Compliance as Culture Strategy

Heather Bussing and Mike Bollinger
Compliance as a Culture Strategy

2
Brussels Sprouts?
(Stuff you have to have
because it’s good for you.)
Cupcakes?
(Stuff you want and enjoy.)
Is Compliance like:

3
Compliance: A Definition
Compliance modernization is a broad mandate that spans the
way the function is governed; the tools, technology, and analytics
it uses; the number and nature of its connections to other parts of
the business; the expectations assigned to it; and more.
Problems with Compliance are the
canary in the coal mine.

4
Why Compliance is Not Brussels Sprouts
Compliance is what you do on the way to Great Culture
• Strategy and Culture done right make compliance easy
• Compliance should be preventative – anticipate and investigate; don’t react
• Compliance embedded in Culture and employee behavior creates
employee attachment aka Engagement
• Compliance can be a competitive differentiator for the same
reasons as Engagement and Culture.
Compliance can and does impact every element of an organization.

5
“Higher workplace engagement leads to positive outcomes,
including lower absenteeism (37%), fewer patient safety incidents
(41%) and fewer quality defects (41%)”
- Gallup 2017

6
Compliance and Culture
Some questions (indicators) to consider asking yourself:
• Is Compliance a priority?
• Are there adequate resources (people, software, funds)?
• How does the organization assess risk?
• Who is in charge of Compliance and what do they care about?
• Is it a checklist to get done on the way to the fun stuff?
• Is Compliance an important part of bigger strategic initiatives?
Culture is “How we do things around here.”
How organizations do Compliance reflects their personality, culture, values

Why It’s Time to Rethink Compliance
• It’s not like you have a choice; you have to do it anyway
• Making Compliance part of the overall strategy gives you leverage for larger initiatives
because you don’t have to make a business case for Compliance.
• Avoid Compliance cul de sacs. Compliance should always be the bare minimum; never
the end goal.
• All Compliance requirements are based on ideas and concepts that protect workers and
usually organizations too
Build on those basics to create a culture of engagement,
and clarity around compliance initiatives.
7

What does Compliance as a Culture Look Like?
(An Overview)

9
Why it matters (Risk):
• Touches every aspect of employment
• Risk to employees: Health and career
• Risk to employer: Liability
• Risk to bottom line: Absences, Turnover, Productivity
What it’s part of:
• Inclusion and Diversity
• Engagement
• Performance Management
• Recruiting
• Uniquely U.S. but implication in all localities
• Everything
Where to look:
• Dig into data (Engagement, attendance, turnover,
complaints, performance issues).
• When you see something odd in the data, go talk to people
and find out what’s going on.
• Pulse survey, listening tour, ERG’s
What to do:
• Prevent don’t just react
• Protect victims
• Check your biases – website, language, tools, job
descriptions and general communications (e.g. Textio)
• Get rid of people who discriminate.
• Training and learning
EEO/Discrimination/Harassment
Requires equal opportunity in every employment decision
and a work environment free of discrimination & harassment

10
• Touches all aspects of employment
• Huge issue in recruiting and retention
• Liability for getting it wrong and easy to prove.
• Demonstrable bottom line impact when done incorrectly
• Inclusion and Diversity
• Engagement
• Pay is a reflection of what the organization values
Where to look:
• Make the comparisons and do the math
• Get lawyers involved in analysis
• Dig into your data – where are the biggest
issues? Find out what’s going on.
What to do:
• You can only raise pay; never lower it.
• Plan and budget to address
• Start with the biggest problem areas and work forward
• Solve early (hiring) to avoid perpetuating the problem
Pay Equity and the Salary Question
People who do the same work should be paid the same

11
• Errors snowball fast
• Liability for getting it wrong and easy to prove.
• Getting payroll right is fundamental to everything.
• Repeated payroll problems reflect bigger culture and financial
issues
• Time processing implications can amplify issues
• Payroll is most org’s biggest cost and closely monitored
against the bottom line
• Pay is a reflection of what the organization values
• Money as a demotivator
Where to look:
• Rules are different in different locations
• Check and audit data
• Review process and systems
What to do:
• Automate with reputable vendor who will stay up to date
and be responsive
• Correct any issues immediately or faster
• Explore payroll initiatives in larger context of making life
easier for employees – pay methods, access to
information about deductions
• Training on financial wellness
Wage/Hour and Payroll
So many rules, so much confusion

