I have been working for Tesco for almost eight years, and when I joined the company, “compliance” was absolutely not a focus. We certainly followed values like “no one tries harder for customers,” but we did not know too much about compliance and about how important it should be for a well-organized company in the 21st century.
A few years later we started getting more and more familiar with compliance and recognized fairly quickly its relevance for our business. Soon, there was not a single legal conference where compliance was not on the agenda. We had many discussions about the real meaning and value of compliance, and eventually we extended the scope of our discussions to encompass “ethics” and “ethical behavior” – we had many interesting chats about the differences between those concepts and compliance (I’ll come back to this point later in this article). If I look back to our “ethics & compliance journey” at Tesco now, I think these brainstorming and discussions can be seen as the initial phase of it.
After recognizing the importance of compliance, we started to work on building various compliance programs. A Group Regulatory, Ethics, and Compliance Team prepared so-called “blueprints,” containing those items which needed to be implemented in order to establish a robust compliance system. At Tesco we have compliance programs in the areas of anti-bribery, fraud, competition law, information security, and people safety. We are currently working on our data privacy compliance program as well, which nowadays is a very hot topic and keeps many compliance officers awake at nights. We have some additional ideas in our heads as well, so I am sure that this phase will be a long-lasting one.
I define this second phase of our ethics and compliance journey as the one where we set the basics (i.e., create the basic elements of an effective compliance program such as policies, guidelines, risk registers, trainings, communications, monitoring, etc.). There is no question how important this second phase is as without having a strong basis it is difficult even if not impossible to build a nice house on it. Though I certainly like doing compliance, I should admit that this part of the journey is sometimes quite dry and boring and I am sure that when people think about compliance, almost all of them have this part in their mind which makes compliance not the most popular topic.
However, there is a more exciting part coming after phase no. 2, which can be characterized by the following challenge: how can we build a nice house on that strong foundation? In other words, how can the robust compliance system we have created be embedded into the everyday thinking and behavior of our colleagues? Based on my experience I can say that no one should underestimate the relevance and the complexity of this phase. We find ourselves sometimes in a position where we are confident that we have a good compliance system (created in phase no. 2), but we still doubt whether our colleagues really understand our messages and follow our instructions. It is, after all, fairly easy to prepare a nice policy, but it can often be awfully difficult to implement it into the daily operations of the business. The bad news is that I do not know the key to success, if there is one. My advice is to continuously review your compliance programs and be very critical – which means that you should not be satisfied with the system itself but should ask yourself whether colleagues are really following the rules during their daily work.
Let me share with you some additional tips which you can use to make your compliance program better. First, while reflecting on the changes of the risks – which should be done properly and in a timely manner – make your risk register live. Second, communication is never enough in order to raise awareness of the programme; in addition to e-learnings and face-to-face trainings for bigger teams, organize interactive workshops for smaller groups of colleagues where you can involve them more in discussion.
As you can see, phase no. 3 is a much more challenging but also more exciting part of the ethics and compliance journey, allowing you to deal with people and do your best to change their ways of thinking about ethics & compliance. This is the part where you can transform compliance into ethics and the pure program you have created into the ethical behavior of your colleagues which should be – I think – the ultimate goal of all compliance officers.
This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.