What should the function or department be called that is responsible for Compliance Management? And what should the job title of the head of that function be?
What‘s in a name? That which we call a rose
By any other name would smell as sweet.
– Shakespeare, Romeo and Juliet (II, ii, 1-2)
While I agree with the Great Bard of Avon that names are mere conventions and it is the content that finally makes the difference, our colleagues from Marketing will nevertheless tell us, that the words we chose can make a tremendous difference in the impact on people‘s perception, attitude and behavior. This is no less true for Compliance Management than for advertising consumer products.
One example from my first company, a FMCG manufacturer with powerful brands was their utter marketing disaster when they did an international brand consolidation project and tried to market washing powder under the brand “White Giant” in South Africa. Why – in Germany no one had an issue with “Weisser Riese”.
So we see that the name tags we are using for things and ideas do make an important difference.
Coming back to Compliance Management, I have known this function under the name of „Corporate Integrity“ for a long time and have always preferred this to „Ethics and Compliance“ or only „Compliance“ because it conveys a different underlying philosophy and perspective. The department title is a “brand”, it has an internal communication and marketing function. It can appeal to people’s feelings and cause reservations, anxiety or even outright antipathy – varying by country and by the experience and background of individual people.
As an example, in Germany and Austria I have encountered great reservations of people against any kind of whistleblower hotline and Speak Up campaigns: it reminds people of the dark past under the Nazi regime where people would report others to the Gestapo and you could be murdered or end up in a concentration camp because someone anonymously raised allegations against you.
In my first company, the function was created as a separate function in 2007, called “Corporate Integrity”, directly under the CEO. It included the Compliance function and also Internal Audit was moved under its umbrella (it’s debatable if that is ideal , but before that Internal Audit had had very strong dependence on the CFO, so it was an improvement) and I think some aspects from Legal and Data Privacy, too. Integrity was one of the Corporate Core Values and we see it now in most companies value statements.
When I joined my previous company before the current one to build up a new Compliance function, I also called it „Corporate Integrity“. Then, I was hired for the position of Chief Compliance Officer and asked upon joining to call the function Corporate Integrity and set the job title as Chief Ethics & Compliance Officer, because of the internal perception; not to appear as Head of Checklists and Procedures and Chief Internal Policeman. The board immediately agreed; why should they have objected. To me, it made a very important difference in conveying the whole meaning of what I was doing. And the CEO was still joking that as CECO I was more important than him, sharing 3 letters and having even one more…
In the end, of course you have to look at the content behind the title. Because the product also has a content and function regardless of the packaging and brand. And if that content isn’t delivering on the marketing promises, you cannot e successful.
From that perspective it doesn’t really matter if the function is called „Compliance“ as long as the understanding of the work is to promote a values- and principles-based, Integrity culture and not „dumb“ checklist-follow-the-procedure Compliance. See United Airlines for the (pathological) consequences this can have.
Finally, what we want to achieve as a result is compliant behavior of course. But how we achieve that is maybe equally important. Do we want the people to obey rules? Or do we want them to embrace values and act upon principles and do the right thing for the right reasons?
The first approach can work. The rules have to be detailed enough and the system has to be flawless and every eventuality has to be thought of. And you have to control and enforce compliance. Brave new world. Big brother os watching you.
Putting the right name and terminology can help.
And this brings us to the question of the relation between Integrity (or Ethics) and Compliance: Compliance needs Integrity as a guiding star. Compliance by itself just means “to follow (a set/system of rules)”. But it doesn’t say anything about that system. It can be good or bad. And it doesn’t say anything about if the people are complying out of conviction and belief that they are doing the right thing. They could be forced to comply, or comply out of habit but without believing in the system, they could just obey orders, etc.
That‘s why I say: „Compliance without Ethics is blind.“ And Ethics without Compliance, without taking action is futile. In the worst case, it’s hypocrisy.
Michael Kuckein, Sandoz Tr, Ethics and Compliance Director, CIA, CISA, CCSA, CRISC, CRMA
Michael combines a lifelong interest in ethics and natural sciences – how the universe works, how organizations work, how people, their minds, emotions and behavior work … and how to bring insights from all of these areas together in good governance of organizations.
He graduated from Munich Technical University with a MSc in Physics as well as a MSc in Business Administration, spent a year of research at CERN in Geneva and started his business career as an Internal Auditor focused on IT and HR with additional responsibility as IT Security Officer and Data Privacy Officer in the German Henkel AG. He later changed to become Risk Specialist in the Boston Consulting Group and subsequently joined Daiichi Sankyo where he developed to Head of Internal Audit and Risk Management for the business unit Europe. From there he moved on to assume the role of Chief Ethics & Compliance Officer and establish a corporate compliance function in the Austrian Zumtobel Group , in parallel acting as Head of Corporate Internal Audit ad interim.
In 2016, he joined Sandoz Turkey as Country Head of Integrity & Compliance.
Michael lives in Istanbul and is married to a Turkish wife. Together they have 3 kids.
Michael holds professional certifications from the IIA as CIA (“degree of honor”), CCSA, and CRMA and from ISACA as CISA and CRISC (“worldwide achievement awards”).
Makalelerdeki görüş ve yorumlar yazar veya yazarlara ait olup , Etik ve İtibar Derneği’nin konu ile ilgili düşüncelerini yansıtmamaktadır.