Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Compliance as Culture Strategy


Published on

Compliance is an essential part of HR, but it is always the bare minimum and should be assessed and analyzed as part of an overall culture strategy. Issuing a policy that says "We don't discriminate" is not the same as a comprehensive inclusion and diversity program.

Following the rules and filing reports are just part of creating a work environment where compliance happens on the way to larger goals for learning, performance, and wellness. But since HR never has to make the business case for compliance, it can be a persuasive approach to larger culture initiatives.

In this presentation, we survey compliance issues, who they affect, and why it's essential to see compliance as a culture issue.

You will learn:
- What compliance issues create risk for the organization.
- What compliance issues create risk for employees.
- Why people are the most important aspect of all compliance issues.
- When compliance problems are symptoms instead of causes.
- How to approach different compliance issues using tech, training, coaching and data.
- How to make compliance an effective part of a comprehensive approach to work culture and strategy.

The original webinar featured Mike Bollinger, Vice President-Thought Leadership and Advisory Services, Cornerstone OnDemand and Heather Bussing, Employment Attorney and Principal Analyst at HRExaminer.

Published in: Business
  • Be the first to comment

Compliance as Culture Strategy

  1. 1. Heather Bussing and Mike Bollinger Compliance as a Culture Strategy
  2. 2. 2 Brussels Sprouts? (Stuff you have to have because it’s good for you.) Cupcakes? (Stuff you want and enjoy.) Is Compliance like:
  3. 3. 3 Compliance: A Definition Compliance modernization is a broad mandate that spans the way the function is governed; the tools, technology, and analytics it uses; the number and nature of its connections to other parts of the business; the expectations assigned to it; and more. Problems with Compliance are the canary in the coal mine.
  4. 4. 4 Why Compliance is Not Brussels Sprouts Compliance is what you do on the way to Great Culture • Strategy and Culture done right make compliance easy • Compliance should be preventative – anticipate and investigate; don’t react • Compliance embedded in Culture and employee behavior creates employee attachment aka Engagement • Compliance can be a competitive differentiator for the same reasons as Engagement and Culture. Compliance can and does impact every element of an organization.
  5. 5. 5 “Higher workplace engagement leads to positive outcomes, including lower absenteeism (37%), fewer patient safety incidents (41%) and fewer quality defects (41%)” - Gallup 2017
  6. 6. 6 Compliance and Culture Some questions (indicators) to consider asking yourself: • Is Compliance a priority? • Are there adequate resources (people, software, funds)? • How does the organization assess risk? • Who is in charge of Compliance and what do they care about? • Is it a checklist to get done on the way to the fun stuff? • Is Compliance an important part of bigger strategic initiatives? Culture is “How we do things around here.” How organizations do Compliance reflects their personality, culture, values
  7. 7. Why It’s Time to Rethink Compliance • It’s not like you have a choice; you have to do it anyway • Making Compliance part of the overall strategy gives you leverage for larger initiatives because you don’t have to make a business case for Compliance. • Avoid Compliance cul de sacs. Compliance should always be the bare minimum; never the end goal. • All Compliance requirements are based on ideas and concepts that protect workers and usually organizations too Build on those basics to create a culture of engagement, and clarity around compliance initiatives. 7
  8. 8. What does Compliance as a Culture Look Like? (An Overview)
  9. 9. 9 Why it matters (Risk): • Touches every aspect of employment • Risk to employees: Health and career • Risk to employer: Liability • Risk to bottom line: Absences, Turnover, Productivity What it’s part of: • Inclusion and Diversity • Engagement • Performance Management • Recruiting • Uniquely U.S. but implication in all localities • Everything Where to look: • Dig into data (Engagement, attendance, turnover, complaints, performance issues). • When you see something odd in the data, go talk to people and find out what’s going on. • Pulse survey, listening tour, ERG’s What to do: • Prevent don’t just react • Protect victims • Check your biases – website, language, tools, job descriptions and general communications (e.g. Textio) • Get rid of people who discriminate. • Training and learning EEO/Discrimination/Harassment Requires equal opportunity in every employment decision and a work environment free of discrimination & harassment
