECO may use one of the many ethics and compliance education providers. Still, the ECO needs to have a strong understanding of this discipline and how it integrates with the larger ethics and compliance program goals to be successful.

6.    Audit, fraud prevention, risk management, and investigations

Business audit is a common background of many ECOs. In fact, in years past, the Institute of Internal Auditors ran a regular conference on compliance. This is because an important part of ECM involves monitoring and auditing business processes for compliance, working with the internal and external audit functions for the audit of these same processes, and maintaining ECM processes that typically are subject to audit. Also, the Enterprise Risk Management field that emerged from the business audit profession shares many of the same competencies and tools for identifying, assessing, and managing business risk and improving processes to further prevent or mitigate this risk. Finally, auditors generally are skilled in forensic investigations of financial/accounting fraud and other investigative techniques for corporate misconduct. For these reasons, an ECO benefits from a competency in business audit, enterprise risk management, and investigations to effectively manage the many applicable activities of an ethics and compliance program.

7.    Governance and leadership

Recent years have witnessed the emergence of a discipline focused on governance and leadership. Based on such foundational works as Peter Drucker’s extensive writings, Peters and Waterman’s In Search of Excellence, Collins and Porras’ Built to Last, regulatory guidance from the U.S. Sentencing Commission and stock exchanges, audit and risk management standards such as COSO, and similar global initiatives, a body of knowledge has developed regarding how companies can be more effectively governed and led. This field also examines how governance structures and roles and leadership attributes can promote or inhibit responsible conduct within a company. While an ECO may not be able to design his or her company’s governance structure, the ECO can develop and maintain an ECM that responds to the existing structure to promote responsible conduct. The ECO also should understand leadership structures, competencies, and resources to support his or her company’s leadership in promoting a culture committed to ethics and compliance.

8.    Business process management

The field of how processes are designed, operate, are maintained, fail, change, and improve has contributed an important competency to ECM. This field involves the use of quality management tools, such as six sigma and lean manufacturing techniques, to improve processes and their outcomes, and determining how to apply metrics for assessing process effectiveness and improvement. The ECO needs to be knowledgeable in business process management to understand how the company’s processes can go awry, leading to compliance failures, and how to effectively integrate ECM controls into these processes efficiently and effectively. Second, the ECO needs to have the skills to design ECM processes and related metrics to effectively meet program objectives with limited resources.

9.    International business

The cultures and perspectives of different global regions affect how ethics and compliance is managed. These differences can impact each of the above disciplines, as well. A cottage industry has grown up in helping companies to apply ECM tools and resources to their foreign locations. Codes of conduct, communications, training courses, monitoring steps—in fact, each ECM activity—can require modification to effectively work outside of a company’s home country. An ECO of a multinational company, or a domestic company that conducts cross-border business, needs to effectively understand the global business context, identify the differences across the company’s geographies, and adjust ECM activities to align with these differences, as appropriate. Further, topical compliance areas may vary in different cultures, notably in regards to: gifts and entertainment, employment of family and friends, other conflicts of interest, diversity issues, and fair competition. A company’s standards, guidance mechanisms, and other program components need to consider these cultural differences.

10. Information technology

Information technology is not only transforming the business world, it also is leaving a heavy mark on ECM. While IT speeds up business processes, creating capabilities that were not imaginable several years ago, for a manager it also requires a depth of knowledge to ensure such solutions meet their intended goals in the allotted time and budget. Many a business manager has watched a costly, time-consuming IT project implode or end up as largely useless due to unrealistic or misplaced objectives, poor planning, costly redesigns and overruns, or a host of other problems. In ethics and compliance, IT is being leveraged to enable and speed up policy management, risk management, guidance and reporting mechanisms, employee and third-party monitoring, and other activities. An ECO must be grounded in the basics of IT systems and management, or find others who are, to ensure that proposed IT solutions for ECM will work—within the given time and costs. In addition, IT use within a company presents its own ethics and compliance issues that an ECO must understand in order to manage, including information security, data privacy, and records management.

11. Corporate functions

An ECO needs to understand the basics of a company’s many functions, including strategic planning, sales, marketing, operations, finance and accounting, research, service, internal audit, human resources, and third-party activities, to name typical ones. This knowledge is important for an ECO to comprehend employees’ objectives, motivations, and daily work so the ECO can advise them on related ethics and compliance questions and concerns. As an example, a sales compensation structure and related communications about expected sales activities can greatly affect the way that sales staff promote a company’s products and services, which they promote the most, and the speed of sales activities. The ECO will want to design ECM controls (e.g., standards, procedures, education, monitoring) that fit with the company’s functions.

12. Compliance topics

Any company code of conduct itemizes a list of topics for which an ECO needs to be knowledgeable. While a given company’s principal compliance areas will vary (e.g., data privacy, fair competition, trade controls), the ECO needs at least a good familiarity with all of the code’s topics to, for instance, write standards and policies, design education, provide guidance, and monitor compliance. The ECO’s competency must be strong enough to know how to advise other managers on the topic’s application to common business processes. For instance, the ECO may be required to advise on how anti-corruption efforts apply for recruiting, contracting with, and managing third-party consultants and distributors.

13. Business administration

Any business function requires management that is capable of addressing the basics of business administration: strategy development, budgeting, project management, records management, and interpersonal relations, to name some obvious skills. For an ethics and compliance program, the ECO must set objectives that support and align with the company’s goals, manage projects (many of which aim to develop and improve ECM and other business processes), build strong working relationships with other functional leaders, manage ECM records so that the company can demonstrate its program’s effectiveness, and work within a limited budget. This is not a competency that the ECO can easily borrow from another function nor hire out.

In conclusion

A corporate ethics and compliance initiative involves a lot of moving parts—many areas of expertise that, when successfully coordinated and integrated, can lead to building and strengthening a company’s culture and reputation for integrity. An ECO at the helm of such an effort must find a way to develop or bring together the relevant and needed competencies and then effectively integrate them to create a successful ethics and compliance program. Of course, the proper mix of these thirteen competencies will depend on a company’s specific needs and characteristics. For some organizations, the list of competencies may stretch into other disciplines, such as medical ethics for healthcare companies or research ethics for universities and museums.  Certainly any discipline involves issues of right and wrong. Added to these competencies, an ECO’s effectiveness also will depend on the individual’s personal traits, such as one’s transparency, personal integrity, and ability to engage others, but that discussion is for another article.

Jason Lunday is a consultant with IntegrityFactor ( in the Washington, DC area.

[clickToTweet tweet=”The Ethics and Compliance Officers Many-Colored Hat @SCCE” quote=”The Ethics and Compliance Officers Many-Colored Hat” theme=”style3″]