12
• Protecting people’s safety and health should be a
fundamental priority regardless of legal requirements.
• If you don’t, bad things happen like accidents, injuries,
damage, lawsuits, investigations, fines, and possibly the end
of your business.
• Comp insurance premiums are determined by claims.
• How organizations treat safety reflects their attitude toward the
value of human life and well being of employees
• Shortcuts reflect culture
• Insurance premiums and coverage requirements like safety
meetings
• Performance – taking innovative risks requires safety on a physical
level
• Disengaged workers have 49% more accidents (Gallup, State of the
American Workplace 2017)
Where to look:
• Everywhere
• Environment & Equipment
• Schedules
• Access to light & Exposure to noise/access to quiet
• Priorities of how resources are allocated to these issues
What to do:
• Prioritize all aspects of safety and well being
• Check your data, survey & talk to people and see problems have an
environmental or safety component
• Do research on effective work environments for your industry
• Assess what can and can’t be changed
Safety/OSHA/Workers’ Comp
Healthy workers; healthy organizations

13
• Protecting data of employees and customers from hacking and
misuse – GDPR, CA and state data privacy laws.
• Fines can be huge for violations
• Costs of dealing with data breach are huge
• Protect your trade secrets and business strategy
• For more companies, data is their primary asset
• Approach to data security reflects the ‘techspertise’ of an
organization
• Reflects concern for transparency, privacy and consent of
employees
• 27% of US employees are willing to sell security
credentials, some for as little as $100. (2016 SailPoint
Market Pulse Survey.)
Where to look:
• IT and systems security assessment
• Review training and whether people understand how to protect
privacy and data and why
• Consider getting expert help if you don’t have resources in house
What to do:
• Understand what matters and why and how to teach people
to attend to data privacy
• Make any training, app, software or approach easy and
minimize burden on users or people won’t do it.
• Find fun ways to approach it – competitions, tests, effective
communications and alerts
• Establish technology solution where possible to reduce
process burden (GDPR - right to be forgotten)
Data Security and Privacy
Humans are your biggest security risk

14
• It’s your secret sauce
• Timing matters, especially if you are a public company or
regulated industry
• Business strategy needs confidentiality to get right
• The future of the company, its deals, and the careers and
lives of people can be at risk.
• Trade secrets are difficult to protect.
• Business strategy
• Market timing
• Competitive info and advantage
• The ability to experiment and innovate
• The ability to protect and maintain valuable assets (besides
the people and real estate)
Where to look:
• Do you have a well thought out strategy about who has access
to what?
• Do you add security to communications about confidential info
• Do you tell people exactly what’s confidential and why?
• Do you teach people how to figure it out?
What to do:
• Apply physical and technological restrictions to access trade
secrets;
• Limit and monitor public access to buildings that house trade
secrets;
• Mark “secret” or “confidential” all documents containing trade
secrets so as to avoid accidental or inadvertent disclosure
• Use NDA’s as a reminder, not a hammer
• Above all, understand the “psychological contract” that you and
your employees carry as a result of culture
Trade Secrets/NDA’s
The secrets of success

15
• Different rules, process, bargaining power and
consequences
• Multiple policies and interests are always involved
• Requires both employers and employees to think
through overall picture about what is important and how
to allocate resources.
• Wage, hours, benefits
• Discipline, termination and performance & workforce
management
• Timing of employment decisions
• Business Strategy
• Process effectiveness
Where to look:
• CBA/MOU terms and procedures
• Consult Legal for process, grievances etc.
• Internal processes and governance
What to do:
• Make friends with the other side – you work together
• Have a longer view of timing, resources and commitments
• Learn skills to negotiate, prioritize, and make long term
commitments
Union/CBA
Contracts rule

