The 20 Compliance Culture Questions To Ask In Your Next Survey

BY: ComplyLog|February 21, 2022|Compliance

Deloitte states that “building a culture of ethics and compliance within an organisation is a business imperative.” And one of the key elements for achieving this goal is to collect feedback from employees using compliance culture questions. Conducting such a survey will enable you to gauge their commitment to compliance in the workplace.  

Once, the onus was on senior management to set the tone from above. Now, thought leaders are positing the idea that we all have our role to play. Andrea Enria, Chair of the Supervisory Board of the European Central Bank (ECB), told a Conference of the Federation of International Banks in Ireland that “the tone from the top has an important role to play, but it is not enough: a sound culture has to be embedded at all levels of the organisation.”

In order to fine-tune your efforts to source high-value feedback from your workforce, you will find a list below of compliance culture queries that you can ask in your next employee survey.  

Table of Contents 

II) Top Questions to Test Your Compliance Culture

 What-is-a-Compliance-Culture

What is a compliance culture?

A culture of compliance is often referred to as a ‘speak-up culture’ because it encourages all stakeholders to contribute to ensuring the business meets its regulatory and ethical requirements. It is a working environment where everyone understands that they should say and do the right thing. 

In a compliance culture, adhering to necessary legislation and moral codes is an integral part of the company’s general business processes. It is not just a checkbox exercise tagged on to the end of a project or thrown together in a panic following an incident and before investigators turn up.  

Elements of a strong, successful compliance culture are:  

  • Awareness of the regulatory compliance regulations that apply to the organisation
  • A collective understanding of the risks affecting the organisation
  • Good communication of policies and expectations throughout the business
  • Continuous training programmes
  • Effective compliance technology to facilitate the culture
  • Encouraging compliant behaviour, sometimes (but not always), through incentives such as bonuses or by making it a prerequisite for gaining promotions
  • Creating an intuitive incident reporting and case management process 

Top Questions to Test Your Compliance Culture

These key questions will help you gain valuable insight into your culture of compliance from your employees.  

Have you received a copy of the Code of Conduct?

The code of conduct is incredibly important for a company’s compliance culture. If your workers do not possess the code or have access to it on an intranet, for example, this will make it difficult for them to fully understand the compliance environment that you are trying to implement.  

Do you know how to contact the Compliance Officer or compliance team?

The chief compliance officer is the head of the compliance function and is in charge of the policies and procedures. Employees should have access to them in order to be able to address them or their team in the event of a problem and to escalate it immediately.  

Is there a compliance hotline or other reporting mechanism and do you know how to access it?

Having a compliance hotline as part of your internal whistleblowing system is one of the ways in which your organisation can nurture ease of communication regarding these matters. Having a hotline and informing staff on how to use it means that they can effectively report breaches. 

Who fields the follow-ups on concerns raised through the helpline?

Employees should understand the compliance process through which you deal with problems. Also, understanding what happens after making a report is important, as it enables whistleblowers to feel more confident when raising issues. 

Is compliance difficult, time-consuming or stressful? If so, what is the reason?

If there are barriers to remaining compliant, the chances are that there will be lapses. You should ask this question to understand what is preventing good compliance practice and to decide how you can rectify the issues that your employees face.

 Is it clear to you that the organisation monitors and audits the offices and operations?

Monitoring and auditing your compliance systems helps to keep them relevant and effective. An internal audit helps you understand where the potential issues are in your ethical conduct. In the case of a compliance transgression, being able to show an external audit that you took all reasonable steps to prevent it from happening could help reduce a potential compliance penalty.  

Are you aware of the Compliance Officer ever visiting your department to conduct a review or look into a compliance matter?

Related to the above, visibility in the office from the CCO conducting compliance activities can be reassuring that they are taking compliance matters seriously.  

Does leadership actively support and understand compliance efforts?

Even if you adopt a ‘tone from within’ approach to compliance, it is still important for leadership to understand the risks associated with a lack of compliance. They should also actively support and promote the solutions implemented by the compliance function. 

Does management take action on reports? 

When employees can see the result of compliance reports in terms of solid action, this proves that the company takes compliance seriously. It also encourages staff to make reports because they know that the company will do something about it.  

Does the organisation’s culture support making ethical and compliant choices?

There are many ways in which organisations can create a culture that makes employees feel supported in making ethical and compliant choices. Rewarding compliance with bonuses and making it a necessity to gain a promotion are positive methods of enforcing the right behaviour. But you can also approach the issue from the other side — by creating penalties and punishments for non-compliance. For example, implementing a disciplinary procedure for people who retaliate against whistleblowers

How can we embed compliance into the roots of the organisation?

As the people who carry out the company’s compliance initiatives, your employees are best placed to tell you whether they feel like an organic element of company life or if they feel tacked on and at odds with the nature of the business. Your employees could provide helpful advice on how to align the business and its ethical stance more closely. 

 Are efforts to manage and mitigate compliance deficiencies and risks compromised by revenue interests?

