Legal & Regulatory

How to Develop a Values-Based Compliance Culture

Splash_Compliance

A lot of different methods are available to encourage compliance with company policies and regulations, but some are more effective than others. One that has worked well for GE and its customers inspires employee engagement and drives a “speak-up” culture. When integrity-based compliance programs, such as GE’s, are successful, workers feel empowered and issues can be identified from the bottom up, making compliance a way of life.

Compliance—why do we need it? The simple answer is that a well-executed compliance program and “do-it-right” culture can help drive business growth; reduce business interruption, fines, and reputational damage; and—perhaps surprisingly—facilitate an empowered and dedicated workforce. In short, it can be a true business advantage that should not be overlooked in today’s economy.

Getting there, however, is not easy. The following case study explains how GE and its Power division—recognized by the Ethisphere Institute as one of the most ethical companies for the past 11 years—got there, and how others can too.

Compliance Strategies

Most energy companies, big and small, global or not, have compliance programs. As described in LRN’s “The HOW Report,” most compliance or governance structures fall into one of three categories. The categories are:

■ Organizations with command-and-control-based principles, policies, and strict discipline

■ Rules-based and process-driven organizations

■ Values-based organizations that operate on a set of core principles

Misses often occur when a top-down, one-size-fits-all approach is utilized, as employees do not feel empowered to speak up, but rather, simply follow mandates. In addition, a program based on rules alone cannot flex to address grey situations that do not squarely fit within the rules, and without a strong cultural net behind it, can result in major misses if employees do not fully understand, won’t follow, or disregard the rules.

Any compliance program will have occasional minor misses, but these are a normal part of company growth. Program focus, however, can never waiver in its attempt to avoid major misses or intentional wrongdoing. Values- or integrity-based governance and compliance programs generally have the highest return on investment (ROI) for a company (Figure 1). GE uses an integrity-based compliance program, along with clear rules and expectations, to drive its “speak-up” compliance culture and maximize its own “Compliance ROI.”

07_PWR_060117_COV Compliance_p24-29.indd
1. Values lead the way. This chart, adapted from LRN’s 2016 “The How Report,” shows that employee loyalty, business results, corporate reputation, and customer satisfaction all benefit from a values-based compliance program. Courtesy: GE Power with approval from LRN

GE and GE Power’s integrity-based compliance program and structure drive a speak-up culture through a very large and matrixed organization. For perspective, GE is the world’s largest digital industrial company with $123.7 billion in revenue in 2016. It has more than 300,000 employees and operations in about 170 countries.

GE Power is GE’s largest industrial business, with approximately $26.8 billion in revenue in 2016. Headquartered in Schenectady, New York, it has more than 55,000 employees serving customers in more than 150 countries.

Within GE Power, there are five sub-businesses (P&Ls), each operating with its own business strategy and model: Gas Power Systems, Steam Power Systems, Nuclear, Power Services, and Power Digital Solutions. In short, GE is big, and getting everyone on the same page is no easy task. But it can be done, and a GE-style program could be similarly applied to smaller organizations.

With such a large organization, the right structure is key—get it wrong and a gap or miss may result from structure alone. In many cases, scale can be leveraged within GE and GE Power, in areas such as partner due diligence, investigations, third-party management, training, communications, global programs initiatives, monitoring, and more. GE calls this a “horizontal approach” to compliance, and it is similar to how base cost is maximized via unit operational scale.

In other circumstances, however, the structure must be localized—tied to and focused on the risks of a certain division and its specific go-to-market strategy and business model, or to a certain region and its specific set of risks, such as regulatory risks in the U.S. For example, GE has chief compliance officers assigned to the five differing GE Power P&Ls and in select regions, while “Corporate Centers of Excellence” provide training, investigations, and other horizontal compliance services across the company’s industrial divisions. In short, companies should be ready to flex. Applying this dynamic approach, GE Power uses a hybrid compliance structure—combined horizontal and vertical—to “do more with less.”

Setting Expectations with Employees

In addition to the right structure, GE’s global program is seated on a consistent expectation that all employees own compliance, rather than simply a designated compliance team being responsible. That is one of the keys to avoiding a siloed approach, which often results in misses. And this expectation is not driven solely from GE’s code of conduct and compliance principles (called “The Spirit & The Letter” or S&L).

