John Hughes (jhughes@dragados-usa.com) is a Regional Ethics and Compliance Manager for Dragados USA in New York, NY, USA.
We have all heard the term “tone at the top” in reference to an effective compliance program, but where does that term come from, and is that really the benchmark we should rely on? The term has been used in reference to scandals since the early 2000s, appearing in audit reports from large corporate incidents.[1] In those corporate scandals, it was clear that leadership was failing to set a positive tone at the top, and as a result, the corporate attitude toward compliance was lax. If leadership was not engaged in a compliance program, could lower-level employees be expected to exhibit a compliance culture? The fall of major influential corporations (e.g., Enron) and individuals (e.g., Bernie Madoff) made it clear that a focus was needed on leadership setting the tone and communicating the compliance goals. Compliance shifted, and leadership was engaged, but noncompliance did not stop, and major corporations continued to fail (e.g., Volkswagen, Wells Fargo, Airbus). Setting a tone is not enough if individuals continue to avoid accountability.
Putting tone at the top into practice
In 2017, the United States Department of Justice (DOJ) Fraud Section issued guidance titled Evaluation of Corporate Compliance Programs that provided a blueprint for prosecutors to use when considering a company’s compliance program efforts to be a mitigating factor in prosecution. While that guidance was meant to be a more holistic approach to compliance vs. a checklist, many professionals focused on the elements of an effective compliance program, and countless articles were written on the topic. Chapter 8 of the 2018 Guidelines Manual published by the United States Sentencing Commission further reinforced the focus on the elements,[2] and compliance professionals quickly adapted to the framework. Key within the framework are requirements that “high-level personnel” or personnel “of substantial authority” have oversight and receive reports of compliance operations and that the program is adequately resourced. These requirements are loosely translated to setting a tone at the top.
As compliance programs started to evolve, additional efforts were suggested to improve the tone at the top. Many companies adopted a position that the top leaders should address the need for compliance and reinforce its importance to the company. Increasingly, as auditors would look to assess the tone at the top during audits, companies recognized the need to document the tone. During a recent ISO 37001:2016 certification audit, I provided extensive documentation related to the leadership element of the certification standard. The International Organization for Standardization publication details the requirements with guidance for use, and this guidance provides specific documentation used to set the tone.[3] Key recommendations include communication of the policies internally and externally and communication of the importance of compliance with the policies internally. As compliance professionals, we have now moved to checking a box to meet the audit requirements.
If tone at the top is relegated to meeting an audit requirement/checking a box, companies fail to meet the underlying need, which is ethical and compliant leadership. Employees that see consistent enforcement of policies, appropriate discipline for transgressions, and ethical employees receiving promotions will be inspired to believe in a real tone at the top. Further, when a situation arises at the company, compliance being part of the response team sends a message to all employees that the company values guidance from the ethics and compliance professionals.
