By Alex Chow, The Red Flag Group
In the constantly-changing world of compliance, where new compliance laws and regulations are being introduced and old regulations are regularly updated, it is vital that every employee at every level of an organisation is educated and up to date on these developments and how they may shape expectations in the workplace.
The issue that many organisations face when implementing compliance programmes is that compliance is multidisciplinary. Its scope affects multiple departments; the compliance, legal, security and human resources (HR) departments all have different and important roles to play to ensure the compliance programme is effective.
The individuals who create an organisation’s compliance programmes will naturally need to understand all the laws and regulations that may concern the company. Aspects such as antitrust, bribery, the Foreign Corrupt Practices Act, cybersecurity, contracts and employee safety are all linked to the role of the legal department. Therefore, it is often the legal department (or individuals with legal backgrounds) that organisations will look to when building their compliance teams or creating their compliance and ethics programmes.
Practicing law and ensuring compliance with the law are very different things, however. Legal teams interpret the law, and compliance teams ensure everyone in the organisation understands and follows it. And this is where HR plays an important role when implementing an effective programme.
Generally speaking, HR departments are responsible for day-to-day human issues (such as hiring and firing, administration, employee relations, training and development and work safety), and for maintaining employee satisfaction to ensure productivity and acceptable behaviour. This means that HR departments are integral in how employees view the company internally. It also means that they are in the best position to understand the employee culture and, more importantly, change that culture if necessary.
Sculpting the organisation
The ability of HR departments to influence an organisation’s culture is crucial in order to implement and maintain an effective compliance programme.
The simplest way that a HR team can mould its organisation’s culture is by being gatekeeper. Although hiring managers usually decide on the headcount and skillsets of the individuals they want in their team, it is the role of HR to make sure that the individuals themselves have been tested for integrity. This can involve background checks, employment verifications and other screening methods, all aimed at making sure that any individuals who join are the individuals that the business wants representing it. Hiring managers and others involved in the hiring process won’t be looking for issues, and often they are hoping potential issues don’t exist so they can hire who they perceive to be ideal candidates. The onus is on HR to be this filter.
Aside from making sure that the organisation adheres to compliance laws and regulations such as racial, gender or religious discrimination laws, HR also plays the gatekeeper role in protecting the organisation from internal compliance risks. As the world is becoming increasingly digitalised and new laws such as the European General Data Protection Regulation and China’s cybersecurity law are introduced, it is the responsibility of HR to work with IT to protect the privacy of the organisation’s data and employee data.
In addition to hiring, two key tasks that all HR teams are involved in – regardless of how the organisation is set up – are onboarding and employee training. When a new hire is made, HR is responsible for introducing that person to the organisation’s code of conduct. This includes safety, benefits, discrimination, harassment and other policies, but should also include informing the new employee about the company’s rules regarding compliance and ethics.
An example of this regards China’s Law Against Unfair Competition, which was implemented in December 1993 and amended in November 2017. Originally introduced to combat bribery within the workplace, it was amended to provide greater clarity to what could be considered commercial bribery. Despite the amendment, there is still no concrete guideline or figures that define what constitutes bribery and the law is still interpreted at the discretion of the Supreme People’s Court of China on a case-by-case basis. Therefore, the onus is on the organisation itself to have strict internal guidelines in place for its employees to avoid falling foul of a potential investigation.
Coupled with onboarding is HR’s implementation of training programmes to regularly update and educate employees about any potential changes in laws and regulations. Subsequently, changes in compliance policy are also vital. The creation and regular updating of an employee handbook that includes compliance policies is a good way to ensure that the organisation and its employees are on the same wavelength.
Besides educating employees about compliance in a direct manner, there is another way that HR policy has a direct effect on the awareness of compliance policy within an organisation: HR departments have effective employee evaluation systems that they can use to assist senior management when determining employee bonuses. This employee evaluation and bonus policy should also reflect the organisation’s compliance and ethics policy. This is done not just by rewarding employees who promote ethical behaviour (non-financially), but also by actively preventing poor compliance culture from spreading. If, for example, an employee has met or exceeded their targets but has done so in a manner contrary to the organisation’s compliance policies, rewarding them with a bonus would suggest that the behaviour was acceptable. This has a knock-on effect to colleagues who will see this sort of behaviour as seemingly encouraged. Therefore, it is paramount that HR departments keep this potential effect on compliance culture in mind and use employee assessments to further cultivate a more ethical atmosphere.
Communication and collaboration
Another way in which HR departments work with senior management is by acting as their eyes and ears due to their understanding of individual employees. When employees have any complaint or concern, their first port of call is usually the HR department, who should deal with the matter promptly or alert senior management if there are concerns out of the HR scope. When it comes to compliance, this should be no different.
Coupled with raising awareness of the organisation’s compliance policy, there should be an effective strategy on how to combat potential breaches. As well as technologies that help create an atmosphere of transparency (such as expense tracking software or payroll automation), regular employee evaluations, surveys, internal audits and effective management of incident reporting are vital forms of communication that HR departments need to encourage. If employees know that incidents will be dealt with effectively and tactfully, they will be more likely to report them.
This has led to many companies implementing procedures on how to report and manage such incidents, including the introduction of technology such as whistleblowing hotlines or phone applications that give individuals confidence that the organisation takes compliance seriously. Not only does this allow employees to discreetly report any potential infringements, but it also acts as a deterrent.
With better awareness and employees ready to report potential wrongdoings, it is also vital that HR departments act on any integrity risks. As with whistleblowing, if employees know that effective actions will be taken, they are less likely to do the wrong thing.
HR departments need to structure investigation management procedures, which may involve internal audits, interviews or third-party external investigations among other things, depending on the risk and its severity. Regardless of the method, HR plays a very important role in the investigation procedure by not only managing the cases, but also working with internal or external compliance teams to provide information and data that often only the HR team will have access to. And with this cooperation, investigations can be handled swiftly and efficiently to reduce the integrity risk. A prompt and efficient handling of such risks will in turn further reduce the likelihood of individuals attempting unethical behaviour and increase the propensity of individuals to report breaches.
For HR to effectively drive the compliance culture of the organisation, it must integrate compliance into the overall strategy and all employees must understand its importance. Below are some basic principles that HR departments should follow.
- Become familiar with compliance laws
Learning the key components of compliance laws such as FCPA, Sarbanes-Oxley and country-specific laws allows easier communications between HR teams and employees and also promotes collaboration with legal and compliance teams, ensuring that the organisation is in line with the latest compliance laws and regulations.
- Employ ethical people
The employees ultimately decide what the culture will be, and HR’s natural role in the hiring and firing process means that it can sculpt the organisation in a certain direction.
- Educate and communicate
Ensuring that the organisation’s compliance policies are communicated effectively to its employees and guaranteeing issues raised by employees will be managed seriously helps promote the importance of compliance.
- Monitor employees
Regular audits, evaluations, focus groups and surveys are important to gain an insight into how the organisation is operating. Monitoring employees should also help to predict any potential compliance risks before they happen.
- Reward compliant behaviour
Rewarding individuals who promote an ethical culture and reducing the influence of individuals who flout compliance policies helps cultivate a more desirable culture.
- Implement an effective resolution process
For employees to feel that the company takes compliance seriously, there needs to be an effective detection and resolution process. This allows individuals to witness that matters are dealt with promptly and effectively.
- Cooperate with compliance teams
HR teams often have the most access to relevant information in internal investigations. Providing this insight can be vital in helping internal and external compliance teams verify and solve any potential risks.