  10. 10. 10 Why it matters (Risk): • Touches all aspects of employment • Huge issue in recruiting and retention • Liability for getting it wrong and easy to prove. • Demonstrable bottom line impact when done incorrectly What it’s part of: • Inclusion and Diversity • Engagement • Performance Management • Pay is a reflection of what the organization values Where to look: • Make the comparisons and do the math • Get lawyers involved in analysis • Dig into your data – where are the biggest issues? Find out what’s going on. What to do: • You can only raise pay; never lower it. • Plan and budget to address • Start with the biggest problem areas and work forward • Solve early (hiring) to avoid perpetuating the problem Pay Equity and the Salary Question People who do the same work should be paid the same
  11. 11. 11 Why it matters (Risk): • Errors snowball fast • Liability for getting it wrong and easy to prove. • Getting payroll right is fundamental to everything. • Repeated payroll problems reflect bigger culture and financial issues • Time processing implications can amplify issues What it’s part of: • Payroll is most org’s biggest cost and closely monitored against the bottom line • Performance Management • Pay is a reflection of what the organization values • Money as a demotivator Where to look: • Rules are different in different locations • Check and audit data • Review process and systems What to do: • Automate with reputable vendor who will stay up to date and be responsive • Correct any issues immediately or faster • Explore payroll initiatives in larger context of making life easier for employees – pay methods, access to information about deductions • Training on financial wellness Wage/Hour and Payroll So many rules, so much confusion
  12. 12. 12 Why it matters (Risk): • Protecting people’s safety and health should be a fundamental priority regardless of legal requirements. • If you don’t, bad things happen like accidents, injuries, damage, lawsuits, investigations, fines, and possibly the end of your business. • Comp insurance premiums are determined by claims. What it’s part of: • How organizations treat safety reflects their attitude toward the value of human life and well being of employees • Shortcuts reflect culture • Insurance premiums and coverage requirements like safety meetings • Performance – taking innovative risks requires safety on a physical level • Disengaged workers have 49% more accidents (Gallup, State of the American Workplace 2017) Where to look: • Everywhere • Environment & Equipment • Schedules • Access to light & Exposure to noise/access to quiet • Priorities of how resources are allocated to these issues What to do: • Prioritize all aspects of safety and well being • Check your data, survey & talk to people and see problems have an environmental or safety component • Do research on effective work environments for your industry • Assess what can and can’t be changed Safety/OSHA/Workers’ Comp Healthy workers; healthy organizations
  13. 13. 13 Why it matters (Risk): • Protecting data of employees and customers from hacking and misuse – GDPR, CA and state data privacy laws. • Fines can be huge for violations • Costs of dealing with data breach are huge • Protect your trade secrets and business strategy • For more companies, data is their primary asset What it’s part of: • Approach to data security reflects the ‘techspertise’ of an organization • Reflects concern for transparency, privacy and consent of employees • 27% of US employees are willing to sell security credentials, some for as little as $100. (2016 SailPoint Market Pulse Survey.) Where to look: • IT and systems security assessment • Review training and whether people understand how to protect privacy and data and why • Consider getting expert help if you don’t have resources in house What to do: • Understand what matters and why and how to teach people to attend to data privacy • Make any training, app, software or approach easy and minimize burden on users or people won’t do it. • Find fun ways to approach it – competitions, tests, effective communications and alerts • Establish technology solution where possible to reduce process burden (GDPR - right to be forgotten) Data Security and Privacy Humans are your biggest security risk
  14. 14. 14 Why it matters (Risk): • It’s your secret sauce • Timing matters, especially if you are a public company or regulated industry • Business strategy needs confidentiality to get right • The future of the company, its deals, and the careers and lives of people can be at risk. • Trade secrets are difficult to protect. What it’s part of: • Business strategy • Market timing • Competitive info and advantage • The ability to experiment and innovate • The ability to protect and maintain valuable assets (besides the people and real estate) Where to look: • Do you have a well thought out strategy about who has access to what? • Do you add security to communications about confidential info • Do you tell people exactly what’s confidential and why? • Do you teach people how to figure it out? What to do: • Apply physical and technological restrictions to access trade secrets; • Limit and monitor public access to buildings that house trade secrets; • Mark “secret” or “confidential” all documents containing trade secrets so as to avoid accidental or inadvertent disclosure • Use NDA’s as a reminder, not a hammer • Above all, understand the “psychological contract” that you and your employees carry as a result of culture Trade Secrets/NDA’s The secrets of success
