Transparency is considered an effective means of preventing compliance problems. This is now being promoted by digitalization and a corresponding culture in many companies - but the reality is different: Compliance problems still occur. Where the causes lie and how compliance violations can be prevented through an agile organizational approach, explains Prof. Dr. Stefan Vieweg, Head of the Institute for Compliance and Corporate Governance at the RTFH Cologne and author of the article "Agile Management as a Pioneer of Lived Compliance and Better Corporate Governance" in the anthology "Mastering transformation projects with the Enterprise Transformation Cycle" in an interview.
Compliance problems despite digital transparency
Beate Greisel: In your article in the second ETC volume, one of your focal points is compliance. If you look at the media coverage, big data, smart analysis software etc. only seem to lead to the desired all-encompassing transparency in exceptional cases. What is your assessment?
Stefan Vieweg: Yes exactly, unfortunately, with increasing digital transparency there is by no means a decrease in compliance incidents, but rather it can be seen that even "smart" people are engaging in unfair transactions where it is foreseeable that this will lead to problems.
But first a brief clarification of the term: compliance can be understood as adherence to rules - well, these rules are initially the laws, but of course in organizations it goes beyond that: for example, companies or public administration institutions have a clear normative orientation, which is reflected in the "dos" and "don'ts", such as the tried and tested four-eyes principle or the principle that decision-makers and beneficiaries should not be in personal union if possible, because this would not provide any control. Unfortunately, the list of prominent compliance incidents in this country is also very long - even in the recent past. It is by no means just the big Siemens bribery scandal in the early 2000s, or VW Dieselgate in 2015, but also the public sector, be it the excessive consultancy contractsthat the Federal Ministry of Defense had concluded (which was also a similar problem at Deutsche Bahn, by the way), or insider trading by the CEO of Deutsche Börse, who was dismissed in 2017, or the Union mask affair in 2021, or - big time - the Wirecard debacle in 2020 and the BAFIN supervisors involved in insider trading.
The list goes on and on! These - in a negative sense - lighthouse incidents illustrate that things become difficult precisely when people are at work and it is all about their own advantage, combined with a lax control system.
BG: How can such incidents be prevented in the first place?
SV: The organizations themselves must be made aware of potential compliance problems, they need suitable management and process structures that nip compliance problems in the bud at an early stage, before even the slightest punishable or reputation-damaging incident occurs.
Compliance: diagnosing assessment standards and weaknesses
BG: Is it more likely in large corporations or certain industries that compliance violations will occur or that suspicions will arise?
SV: The assumption we made in my Institute for Compliance and Corporate Governance The hypothesis that was formulated when the Compliance on Board Index (CoBI) was first compiled was exactly the opposite: large corporations are inherently better equipped, especially in the area of support functions - and in practice today, this (unfortunately) very often includes compliance. This means that with a comprehensive apparatus that can clearly define and implement structures and where there is a clear system of sanctions and rewards, it will - so the assumption - be easier to implement a good compliance standard.
For companies with a critical size of more than 150 employees - i.e. when not everyone can really know everyone else - with less pronounced structures, compliance is not the focus.
There are, of course, considerable differences from sector to sector. The highly regulated sectors such as financial services, healthcare and food are particularly noteworthy, but it certainly doesn't stop there. However, other industries will also be increasingly affected by compliance issues: I refer to the current "ESG fashion trend" (Environmental Social Governance, often also called Corporate Social Responsibility (CSR)) - i.e. reporting for sustainable corporate governance, which means further significant requirements for many companies and entails higher costs or investments with the CO2 levies and corresponding retrofits. Please don't get me wrong: I am definitely in favor of sustainable corporate governance in the digital age, but the current "mushrooming" of all kinds of initiatives and one-sided sponsors behind them harbors the great danger of unnecessary cost build-up and - even worse - greenwashing, which is pretty much the last thing we need in the face of climate change.
But back to the CoBI we were essentially able to confirm this hypothesis: I have divided the degree of compliance implementation into two different dimensions here:
- Structuring
- Operationalization
The degree of structuring is about whether - theoretically - the elements in the organizational and operational structure are in place to implement compliance sustainably in an organization
The degree of operationalization shows whether these structures are actually used. Overall, the publicly available studies of DAX and MDAX companies showed precisely the above-mentioned effect.
BG: What is "good compliance", how can it be measured and what elements can be used to observe it?
SV: As illustrated by the example of the CoBI, there is a proven methodology for measuring actual compliance in organizations. This approach is also used by companies in consulting to diagnose specific weaknesses and then introduce pragmatic improvements at targeted points in what is known as redesign. The good thing about this is that it typically does not require large and cost-intensive IT projects to implement concrete improvements in the organization.