As seen repeatedly, many companies with excellent codes of conduct and good paper programs have triggered multimillion dollar fines for noncompliance. At GE, the S&L is important, but it is how the company operationalizes compliance into its everyday operations, talks about it, makes the tough calls, and sets expectations in the organization (starting with its business leaders) that drive a rhythm and culture of compliance (Figure 2).

07_PWR_060117_COV Compliance_p24-29.indd
2. Get the message? Compliance starts with clear policies and expectations, but engaging employees, leveraging metrics and data analytics, sharing lessons learned, and keeping training fresh all play a role in successful programs. Courtesy: GE Power

Culture, more than any rule book or code, will allow employees to speak up when something seems wrong, drive compliance ownership beyond the compliance team itself, and help an organization avoid the big misses that impact financial and reputational bottom lines. In short, culture can promote doing the right thing.

What’s more, such a compliance culture will never get off the ground without buy-in from organizational leaders (Figure 3). This is because employees follow their leaders; this sounds obvious, but it is often overlooked when rolling out a compliance program. Leaders hire employees, fire them, promote them, compensate them, and more, so leaders are powerful forces for employee motivation.

Fig 3_Compliance
3. It starts at the top. GE Power President and CEO Steve Bolze welcomes new employees and explains compliance expectations as part of an orientation video. Courtesy: GE Power

A leader that speaks about compliance, but then cuts corners with the law will drive a similar team. In contrast, a leader that supports an employee who walks away from a third party asking for a last-minute deal graft will resonate through the organization (Figure 4). As we have seen in the news many times, a few individuals or a small team, acting improperly with intent, can destroy years of operating profit through fines and lost business.

Fig 4_Compliance
4. A leader’s guide to integrity. GE’s expectations for its leaders are simple, but effective. Courtesy: GE Power

Probably the best litmus test for measuring a company’s speak-up compliance culture is its concern-raising program. At GE, it’s called “Open Reporting.” Employees are strongly encouraged to raise issues, even potential or unconfirmed issues, via the Open Reporting program hotlines, ombuds (about 600 GE-wide), or other channels, such as human resources, legal, compliance, or their manager.

Trust is key. Employees will only raise issues if they believe action will be taken and that there will be no retaliation for their inquiry. Failure to do either of these will quickly sink an open reporting program and potentially result in a self-inflicted miss that would have otherwise been stopped or even avoided.

Keeping It Global, Keeping It Local

GE’s compliance program and rhythm, as noted, has both horizontal and vertical elements. Probably one of the best examples of a compliance program applied horizontally within GE Power is what the company calls the “Risk Roll Up” (RRU). The RRU can be accomplished within any organization regardless of size, location, or scope. In short, the RRU is a risk assessment done from the bottom up, with various advantages.

How does it work? First, the training team goes through GE’s 16 compliance policies including anti-bribery, cybersecurity, working with governments, and competition law, from the employee code of conduct (as previously mentioned, GE calls this S&L). For each topic, the team prepares a one-page summary, a short two- to three-minute video, and a one-page description of a real-life GE or external near miss or challenge that it wants employees to be particularly aware of so it is not repeated. The company also translates all of its materials.

Next, training is given to GE Power’s roughly 6,100 managers on how to lead RRU sessions. The managers pick three of the 16 compliance topics that impact their everyday operations, schedule an RRU session, use the slides and videos, and discuss the issues with their employees. In this way, the manager becomes the face and message of compliance for the company, rather than the compliance team itself.

The manager will answer all questions he or she feels comfortable answering from team members. Questions can be forwarded to subject matter experts (SMEs), if necessary. The SME will respond back to the employee and manager with the correct answer or recommended action. Because of employee recommendations from GE Power’s 2016 RRU, managers can now certify their sessions via the GE Power mobile compliance app (Figure 5).

Fig 5_Compliance
5. Smart phone, smart compliance. GE Power’s mobile compliance app allows managers to certify their Risk Roll Up (RRU) sessions and provides on-the-go compliance support. Courtesy: GE Power

After the RRU team meeting, the manager will meet with his or her manager, and that manager will meet with his or her manager, and so on, until the entire division rolls up the major themes and concerns to the GE Power division CEOs. By using this bottom-up approach, employees often identify concerns that are different than were previously perceived, and even some that may not have previously been realized, that is, the unknown, unknowns.

