This past week, I accomplished two milestones – I had my 40th birthday and, on Saturday, I completed my first marathon.  When I decided to start training for the marathon in January I could only go about 5 miles.  At that point I genuinely had no idea if I’d be able to finish the race.  But complete it I did, and during the process, it occurred to me that being successful at long and difficult compliance projects requires similar tools to completing 26.2 miles.  Here are four lessons I learned training for the marathon that apply equally to successfully completing an arduous compliance task. 

1.      Find Out How Others Have Done It, and Plan Accordingly

How did I go from 5 miles to 26?  Easy – I asked my friend, who’d finished the same marathon I was going to participate in, how she had trained, then used the training plan she had found online and followed it religiously.  How do you finish major projects in compliance?  Easy - there are many resources out there to help you with your compliance program planning.  Blogs, books, networking groups, conferences, mentors… use them to help you to develop your plan. 

Let’s say you need to update your Code of Conduct.  It sounds like an easy process, but, nearly every time I’ve seen it done, it has taken the better part of a year.  If you have significant outside help, it’ll probably still take six months from kick-off call to publication.  Plan accordingly, after finding out from others how they did it. 

Another example of things that take longer than you think they should?  Purchasing and implementing e-learning.  By the time you’ve tried out several courses, negotiated the contract, updated the materials to be personalized to your company, and gotten through the data privacy and IT contracting… it’ll be at least four months. 

You can’t train for a marathon overnight.  Nor can you complete a Code of Conduct overhaul, implement e-learning training, or do a proper risk assessment in a week.  Find out how long it will take, and plan accordingly.

2.      Find a Support Person or Team

“WE HAVE A ZERO TOLERANCE POLICY.”  Do you?  Are you sure?  Really?  The words “zero tolerance” show up throughout the compliance world – in policies, on websites, and on posters in breakrooms.  Compliance officers tend to like the sound of them – “zero tolerance” means we’re serious.  But if we scratch the surface, those words are often dangerous.  Why?

1.     They’re Almost Certainly Untrue

“Zero” is defined by the dictionary as “the absence of a quantity or number.”  How many times have you had an infraction of a policy that didn’t lead to immediate disciplinary action?  If an employee strays a small amount over the hospitality limit or forgets to register a modest gift in the registry, are they hauled into HR and given a written warning?  If someone doesn’t declare a conflict of interest, are they thrown out on their ear?  If you write “zero tolerance, resulting in discipline up to and including termination,” then discipline should always be the outcome of any minor infraction.

Even if you’d like to be serious about zero tolerance, the Legal and HR team probably won’t let that happen.  Why?  Because companies are worried about being sued, and there is a tried-and-true method in America for creating a paper trail that allows someone to be fired in a way that is less likely to trigger a lawsuit, including escalating consequences and the implementation of an employee performance plan.  In Europe, employment contracts can make it difficult, and at times almost impossible, to fire an employee, especially for small policy violations. 

2.     Second Chances Exist …

A dollar here.  A twenty there.  A couple of doctored receipts for dinner at the office.  What’s the big deal?  We’re not talking about a first class ticket and a suite at the Olympics or purchasing a Ferrari.  We’re talking about take-away dinners.  Yeah, sure it’s in violation of the company’s policy, but nobody reads that carefully anyway.  And nobody gets punished for that kind of little indiscretion, right? 

Wrong.  If the recent news is anything to go by, companies are getting serious (and going public) with enforcement of their gifts and expense policies, no matter how small the violation. 

Most fraud and anti-bribery enforcement actions which involve gifts and hospitality include lavish elements.  Reports of managers stealing from the company to take luxury trips, buy themselves luxury gifts, or throw themselves lavish parties is the stuff of many articles and court cases.  But the trend in companies is turning toward the punishment of smaller indiscretions, and the compliance profession should celebrate this shift. 

Wells Fargo

Just last week the Wall Street Journal published an article detailing the firing of more than a dozen employees who violated the meal reimbursement policy.  At Wells Fargo, employees were allowed to buy dinners and charge them to the firm after 6:30 p.m. if they were working late.  Some employees ordered meals before that time, then altered receipts for dinners charged to the bank.  Employees ranging in seniority from analysts to managing directors were punished for violating policy.  The concern was brought to the attention of the bank by “concerned team members.”