Once upon a time, I was a young and naïve compliance attorney with the hope that through my intellect and winning personality, I could get everyone to want to comply with company and legal standards. After years in the industry however, I’m a lot more practical now and realistic. But that doesn’t mean I don’t strive for the best compliance percentages, it just means that I’ve had to work hard to encourage and achieve compliance. I had to decide what is an acceptable threshold for compliance – the 80-20 Rule, 100% compliance or strict compliance. Here’s what I came up with:
- 80-20 Rule
In my article, What to Do if Corporate Leadership Doesn’t Comply . . . Lessons Learned, I discussed a work encounter where I was told the best expectation for company compliance is the 80-20 Rule. For those of you who don’t know about the 80-20 Rule, it’s a Principle promulgated by Vilfredo Pareto which essentially determined that 20% of our actions creates 80% of the desired results. So, focus on the most important 20% aspects of an issue and in most cases that 20% will result in 80% of a goal. Interesting. When General Counsel told me to implement the 80-20 Rule, I thought it meant that compliance should strive for 80% compliance accepting that 20% would be non-compliant. I misunderstood. Now that I know, how can I apply the Pareto Principle, 80-20 Rule, to compliance achievement?
- 100% Compliance
I worked for a small contractor who brought me on board to do a risk assessment on contract performance. He claimed that he expected 100% compliance. When he told me that I was thrilled! Finally, a Sr. Exec who believes in the benefits of compliance! However, much to my dismay, I quickly realized he wanted 100% compliance without having to implement internal controls and processes. The experience did get me thinking – Can a company realistically achieve 100% compliance? Definitely not at this company, but what about others?
- Strict Compliance
When I realized the small contractor could not and would not achieve 100% compliance, I had to determine a new threshold for compliance success. What was achievable here at this company and what was acceptable? With support by one of the VPs, I came up with a new standard – Strict Compliance. I think I came up with the term – strict, from case law decided by the U.S. Supreme Court, wherein the Court decided that parties needed to abide by the “strict letter of the law.” Now, I can’t remember the case of course, but as a law student, that statement impressed me. So, I used it here. In another area strict compliance comes into play is in the finance world and letters of credit. When claiming payment under a letter of credit, the seller/exporter/beneficiary has to present documentation to the bank that strictly complies with the letter of credit requirements. A seller won’t be paid under the Strict Compliance standard unless his documents, on their face, strictly comply with the letter of credit.
So, how does this all apply to an achievable and reasonable compliance standard? Well, under the 80-20 Rule, I analyzed what actions could I take as a compliance professional to derive the most desired goals or results. I looked at what was the most important actions I needed to take (training, better communication, visibility) and found that 20% of those actions that I could implement would achieve 80% compliance. It worked. In terms of 100% compliance, I couldn’t find a company that advertises that it achieves 100% compliance, probably because in law, regulations can be moving targets. Regulations are subject to change, and unless a company has a strong compliance program, it could quickly be non-compliant if the changes aren’t known beforehand. A company can strive for 100% compliance however, by implementing the following: C-Suite encouraging and leading by example a culture of compliance; maintaining regular compliance trainings, that include the C-Suite; providing ample resources to support and improve the compliance program, and rewarding and recognizing employees who make business decisions that are consistent with a company’s compliance program. Under strict compliance, in order to be successful, a company would have to comply with the substantial and essential requirements of policies, procedures and the law, even if that excludes some of the company’s obligations.
In sum, I believe the compliance standard is reasonable and achievable by using all or one of these three standards. I believe that if a company can show that it established one of these thresholds, and is able to succinctly substantiate the efforts it takes to achieve that threshold, while proving its successes, regulators would be more amenable to accept that company’s intent and commitment to comply.