As those of us who lived through it know, post-9/11 airport security in the United States was a world apart from what preceded it. The United States citizenry was traumatized and frightened of another attack. The US government responded by implementing draconian rules, significantly restricting the items that could be carried onto commercial aircraft.
Many of these new restrictions were quite sensible and overdue. For example, prior to 9/11 you could carry through security a half-gallon jug of liquid with no procedures to test whether it was water or nitroglycerine. But, other restrictions clearly overshot the mark. Do you remember the days when Transportation Security Administration (“TSA”) agents confiscated nail clippers, fingernail files and small pocket knives? Even the silverware in the first class cabin needed to be plastic.
These practices not only irritated the traveling public, they also reduced airline safety. This may seem counter-intuitive: After all, how could preventing passengers from bringing potential weapons on aircraft make flying less safe? This was exactly the question posed to the head of the TSA when he testified several years ago in front of a congressional transportation safety committee requesting support for his agency’s proposal to loosen airport screening standards.
The TSA head explained that his agents were spending an inordinate amount of time searching for and confiscating items that had little to no impact on improving airline safety. He stated that, in addition to slowing down the lines at security check points, this focus on looking for large nail clippers was distracting TSA agents from the far more important task of detecting items — like bombs — that could take aircraft down. He further explained that given the hardened cabin doors, enhanced training of airline staff and the post- 9/11 response by passengers who took up the habit of restraining anyone in the cabin who presented a threat to the aircraft, it was no longer possible to take over an airplane with a small pocket knife. Thankfully, the US Congress saw the logic in these observations and allowed TSA to promulgate less restrictive regulations.
I think the same dynamic often comes into play in corporations that experience the trauma of a government investigation or prosecution for wrongdoing. The fear and anxiety such events cause to boards of directors and company executives sometimes manifests itself in the implementation of new policies, procedures and internal controls that overshoot the mark.
A typical example might be a company that is subject to prosecution for an employee violating anti-corruption laws. In response, many companies require all employees, regardless of their role in the company, to endure lengthy live and online anti-corruption training sessions. They may supplement this with annual attestations to comply with the company code, a large collection of new policies, procedures and controls, and expensive due diligence and training of all third parties who purchase and distribute their products. In addition, auditing and compliance staffs balloon in size and busy themselves by launching dozens of compliance initiatives aimed at reducing compliance risks.
The problem with this understandable response to a compliance crisis is that corporations with overblown compliance programs may end up becoming less able to manage their legal and ethical risks. By imposing draconian controls on businesses, thousands of employees are often required to endure training sessions on topics completely unrelated to their jobs. Others may ultimately “click-through” online training classes just to get it done — without any real learning going on. The company may place false confidence in a third-party due diligence process that checks all the boxes, but fails to alter behavior or detect corrupt business practices. Overblown compliance programs also run the risk of causing employees to avoid, rather than seek out, compliance professionals and create negative attitudes toward the compliance program in general.
Needless to say, engaging in activities that cause such a response is not the optimal means of building and sustaining a strong ethical culture. To the contrary, it breeds cynicism and creates a large cadre of scofflaws. To avoid this fate, you might consider the following three recommendations:
- Look for opportunities to eliminate pointless compliance-related activities. These might include limiting the applicability of policies and procedures to only those individuals who really need to know them and reconsidering the wisdom of your annual code of conduct training and associated attestations for all employees.
- Hold yourself and your compliance program accountable for being able to demonstrate a reasonable return on investment for every program element. In so doing, always be mindful of the fact that every time you think up a great new idea that might make you look good in front of senior management and the board, you might be costing the company hundreds of thousands, if not millions of dollars by imposing it on your colleagues.
- Seek the voice of the customer and listen — really listen. Ask your colleagues whether the various elements of your compliance program are achieving the desired results or having the opposite effect. When you receive negative feedback, don’t get defensive — get curious. Explore with them what is working, what is not working and why. And, have the courage to change course, even if it means gutting one of your pet projects.
It is true that sometimes you need to hold the patient down to administer the medicine they need to heal. But this approach only works in the short term, and should only be used in the direst circumstances. Over the long term, strive to find a flavor the patient can swallow without spitting it up. And, if you really listen to what they have to say, you may find a prescription that they actually like.