Compliance is an essential part of HR, but it is always the bare minimum and should be assessed and analyzed as part of an overall culture strategy. Issuing a policy that says "We don't discriminate" is not the same as a comprehensive inclusion and diversity program.
Following the rules and filing reports are just part of creating a work environment where compliance happens on the way to larger goals for learning, performance, and wellness. But since HR never has to make the business case for compliance, it can be a persuasive approach to larger culture initiatives.
In this presentation, we survey compliance issues, who they affect, and why it's essential to see compliance as a culture issue.
You will learn:
- What compliance issues create risk for the organization.
- What compliance issues create risk for employees.
- Why people are the most important aspect of all compliance issues.
- When compliance problems are symptoms instead of causes.
- How to approach different compliance issues using tech, training, coaching and data.
- How to make compliance an effective part of a comprehensive approach to work culture and strategy.
The original webinar featured Mike Bollinger, Vice President-Thought Leadership and Advisory Services, Cornerstone OnDemand and Heather Bussing, Employment Attorney and Principal Analyst at HRExaminer.
2. 2
Brussels Sprouts?
(Stuff you have to have
because it’s good for you.)
Cupcakes?
(Stuff you want and enjoy.)
Is Compliance like:
3. 3
Compliance: A Definition
Compliance modernization is a broad mandate that spans the
way the function is governed; the tools, technology, and analytics
it uses; the number and nature of its connections to other parts of
the business; the expectations assigned to it; and more.
Problems with Compliance are the
canary in the coal mine.
4. 4
Why Compliance is Not Brussels Sprouts
Compliance is what you do on the way to Great Culture
• Strategy and Culture done right make compliance easy
• Compliance should be preventative – anticipate and investigate; don’t react
• Compliance embedded in Culture and employee behavior creates
employee attachment aka Engagement
• Compliance can be a competitive differentiator for the same
reasons as Engagement and Culture.
Compliance can and does impact every element of an organization.
5. 5
“Higher workplace engagement leads to positive outcomes,
including lower absenteeism (37%), fewer patient safety incidents
(41%) and fewer quality defects (41%)”
- Gallup 2017
6. 6
Compliance and Culture
Some questions (indicators) to consider asking yourself:
• Is Compliance a priority?
• Are there adequate resources (people, software, funds)?
• How does the organization assess risk?
• Who is in charge of Compliance and what do they care about?
• Is it a checklist to get done on the way to the fun stuff?
• Is Compliance an important part of bigger strategic initiatives?
Culture is “How we do things around here.”
How organizations do Compliance reflects their personality, culture, values
7. Why It’s Time to Rethink Compliance
• It’s not like you have a choice; you have to do it anyway
• Making Compliance part of the overall strategy gives you leverage for larger initiatives
because you don’t have to make a business case for Compliance.
• Avoid Compliance cul de sacs. Compliance should always be the bare minimum; never
the end goal.
• All Compliance requirements are based on ideas and concepts that protect workers and
usually organizations too
Build on those basics to create a culture of engagement,
and clarity around compliance initiatives.
7
9. 9
Why it matters (Risk):
• Touches every aspect of employment
• Risk to employees: Health and career
• Risk to employer: Liability
• Risk to bottom line: Absences, Turnover, Productivity
What it’s part of:
• Inclusion and Diversity
• Engagement
• Performance Management
• Recruiting
• Uniquely U.S. but implication in all localities
• Everything
Where to look:
• Dig into data (Engagement, attendance, turnover,
complaints, performance issues).
• When you see something odd in the data, go talk to people
and find out what’s going on.
• Pulse survey, listening tour, ERG’s
What to do:
• Prevent don’t just react
• Protect victims
• Check your biases – website, language, tools, job
descriptions and general communications (e.g. Textio)
• Get rid of people who discriminate.
• Training and learning
EEO/Discrimination/Harassment
Requires equal opportunity in every employment decision
and a work environment free of discrimination & harassment
10. 10
Why it matters (Risk):
• Touches all aspects of employment
• Huge issue in recruiting and retention
• Liability for getting it wrong and easy to prove.
• Demonstrable bottom line impact when done incorrectly
What it’s part of:
• Inclusion and Diversity
• Engagement
• Performance Management
• Pay is a reflection of what the organization values
Where to look:
• Make the comparisons and do the math
• Get lawyers involved in analysis
• Dig into your data – where are the biggest
issues? Find out what’s going on.
What to do:
• You can only raise pay; never lower it.
• Plan and budget to address
• Start with the biggest problem areas and work forward
• Solve early (hiring) to avoid perpetuating the problem
Pay Equity and the Salary Question
People who do the same work should be paid the same
11. 11
Why it matters (Risk):
• Errors snowball fast
• Liability for getting it wrong and easy to prove.
• Getting payroll right is fundamental to everything.
