BASIC PRINCIPLES FOR AN ORGANIZATIONAL SET-UP OF AN INTEGRITY AND COMPLIANCE DEPARTMENT

The common approach of having an integrity and compliance department sidelined from actual organizational processes has a tendency to absorb the responsibility for adherence to integrity standards or laws without focusing on the real drivers of unethical behaviors. Instead, such a disintegrated approach often leads to large efforts and investments into formulaic awareness-training programs, certification processes, and monitoring mechanisms, which only increase bureaucracy without having any real effect on business conduct as such. This problem, linked with ongoing cost increases for compliance over the past decade41 with, at the same time, not much of an impact of these programs on the frequency or severance of misconduct in general, supports our call for a sounder integrated prevention-focused approach, instead of a purely control and mitigation-focused approach.

As pointed out earlier, the KPMG92 study identified that pressures to achieve short-term, purely profit-maximizing business objectives at any cost, in combination with flawed managerial reward structures that support these short-term goals and a lack of credible signals from management that ethical standards have to be taken seriously are the main reason for managerial misconduct. However, most organizations' compliance activities are rather static and have not addressed the dynamic changes in the business and social environment. These static approaches are often limited to communication: a (one time) establishment of standards, awareness training on the code of conduct, and post hoc investigations into suspected or actual cases of misconduct. In addition, the integration of the code of conduct and business conduct standards into actual incentive schemes is only institutionalized in less than one-third of all organizations.43

This indicates that a deeper recognition of the real drivers of behaviors and root causes of systemic ethical misconduct has not been widely adopted as part of the managerial mindset or the actual compliance framework in most organizations. One of the reasons for the lack of adoption might be that it is very difficult to demonstrate the business case for an integrity and compliance program because of a lack of tangible success stories. The difficulties in measuring the impact of those programs on profitability further complicate its general acceptance. This can result in cases where entire integrity and compliance programs are at risk of being eliminated when cost-cutting needs arise. We therefore argue that integrity and compliance management should become a set of support capabilities that drive firm performance dynamically. We specifically argue for a dynamic capability perspective when it comes to integrity and compliance management.

Recent scholarly works in the strategic management field44 have pointed to the importance of dynamic capabilities in the face of increasing environmental turbulence. Dynamic capabilities are strategic processes used to create new competencies and to mobilize resources effectively for the development of competitive advantage. Reconfiguring existing resources into new competencies is the core logic underlying the dynamic capabilities perspective. However, the value-creation notion that underlies the prevailing cognitive assessment of whether a resource or a dynamic capability is recognized as valuable in the sense of creating a sustained competitive advantage seems to make integrity management ineligible to be considered valuable. Often integrity and compliance activities are categorized as costs, hence, a value reducer instead of a critical capability that enables other resources and capabilities to create value in a sustained fashion. The net effect of integrity activities is often not explicitly accounted for.