16
• This stuff can be worse than the tax code to figure out
• Violations are expensive and a huge pain
• Reward employees in a tax-efficient way
• Data Security
• Benefits Admin
• Tax and Financial Planning for Companies & Employees
Where to look:
• ERISA which applies to retirement healthcare, disability and life
insurance+
• HIPAA – transfer of info about employee medical or health
• ACA – Eligibility and Affordability determinations and reporting
• Employee Equity as an incentive
• Taxable implications for provided fringes (car, life insurance over
$50k, etc.)
What to do:
• Get expert help for the compliance part
• Benefits affect employees long after they are gone. What
does that mean for your employer brand, recruiting,
business strategies, and bottom line?
• Make leave policies and practices both competitive and
painless where possible
Benefits
ERISA and HIPAA and ACA, Oh my!
A culture of wellness leads to sustainable employee engagement.

17
• Violations cause liability and damage to reputation
• It’s the organization’s responsibility too.
• In many case, licensure is the organizations lifeblood
• Productivity
• Learning (Continuing ed. requirements)
• Competence/reputation of company and it’s employees
• Supporting education and development of employees
• Mentoring and knowledge sharingWhere to look:
• Does the organization pay dues and fees and allocate
time to meet requirements?
• How can Compliance here support voluntary
L&D for others?
• Are you effectively using experts’ expertise?
• Within your vocational professional groups as well
Professional Licenses and Certifications
Without them, some people can’t do the work.
What to do:
• Monitor for regulatory and statutory changes
• Manage notifications of expirations on behalf of the employee
• Align materials to licensure outcomes for ease of renewal
• Provide clear path and requirements to aspiring employees of
next level certificates
• Proactively suggest content which can both augment and elevate
the recipient

Whew! That was a lot.
Now, for the big finish.

19
The BOHIP: (Big Ol’ Honkin’ Important Points)
1. Yes, we just made that up. It’s a key point. Think big, have fun, be creative,
don’t be afraid to connect dots, try new things, and try on ideas larger than
meeting Compliance checklists.
2. Stop thinking about Compliance like Brussels Sprouts (risk management) and start
treating it like Cupcakes (good in itself and part of a bigger Culture strategy).
3. Look at the reasons behind the rules and why they are important. When they benefit employees, they
affect Engagement and everything that goes with it. When they
affect the organization, it always matters to the bottom line.
4. Treat Compliance as an opportunity for learning and development. Make learning
The Work not something extra that you have to do, but that doesn’t count.
5. Think about possibilities not procedure, creativity not checklists.
6. Over communicate, clarity and purpose come from crisp and timely communications.

20
What To Do, When.
Today:
• Identify some of your Compliance cul de sacs.
• Imagine where Compliance can be part of a bigger initiative.
Next 30 Days:
• Compare Compliance with your organization’s strategic priorities.
• Choose an area where you can rethink Compliance and make it the foundation for a larger
strategic plan. (Hint: starting with D&I is the most straight forward and has the biggest effect.)
Next 6 Months:
• Figure out needed resources, get approvals, assign work and deadlines. Start!
• Insure that senior leadership establishes regular and open communications to all.
Always
• Celebrate your Compliance milestones and accomplishments. You have to do it, but that also
means it’s essential to your organization’s operations and future. Treat it like the big deal that it is,
(and please invite the lawyers).

21
“Learn the rules like a pro, so you can break* them like an artist.”
― Pablo Picasso
* Legal says you can’t actually break any rules.
But you get the point.

Compliance Strategy eGuide
Will be sent via email on Feb. 14
Written by Heather Bussing
Compliance as a Growth Strategy Webinar
March 7 | 11 am PT/2 pm CT
Featuring:
Summer Salomonsen- CLO, Grovo
Tom Tonkin- Principal, Thought Leadership, Cornerstone OnDemand
Continue the Conversation
More Opportunities to Learn

Continue the Conversation
Have a question we didn’t get to? Reach out to us:
mbollinger@csod.com
Twitter: @Bollinger
LinkedIn: https://www.linkedin.com/in/mikebollinger/

Compliance as Culture Strategy

More Related Content

Compliance as Culture Strategy

Editor's Notes