The five GE Power division CEOs and their staffs then report to GE Power’s leader, President and CEO Steve Bolze, on the major compliance concerns flagged by employees and the steps proposed to remedy the problems. Major compliance issues identified by employees are then relayed back to workers, along with an action plan, to show employees that their input matters (Figure 6). Change happens based on their input.

Fig 6_Compliance
6. Listening and responding. GE Power’s General Counsel Keith Carr and Chief Compliance Officer Joseph Suich relay results and actions of the RRU to all GE Power employees via a video message. Courtesy: GE Power

This process is applied globally. In 2016, GE Power rolled up about 37,000 employees with 99% target population participation. That is an example where, despite differing regions, states, countries, or business models, the program works horizontally, drives the culture, and identifies issues not previously spotted via the other numerous compliance rhythms and programs. The RRU allows GE to have a simple, practical, and effective compliance culture, led by its leadership team, driven by the managers and employees, and facilitated by the compliance team.

There are other examples, however, where it pays to stay local. As part of its overall compliance rhythm, GE holds regional compliance operating reviews, or CORs. CORs are unique to each region. The CORs involve all GE businesses in the region—GE Aviation, GE Power, GE Healthcare, etcetera.

Business leaders from each GE division in the region are invited to attend and participate in a variety of region-specific compliance topics. Attendance is limited and all invited must participate.

The COR topics are selected by the regional compliance team, but the sessions are led and driven by the business leaders. The local business leaders, not the lawyers or compliance professionals, are expected to be knowledgeable and engaged on the compliance topics discussed, and provide solutions to issues raised. Members of the corporate legal and compliance team also attend, providing insight and provocative questions. These sessions cannot be global, but rather are effective due to their regional flavor and engagement.

Is Compliance a Competitive Advantage?

Compliance matters, plain and simple. It drives a speak-up culture that has clear business value. While compliance programs have obvious benefits, such as helping to prevent fines, law violations, and reputational damage, a culture of compliance also allows employees to feel empowered, challenge the norm, demand simple and clear programs, and raise concerns without fear of retaliation.

For example, GE’s open reporting program has thousands of compliance issues entered each year. While only a small portion of the issues raised are confirmed, even the unconfirmed concerns can result in business benefits, as they often lead to process, speed, or cost changes.

GE has been successful applying and flexing many of these proven compliance measures used at the company’s service, manufacturing, or office sites to other business endeavors, such as its customer project sites, where different compliance risks may arise.

In addition, the benefits of such a culture go well beyond compliance. A workforce that feels empowered can also challenge outdated business practices, customer relationships, or old designs. It pushes employees to select at least one or two projects they will stop doing to allow them to focus on more important business objectives. While GE’s integrity culture is neither perfect nor homogenous throughout, its program of prevention, detection, and response, mixed with a speak-up, empowered workforce, provides both GE and its customers with compliance and associated business benefits.

Extending the Culture of Compliance Outward

The GE Power compliance program gives customers comfort that the company is genuine and trustworthy, making compliance a competitive advantage for both GE and its customers. To strengthen this partnership, GE holds “compliance outreach” sessions with its customers, where its global team goes to customer sites to benchmark performance and share mutual best practices. Customers decide the agenda and the location.

Past agendas have included topics such as how to create a compliance speak-up culture, facilitate open reporting and concern raising processes, conduct investigations, manage third parties, institute anti-bribery measures, utilize audits, establish RRU practices, analyze and monitor data, develop compliance mobile apps, and more. GE then brings compliance specialists in from across the globe for a meeting to share compliance best practices.

Often, there are follow-ups and customers may visit GE sites or meet with other teams to help strengthen their programs. The company calls this “Access GE” and the service is complimentary. All customers need to do is request a session and GE does the rest. GE feels success is measured by the success of its customers, and the Access GE program helps drive a mutually beneficial relationship. ■

Joseph Suich ([email protected]) is chief compliance officer for GE Power.

SHARE this article