Personal responsibility and error culture reduce compliance problems
BG: What does the actual implementation look like? If the corporate structure suggests a good compliance culture, can it be assumed that this will also be implemented and lived in everyday working life?
SV: Unfortunately, in my experience, there is no automatism there. Of course, minimal structural requirements are necessary, but by no means sufficient to achieve the intended result.
As it is always about people, processes are needed that "pick up" everyone involved in an organization. Even if for completely different - market-driven - reasons, many organizations have recently realigned themselves and often work in "agile" mode. Self-determined, motivated employees who can take responsibility in a transparent and appreciative environment not only create better and faster results for customers, but also enable potential problems to be identified at an early stage. A culture of error then results in significantly fewer compliance problems. However, here too, it is important that an agile approach is not only attempted "in name only" or dogmatically within the organization, but that the HOW is decisive.
In my coaching sessions, I have had the best experiences with the "SAFe® - scaled agile framework" methodology, which is by far the market leader, as it holistically and continuously aligns the organization towards a common, desirable goal and the agile teams actually take responsibility, live transparency and effectively carry out (self-)control.
Fortunately, this is not only true in the private sector, but increasingly also in public administration, which is now also asking for SAFe® in my training and coaching sessions due to corona (just think of frequent changes to regulations, approval of corona aid, corona app, digital vaccination card, etc. - a mountain of new requirements that have to be implemented in the shortest possible time).
BG: To what extent can the Enterprise Transformation Cycle, or ETC for short, help to prevent compliance problems in a company?
SV: The ETC contains precisely the elements of a holistic organizational orientation that I have just outlined. In this respect, the systemic approach to organizational development that I prefer - e.g. for implementing SAFe® in organizations - is also "fully compatible" with the ETC.
BG: Let's assume that any company does not see compliance as a top priority. Why is this usually the case, and what motivation can companies use to change this - ideally without 'media hype'?
SV: The collateral damage of compliance violations is enormous. It is not primarily just the payment of damages (as in Germany) and any additional penalties (particularly in the USA) that can have a massive negative impact on a company, but the reputational damage that can sometimes affect an entire industry (see the automotive industry, for example).
But the fact is that compliance tends to have a negative connotation in Germany and, at best, a "Chief Compliance Officer" is appointed as a member of the Board of Directors, and this person is then supposed to sort it out (without any significant powers or even a budget, of course).
But that helps little or nothing. What companies need in order to prevent compliance problems are leaders who can shape a corporate culture beyond their own time in office. They set an example of what the company stands for (which comes across so light-heartedly and brightly colored on the websites) and, when the going gets tough, they also draw boundaries in competition and make certain deals just notbecause they could have a "flavor". To achieve this, the management of an organization should be able to rely on its employees - which ultimately leads to decentralized decisions - exactly what we can achieve directly with SAFe® , for example, when implemented correctly.
BG: In your experience, what are the biggest obstacles to anchoring a transparent compliance culture in a company in the long term?
SV: The biggest obstacle on the part of organizational management is, on the one hand, that there is no authentic normative corporate management. Although values are written in glossy brochures, they are not actively exemplified. The question is: What does the organization actually stand for and what makes it unique compared to other companies - despite the usually tough competition?
On the other hand, there is often a lack of trust in your own employees when it comes to operational issues. Don't get me wrong: even if you trust your employees and give them personal responsibility, that doesn't mean that everyone does what they want. Quite the opposite: major strategic guidelines are clearly communicated as a "starting point" for employees to implement these guidelines - preferably in agile mode - and to receive feedback on progress at short intervals.
BG: Dear Professor Dr. Vieweg, thank you very much for this interesting interview.
The interview with Prof. Dr. Vieweg was conducted by Beate Greisel for the TCI editorial team.
"Mastering transformation projects with the Enterprise Transformation Cycle" - published August 2020
The Transformation Consulting International has been supporting national and international transformation projects in companies for many years. Based on this extensive wealth of experience in practical implementation, the second volume entitled "Transformationsvorhaben mit dem Enterprise Transformation Cycle meistern: Projekte erfolgreich planen, durchführen und abschließen" (Mastering transformation projects with the Enterprise Transformation Cycle: successfully planning, implementing and completing projects) has been published by the renowned Springer-Verlag. As a continuation of the first volume, it takes into account further wishes and suggestions from readers and presents concrete transformation projects and situations in which TCI experts use the ETC in their daily work. This volume was edited by Mario A. Pfannstiel and Peter F.-J. Steinhoff and comprises a good 500 pages. It contains numerous theoretical and conceptual contributions as well as practical case studies on the "Enterprise Transformation Cycle".
Source cover image: © everythingpossible | Adobe Stock