[BreachExchange] How a Culture of Compliance Will Help Pharma Firms

Mon Sep 12 18:35:37 EDT 2016

https://www.cebglobal.com/blogs/compliance-ethics-how-a-
culture-of-compliance-will-help-pharma-firms/

No manager wants their company to be the next one in the news for a
corporate scandal, employee-led data breach, or insider trading charge,
especially in highly regulated industries, where corporate misbehavior is
watched closely by lawmakers and the media.

And unlike many other aspects of business, scale is no one’s friend in this
situation. Any misstep by those at the world’s biggest companies will not
only tend to come under more scrutiny than those at smaller firms, but
misconduct is hard to manage when you have to control the actions of
hundreds of thousands of employees.

Analysis of over 200 publicized compliance failures found that three causes
were at least partially responsible for almost 70% of them – company gain,
personal gain, and a permissive culture. Interestingly these causes had one
thing in common: they could all be addressed by improvements in a company’s
“corporate culture.”

Culture is Critical

CEB data from more than 1.6 million employees on how they perceive their
companies’ cultures of compliance show that, for pharmaceutical company
employees, about two-thirds viewed their company’s culture very favorably.
On the other end of the spectrum, 5% had an unfavorable view. While
seemingly insignificant, in a company of 50,000 employees, that’s 2,500
people that have a negative perception of the company’s culture.

This is important because employees with unfavorable perceptions of their
company’s culture observe misconduct 8.5 times more often than employees
with very favorable perceptions.  Further, when they do observe misconduct,
they report it less frequently. For large companies, this means thousands
of incidents of misconduct are seen by employees, but unseen by compliance
and HR departments. And these incidents can quickly add up – compliance
failures caused by a problematic culture had the highest average costs of
fines and settlements – close to $40 million on average, according to CEB
analysis.

But having a strong culture of compliance does more than just reduce the
levels of observed misconduct and increase reporting rates. Managers that
exhibit corporate values can improve employees’ performance by 12%, and a
strong culture of compliance can also increase an employee’s intent to stay
with their organization by 39%.

That means less “regretted attrition” (employees that you don’t want to
quit, doing just that), less time for new employees to get up to speed, and
fewer costs associated with retraining staff – all positives for the bottom
line.

Changing Cultural Perceptions and Employee Behavior

It may seem daunting to try to change a company’s culture and to do it
quickly. But corporate compliance teams can take a few steps immediately to
start to mitigate misconduct and improve the company’s culture of
compliance.

1. Measure employees’ perceptions of the existing culture: Poor perceptions
of a company’s culture and a behavior of not reporting misconduct are
rarely evenly distributed across an organization. Compliance and HR
professionals are best equipped to intervene and address employees’
concerns if they know where issues are and what specific aspects of culture
are in need of attention.

Start by running an employee-wide survey to understand what employees think
about those aspects of a corporate culture that are most relevant in
situations where they might observe misconduct or those aspects that will
encourage them to report it.

2. Help employees feel comfortable speaking up: Despite anonymous hotlines
and non-retaliation policies, employees are often hesitant to report
misconduct. The primary reason is that they fear retaliation, but many
others fail to report because they don’t believe the company takes action
on them.

First and foremost, organizations must demonstrate zero tolerance for
retaliation. To ensure this, some companies have taken the extra step and
reconnected with employees months after they report serious concerns to
find out if they have seen a change in work responsibilities, management
assignment, or anything else that might amount to retaliation.

3. Create manager-specific training on compliance issues: Most corporate
compliance departments rely on hotline call volume and content to track
reports of misconduct, but unfortunately almost two-thirds (63%) of reports
are made to employees’ direct managers, according to CEB data. How managers
respond to a report will not only determine if it is routed to the correct
function in the organization but can also have a transformative effect on
employees’ perceptions of the company’s willingness to act.

Given that they receive the majority of employees’ reports of misconduct,
managers are often Compliance and HR’s first line of defense against it. To
help managers handle these reports in the right way, organizations should
design compliance training specifically for them and help them understand
how to handle employees’ concerns in the moment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160912/51bccbad/attachment.html>