Compliance costs money and diverts resources that might otherwise be utilised for increasing revenue. Although non-financial reporting of ESG and sustainability metrics is becoming increasingly important, some organisations might still be tempted to put profit before compliance. Your employees help alert you to risky practices that compromise your culture of compliance. This is why you should not let the cost of compliance water down the key ethics of the organisation.  

Is relevant information from various departments within the organisation shared with the compliance staff?

You need to be sure that not only are people picking up on compliance issues but that they are also passing them on to the appropriate parties.  

Is compliance tested by an independent and competent party?

Independence in the testing process provides integrity and prevents people close to the organisation from only seeing what they want to see, even if that is well-intentioned. 

How has the organisation supported the ethics and compliance programme through training and communication efforts?

Employees have to be well informed to be able to carry out their compliance duties to a high standard. This is why communication surrounding those policies, as well as training in how to carry them out effectively, is essential.  

Can you describe the process for assessing ethics and compliance risks within the organisation?

There should be an ongoing programme for compliance risk analysis within the organisation. This takes a deep dive into all of the different areas of the business and the various regulatory pressures on them. 

Has the organisation ever performed a cultural assessment?

As much as companies try to implement a compliance culture through a code of conduct and various systems and processes, they still need to check that their efforts are working. A cultural assessment shows where the business is and what needs to change to take it to the next level.  

Does a reporting process exist to keep the board informed on ethics and compliance issues as well as the actions taken to address those issues? 

The CCO’s job is made much easier if the board understands, backs and takes an interest in the compliance culture. There should be someone on that board with compliance experience who takes the lead in understanding the issues faced by the organisation and how it plans to overcome them.  

Is ethics and compliance a regular board agenda item?

Ethics and compliance is so important for the organisation that the board should receive regular updates and take a lead in tackling compliance and ethical concerns on a regular basis. 

Tips-to-Create-a-Strong-Compliance-Culture

Tips to create a strong compliance culture                         

Encourage discussion of compliance dilemmas

Rather than making compliance training a one-way street, drowning employees in a torrent of information, discuss compliance topics and give examples with which they can relate. By connecting work-based compliance issues with those a person might encounter in their personal life, they can understand more deeply the matters at stake.

Set clear accountability and practice routines

Not only do employees need to be held accountable for their actions regarding ethics and compliance, but the chain of command must be seen to be accountable, too. If an employee escalates a potential breach in the correct manner, the organisation must be seen to have also followed the correct procedure from there.  

Making these behaviours routine is what builds a strong culture of compliance in the company. Through their repetition, the organisation comes to run in a manner that is compliant as a matter of course.  

Use surveys to measure and shift the culture

Your move towards a compliance culture is a journey, not a static stance. That’s why you should measure your progress towards your goals by surveying the people who work within the organisation. Use their feedback from this ongoing monitoring to make the changes that will get you where you need to be more quickly. 

FAQs

What proactive steps can you take as a firm to identify the conduct risks inherent within your business?

Looking beyond the obvious risks is a big step towards identifying the conduct risks specific to your business. You may concentrate on those risks that bring penalties, and they should be tackled. However, there are less clear risks that are constantly shifting in the background. Assessing behaviours as a spectrum and working out the tipping point when they move over into becoming unreasonable is essential. 

How can we encourage employees to feel and be responsible for managing the conduct of the business?

The manner in which compliance is discussed within the organisation can affect how employees act towards it. Where good conduct in all dealings is clearly celebrated and rewarded, staff feel their management of conduct is recognised and appreciated. In a company where complaints remain unheard and people are punished for ‘causing issues’, they will feel less inclined to take responsibility due to this poor culture.  

How can the board oversee the conduct of business within the organisation?

Making sure there is at least one director with experience in compliance goes a long way towards helping the board become an effective body in overseeing conduct. Senior executives must discuss it regularly and be updated with the relevant metrics to see exactly where the company is in terms of compliance.  

ComplyLog-Provides-Compliance-Solutions-Monitor

Conclusion

Compliance is not something that you do to tick a box and keep regulators happy. It is something that must become endemic in the organisation from top to bottom. Those who pay lip service to conduct and compliance leave themselves open to the kinds of risks that might not be set in stone, but which can grow as people become complacent. 

We hope the above compliance culture questions will be a good basis for creating a survey that will tell you how far you have come and what you need to do in the future to make your culture of ethics more robust. 

ComplyLog provides compliance solutions that help you automate administrative processes and ensure you stay on the right side of the legislation. Learn more here and request a demo of our services.  

 

References and Further Reading

Popular posts

Insider list management

Market Abuse Regulation (MAR) Explained

Insider list management

The 7 Behaviours That Qualify As Market Abuse – Part 1

Whistleblowing

4 Interesting Examples Of Whistleblowing In The Workplace

Whistleblowing

How To Encourage Whistleblowing (And Why It’s Key For Compliance)

Insider list management

Market Abuse Penalties Under MAR + 5 Case Studies