• Repeated payroll problems reflect bigger culture and financial
issues
• Time processing implications can amplify issues
What it’s part of:
• Payroll is most org’s biggest cost and closely monitored
against the bottom line
• Performance Management
• Pay is a reflection of what the organization values
• Money as a demotivator
Where to look:
• Rules are different in different locations
• Check and audit data
• Review process and systems
What to do:
• Automate with reputable vendor who will stay up to date
and be responsive
• Correct any issues immediately or faster
• Explore payroll initiatives in larger context of making life
easier for employees – pay methods, access to
information about deductions
• Training on financial wellness
Wage/Hour and Payroll
So many rules, so much confusion
12. 12
Why it matters (Risk):
• Protecting people’s safety and health should be a
fundamental priority regardless of legal requirements.
• If you don’t, bad things happen like accidents, injuries,
damage, lawsuits, investigations, fines, and possibly the end
of your business.
• Comp insurance premiums are determined by claims.
What it’s part of:
• How organizations treat safety reflects their attitude toward the
value of human life and well being of employees
• Shortcuts reflect culture
• Insurance premiums and coverage requirements like safety
meetings
• Performance – taking innovative risks requires safety on a physical
level
• Disengaged workers have 49% more accidents (Gallup, State of the
American Workplace 2017)
Where to look:
• Everywhere
• Environment & Equipment
• Schedules
• Access to light & Exposure to noise/access to quiet
• Priorities of how resources are allocated to these issues
What to do:
• Prioritize all aspects of safety and well being
• Check your data, survey & talk to people and see problems have an
environmental or safety component
• Do research on effective work environments for your industry
• Assess what can and can’t be changed
Safety/OSHA/Workers’ Comp
Healthy workers; healthy organizations
13. 13
Why it matters (Risk):
• Protecting data of employees and customers from hacking and
misuse – GDPR, CA and state data privacy laws.
• Fines can be huge for violations
• Costs of dealing with data breach are huge
• Protect your trade secrets and business strategy
• For more companies, data is their primary asset
What it’s part of:
• Approach to data security reflects the ‘techspertise’ of an
organization
• Reflects concern for transparency, privacy and consent of
employees
• 27% of US employees are willing to sell security
credentials, some for as little as $100. (2016 SailPoint
Market Pulse Survey.)
Where to look:
• IT and systems security assessment
• Review training and whether people understand how to protect
privacy and data and why
• Consider getting expert help if you don’t have resources in house
What to do:
• Understand what matters and why and how to teach people
to attend to data privacy
• Make any training, app, software or approach easy and
minimize burden on users or people won’t do it.
• Find fun ways to approach it – competitions, tests, effective
communications and alerts
• Establish technology solution where possible to reduce
process burden (GDPR - right to be forgotten)
Data Security and Privacy
Humans are your biggest security risk
14. 14
Why it matters (Risk):
• It’s your secret sauce
• Timing matters, especially if you are a public company or
regulated industry
• Business strategy needs confidentiality to get right
• The future of the company, its deals, and the careers and
lives of people can be at risk.
• Trade secrets are difficult to protect.
What it’s part of:
• Business strategy
• Market timing
• Competitive info and advantage
• The ability to experiment and innovate
• The ability to protect and maintain valuable assets (besides
the people and real estate)
Where to look:
• Do you have a well thought out strategy about who has access
to what?
• Do you add security to communications about confidential info
• Do you tell people exactly what’s confidential and why?
• Do you teach people how to figure it out?
What to do:
• Apply physical and technological restrictions to access trade
secrets;
• Limit and monitor public access to buildings that house trade
secrets;
• Mark “secret” or “confidential” all documents containing trade
secrets so as to avoid accidental or inadvertent disclosure
• Use NDA’s as a reminder, not a hammer
• Above all, understand the “psychological contract” that you and
your employees carry as a result of culture
Trade Secrets/NDA’s
The secrets of success
15. 15
Why it matters (Risk):
• Different rules, process, bargaining power and
consequences
• Multiple policies and interests are always involved
• Requires both employers and employees to think
through overall picture about what is important and how
to allocate resources.
What it’s part of:
• Wage, hours, benefits
• Discipline, termination and performance & workforce
management
• Timing of employment decisions
• Business Strategy
• Process effectiveness
Where to look:
• CBA/MOU terms and procedures
• Consult Legal for process, grievances etc.
• Internal processes and governance
What to do:
• Make friends with the other side – you work together
• Have a longer view of timing, resources and commitments
• Learn skills to negotiate, prioritize, and make long term
commitments
Union/CBA
Contracts rule
16. 16
Why it matters (Risk):
• This stuff can be worse than the tax code to figure out
• Violations are expensive and a huge pain
• Reward employees in a tax-efficient way
What it’s part of:
• Data Security
• Benefits Admin
• Tax and Financial Planning for Companies & Employees
Where to look:
• ERISA which applies to retirement healthcare, disability and life
insurance+
• HIPAA – transfer of info about employee medical or health
• ACA – Eligibility and Affordability determinations and reporting
• Employee Equity as an incentive
• Taxable implications for provided fringes (car, life insurance over
$50k, etc.)
What to do:
• Get expert help for the compliance part
• Benefits affect employees long after they are gone. What
does that mean for your employer brand, recruiting,
business strategies, and bottom line?