  15. 15. 15 Why it matters (Risk): • Different rules, process, bargaining power and consequences • Multiple policies and interests are always involved • Requires both employers and employees to think through overall picture about what is important and how to allocate resources. What it’s part of: • Wage, hours, benefits • Discipline, termination and performance & workforce management • Timing of employment decisions • Business Strategy • Process effectiveness Where to look: • CBA/MOU terms and procedures • Consult Legal for process, grievances etc. • Internal processes and governance What to do: • Make friends with the other side – you work together • Have a longer view of timing, resources and commitments • Learn skills to negotiate, prioritize, and make long term commitments Union/CBA Contracts rule
  16. 16. 16 Why it matters (Risk): • This stuff can be worse than the tax code to figure out • Violations are expensive and a huge pain • Reward employees in a tax-efficient way What it’s part of: • Data Security • Benefits Admin • Tax and Financial Planning for Companies & Employees Where to look: • ERISA which applies to retirement healthcare, disability and life insurance+ • HIPAA – transfer of info about employee medical or health • ACA – Eligibility and Affordability determinations and reporting • Employee Equity as an incentive • Taxable implications for provided fringes (car, life insurance over $50k, etc.) What to do: • Get expert help for the compliance part • Benefits affect employees long after they are gone. What does that mean for your employer brand, recruiting, business strategies, and bottom line? • Make leave policies and practices both competitive and painless where possible Benefits ERISA and HIPAA and ACA, Oh my! A culture of wellness leads to sustainable employee engagement.
  17. 17. 17 Why it matters (Risk): • Violations cause liability and damage to reputation • It’s the organization’s responsibility too. • In many case, licensure is the organizations lifeblood What it’s part of: • Productivity • Learning (Continuing ed. requirements) • Competence/reputation of company and it’s employees • Supporting education and development of employees • Mentoring and knowledge sharingWhere to look: • Does the organization pay dues and fees and allocate time to meet requirements? • How can Compliance here support voluntary L&D for others? • Are you effectively using experts’ expertise? • Within your vocational professional groups as well Professional Licenses and Certifications Without them, some people can’t do the work. What to do: • Monitor for regulatory and statutory changes • Manage notifications of expirations on behalf of the employee • Align materials to licensure outcomes for ease of renewal • Provide clear path and requirements to aspiring employees of next level certificates • Proactively suggest content which can both augment and elevate the recipient
  18. 18. Whew! That was a lot. Now, for the big finish.
  19. 19. 19 The BOHIP: (Big Ol’ Honkin’ Important Points) 1. Yes, we just made that up. It’s a key point. Think big, have fun, be creative, don’t be afraid to connect dots, try new things, and try on ideas larger than meeting Compliance checklists. 2. Stop thinking about Compliance like Brussels Sprouts (risk management) and start treating it like Cupcakes (good in itself and part of a bigger Culture strategy). 3. Look at the reasons behind the rules and why they are important. When they benefit employees, they affect Engagement and everything that goes with it. When they affect the organization, it always matters to the bottom line. 4. Treat Compliance as an opportunity for learning and development. Make learning The Work not something extra that you have to do, but that doesn’t count. 5. Think about possibilities not procedure, creativity not checklists. 6. Over communicate, clarity and purpose come from crisp and timely communications.
  20. 20. 20 What To Do, When. Today: • Identify some of your Compliance cul de sacs. • Imagine where Compliance can be part of a bigger initiative. Next 30 Days: • Compare Compliance with your organization’s strategic priorities. • Choose an area where you can rethink Compliance and make it the foundation for a larger strategic plan. (Hint: starting with D&I is the most straight forward and has the biggest effect.) Next 6 Months: • Figure out needed resources, get approvals, assign work and deadlines. Start! • Insure that senior leadership establishes regular and open communications to all. Always • Celebrate your Compliance milestones and accomplishments. You have to do it, but that also means it’s essential to your organization’s operations and future. Treat it like the big deal that it is, (and please invite the lawyers).
  21. 21. 21 “Learn the rules like a pro, so you can break* them like an artist.” ― Pablo Picasso * Legal says you can’t actually break any rules. But you get the point.
  22. 22. Compliance Strategy eGuide Will be sent via email on Feb. 14 Written by Heather Bussing Compliance as a Growth Strategy Webinar March 7 | 11 am PT/2 pm CT Featuring: Summer Salomonsen- CLO, Grovo Tom Tonkin- Principal, Thought Leadership, Cornerstone OnDemand Continue the Conversation More Opportunities to Learn
  23. 23. Continue the Conversation Have a question we didn’t get to? Reach out to us: Twitter: @Bollinger LinkedIn: