As MSU and Uber show, compliance starts at top


The corporate compliance disasters at Michigan State University, Uber, and Wells Fargo led to very high financial cost, and cost CEOs and other top brass their jobs. How can leaders avoid compliance fiascos? MSU’s interim president is focused on processes and rules. That’s not enough, or even the most important thing, as I explain in the following op-ed, originally published in Crain’s Detroit Business:

Michigan State University will soon get a chief compliance officer, but it still has a problem — and it starts at the top.

No new title or office will fix a culture that missed or ignored warning signs involving the behavior of gymnastics doctor Larry Nasser and Dean William Strample, both of whom were star performers at the university. MSU provides an object lesson that business owners and executives ignore at their peril.

When a top performer gets a pass for bad behavior, the organization learns. It learns not to push important people too hard on integrity. It learns cynicism. It learns how to get away with bad behavior. And MSU is hardly the only organization with this issue.

Uber. Wells Fargo. MSU.

Uber had a process for handling complaints of sexual harassment. Susan Fowler, the soon-to-be famous whistleblower invoked this process by going to the human resources department. She was told the harasser was a top performer, so nothing could be done.

Wells Fargo had multiple policies and processes to prevent improper transactions. Its process flagged employees opening fraudulent accounts, effectively stealing from customers. But that business unit was very successful, and thus its leader was a star performer. She argued that it was stealing from only a small percentage of customers and could reimburse any customers who complained. The leader was allowed to prevent reports from getting to the corporate office and the board.

Michigan State had a process for performance reviews of deans and for investigation of Title IX complaints. Numerous reports of sexual harassment by Strampel were considered in his performance review. There were investigations of reported abuse by Nasser. But Strampel was an important and successful dean, and Nasser brought renown to the university by treating elite gymnasts.

They were given the star treatment. Their misdeeds were ignored.

In each of these examples an important and powerful person became involved in a process designed to detect and prevent misbehavior. In each, the culture gave privilege to the powerful, the process was cut off and horrible things happened. And in each, the consequences for the organization, and for the CEO and several levels of top brass, were dire.

At MSU, hiring a chief compliance officer and creating an office to correct what interim MSU President John Engler called a “diffuse and disorganized” administration aren’t the most important part of the solution.

Over many years as a general counsel, building compliance programs and working through compliance problems at multinational companies, I’ve learned that more processes aren’t enough to change the result, and that hard work by leadership is the key factor for success.

Mr. Engler (or the CEO of any company) cannot simply delegate compliance to compliance people. A compliance office exists to help leadership build a culture and apply high standards of conduct, not to “do” compliance so leadership can ignore it. Compliance professionals can spot red flags, but only leadership can do something about them. Here are a few key elements of a successful compliance program, which only MSU’s top leaders can provide:

  • Encourage people to report concerns, ask uncomfortable questions and prevent retaliation.
  • Ensure that each employee and student knows that her or his boss, coach or teacher expects and models ethics conduct and compliance.
  • Create incentives for good conduct and avoid incentives for bad conduct.
  • Use the data the compliance office will generate to change the organization.

And, especially important in light of MSU’s history:

  • Assure there is only one standard: Important people can’t get away with bad conduct, bad conduct is penalized appropriately, and compliance is not used as a pretext to punish people.

And how would your organization’s culture stack up? Has the CEO given a top performer a pass on an ethical or legal violation because that person is “just too important to the business right now?” Have you disciplined subordinates but not even given a public reprimand to a culpable superior? Have you let a star escape a process because he or she is “too busy” adding value? That value, and much more, can disappear very quickly.

A compliance officer can add a lot of value by helping leadership lead. But it’s up to leadership to make any compliance effort real.

Leave a Reply

Your email address will not be published. Required fields are marked *