“What’s your worst nightmare – the disaster that you fear most as a compliance officer?”
That’s the first question I asked at my Tuesday session at the Society of Corporate Compliance and Ethics‘ energy and utility conference in Houston. What I heard back broke down into two major themes: fear of a massive financial fraud akin to ENRON, and the possibility of a workplace catastrophe that would affect the plant, a community, the environment, and public safety.
“Do any of you think that if either of those catastrophes occurred there would be no one in your organization who would have seen signs, tried to warn others or was thwarted in their efforts to do so?” No one raised their hand.
Next, I asked, “How many of you have: policies urging people to come forward, hotlines, multiple compliant processes, value statements lauding openness and online training teaching people the rules, processes and your company’s to open communications to surface problems” All hands went up.
In fact, those kinds of systems largely covered the range of topics being discussed at the conference. I read the session summary “handouts” which largely dealt with rules, regulations, systems, legal interpretations, process and other measures in great detail.
Finally, my last question: “If you are doing all these steps to avoid these disasters already, why do you still have these nightmares – what do you have to worry about?”
One person raised her hand and said “Retaliation.” Her direct point, which generated no disagreement, was that systems processes and every other compliance safeguards won’t amount to much if people are afraid to use them and don’t believe that they are more than digital or paper processes. These are potential defense exhibits in a future lawsuit, but no more.
Unfortunately, many organizations have made a grave error in terms of how they understand what it takes to prevent, detect and correct problems. It can all be boiled down to one word – credibility.
Do you value complaints and warnings from employees?
Without that, the most serious problems which involve great expense, potential harm and a challenge to executive and managerial practices won’t be surfaced. Too often we assume if processes and hotlines, flow charted systems and other like token tools are in place we’ve done and enough and can then defend ourselves if somehow a problem surfaces.
Article Continues Below
Yes, by doing all of that, we’ve done something especially if our focus is building defenses against an ever expanding volume of whistleblower protections. But defending lawsuits is not the heart of the issue.
Instead, what surfaced in the discussion is that the nightmares mentioned — business and public catastrophes on the magnitude of Massey Coal, Fukushima, Challenger, Columbia, Enron and the mortgage meltdown — are far worse than the costs and penalties of reactive legal claims that disasters like those bring to mind.
As my audience noted, people don’t speak out because individuals aren’t trained to effectively speak up safely and effectively. Nor do they believe doing so is truly valued in their organizations. In turn, leaders from front line to the executive suite aren’t taught to welcome complaints and then listen to what they’re told.
These abilities are not seen as cultural practices as routine and vital as wearing safety equipment and checking off other operational details – the stuff that keeps any utility or energy concern or any other intricate organization, for that matter, functioning.
I left the session, as did many of the participants, realizing that in many organizations, nightmares will continue for those in compliance and others. And some will come true.