• Make leave policies and practices both competitive and
painless where possible
Benefits
ERISA and HIPAA and ACA, Oh my!
A culture of wellness leads to sustainable employee engagement.
17. 17
Why it matters (Risk):
• Violations cause liability and damage to reputation
• It’s the organization’s responsibility too.
• In many case, licensure is the organizations lifeblood
What it’s part of:
• Productivity
• Learning (Continuing ed. requirements)
• Competence/reputation of company and it’s employees
• Supporting education and development of employees
• Mentoring and knowledge sharingWhere to look:
• Does the organization pay dues and fees and allocate
time to meet requirements?
• How can Compliance here support voluntary
L&D for others?
• Are you effectively using experts’ expertise?
• Within your vocational professional groups as well
Professional Licenses and Certifications
Without them, some people can’t do the work.
What to do:
• Monitor for regulatory and statutory changes
• Manage notifications of expirations on behalf of the employee
• Align materials to licensure outcomes for ease of renewal
• Provide clear path and requirements to aspiring employees of
next level certificates
• Proactively suggest content which can both augment and elevate
the recipient
19. 19
The BOHIP: (Big Ol’ Honkin’ Important Points)
1. Yes, we just made that up. It’s a key point. Think big, have fun, be creative,
don’t be afraid to connect dots, try new things, and try on ideas larger than
meeting Compliance checklists.
2. Stop thinking about Compliance like Brussels Sprouts (risk management) and start
treating it like Cupcakes (good in itself and part of a bigger Culture strategy).
3. Look at the reasons behind the rules and why they are important. When they benefit employees, they
affect Engagement and everything that goes with it. When they
affect the organization, it always matters to the bottom line.
4. Treat Compliance as an opportunity for learning and development. Make learning
The Work not something extra that you have to do, but that doesn’t count.
5. Think about possibilities not procedure, creativity not checklists.
6. Over communicate, clarity and purpose come from crisp and timely communications.
20. 20
What To Do, When.
Today:
• Identify some of your Compliance cul de sacs.
• Imagine where Compliance can be part of a bigger initiative.
Next 30 Days:
• Compare Compliance with your organization’s strategic priorities.
• Choose an area where you can rethink Compliance and make it the foundation for a larger
strategic plan. (Hint: starting with D&I is the most straight forward and has the biggest effect.)
Next 6 Months:
• Figure out needed resources, get approvals, assign work and deadlines. Start!
• Insure that senior leadership establishes regular and open communications to all.
Always
• Celebrate your Compliance milestones and accomplishments. You have to do it, but that also
means it’s essential to your organization’s operations and future. Treat it like the big deal that it is,
(and please invite the lawyers).
21. 21
“Learn the rules like a pro, so you can break* them like an artist.”
― Pablo Picasso
* Legal says you can’t actually break any rules.
But you get the point.
22. Compliance Strategy eGuide
Will be sent via email on Feb. 14
Written by Heather Bussing
Compliance as a Growth Strategy Webinar
March 7 | 11 am PT/2 pm CT
Featuring:
Summer Salomonsen- CLO, Grovo
Tom Tonkin- Principal, Thought Leadership, Cornerstone OnDemand
Continue the Conversation
More Opportunities to Learn
23. Continue the Conversation
Have a question we didn’t get to? Reach out to us:
mbollinger@csod.com
Twitter: @Bollinger
LinkedIn: https://www.linkedin.com/in/mikebollinger/
Notas do Editor
Dear CSOD Creative Team:
Thank you! This is such a treat to be able to turn it over to the professionals.
The most important thing to me is that you have fun with this.
Feel free to change anything – if there is too much on the middle slides, so whatever you think works.
The only thing that will make me sigh heavily, roll my eyes, and be unbecomingly judgmental is if you use any image of a multi-demographic group of people smiling at a laptop.
It is my life's mission to promote more interesting images.
Okay, my life's mission today,
and some other days.
Otherwise, it's all yours. Do cool stuff.
PS: Please forgive the sloppy formatting, inconsistent punctuation (: in headings and oxford comma), and typos. Correct away!
PSS: Thank you some more!
Twitter poll results:
27 votes
59% brussels sprouts
15% cupcakes
26% other, usually some version of but I like brussels sprouts or huh?!
Animate here
It’s not just something you have to do because it’s good for you. Compliance is good in and of itself.
With a nod to business drivers here:
A Lack Of Compliance Can Cost You Millions Of Dollars In Fines And Brand Damage
Having An Organized And Systematic Approach To Compliance Will Save You More In The Long Run
Lowered Risks is Paramount
It can be a competitive differentiator in first mover advantage
It does not detract from the core mission of the organization
Aviation, Pharma and Financial Services – strategic planning
“Plan Risk into the process”
Additional thoughts: Compliance is about the organization. Engagement is about the employees. There is a lot of cross-over. Compliance is the organization’s obligation, so it is fundamentally about them. But the effects of Compliance (or failure to comply) deeply affects employees and engagement.
Compensate for Compliance Well Done
I made ‘techpertise’ up. I know it’s not a word. Please let me keep it.