Consider criticism: is it feedback necessary for improvement or the quickest way to shut down self-esteem? 
 
Last Friday night my email pinged on my phone. I opened it to see the most dreaded note of the year - the evaluation for my keynote at the Society of Corporate Compliance and Ethics was ready to view.  I knew that I was in good company, as nearly 100 speakers who also made presentations at the conference were simultaneously receiving notice that their evaluations were ready to read.  I opened the message attachment.  Within the PDF was feedback, praise, criticism, and the occasional inevitable smack-down from people who did not enjoy what I shared.
 
Focusing on the Negative
 
What is it about human nature that loves to focus on the negative?  I had 110 positive comments (my husband counted) and 22 negative ones.  I quickly read through the positive comments, not stopping to internalize or appreciate them.  I found the negatives, many of which stung.  One of the themes of my keynote was the message that compliance and ethics officers are part of a movement changing the world.  One person wrote...
“For me it was contrived and felt fake. I'm a realist and know in my 16 years in ethics and compliance that we can make a difference, but we are not changing the world.”  A couple of others accused me of being egotistical, shouting, and being self-promotional.  Ouch. 
 
Compliance officers are regularly asked to do the impossible in trying to please everyone.  How can we possibly find an online training course that will satisfy the desires of an employee population in 20 countries, or one with learners ranging in age from 19 to 69?  One of my clients put out an innovative course based on gamification where people get points for getting questions right and can compete against their co-workers.  Nearly everyone loved it, but my friend is still fixated on the three negative emails from people who hated it and felt it was “too simplistic” and “sent the wrong message about the importance of ethics and compliance.” 
 
Should We Ignore It?
 
Newscaster Megyn Kelly was quoted in Oprah magazine this month saying, “Reading negative remarks about yourself online is like breathing bus exhaust.  With each one you read, you let your detractors steal your mojo.  Life’s too short for that.”  Whether in anonymous internet forums or on evaluation forms, people feel great freedom to criticize when they don’t have to look the person in the face to deliver their appraisal.  Some people get a sense of power in tearing others down when they can hide behind their anonymity or the computer screen. 
 
Can It Be Useful?
 
It’s also useful to remember that criticism can be constructive and make you better.  Jack Canfield, the author of The Success Principles, encourages readers actively to solicit feedback.  When I read that I recoiled – why would I ever want to actively seek out criticism? 
Canfield makes the case compellingly that we can never grow as people or in our profession unless we are alerted to the areas in which we can improve.  He states that most people will be tentative in giving real feedback at first, expecting a defensive response to their honesty.  However, if you can overcome the natural instinct to defend yourself, and instead internalize the pieces of constructive criticism that are useful, people will begin to be confident in giving you feedback, which will help you to improve.  When I decided to actively seek out feedback and stop taking it personally, I allowed the responses to be a pathway to improvement and I grew in my abilities.
 
Internalizing the Positive
 
While evaluating negative criticism can be useful, never forget to spend time enjoying the positive feedback you receive. No one is universally liked, and no one approach will work for all people, so it’s only natural that some people will like the way you communicate or the training that you give, and other people will not.  By internalizing the positive statements that people make you can continue to do the things that are working.  This will make you more effective.
 
Criticism can help you to build up your skills or tear down your self-esteem – the choice of what to internalize and how to use it is up to you.
 

Now that the ISO 37001 Anti-Bribery Management Systems Standard has gone live, I thought I'd take some time to answer questions about how the Standard works, and how a company can get certification. Richard Bistrong and I talk it through for the FCPA Blog here.

When you’ve been in compliance for a few years, you begin to notice a trend.  Investment in compliance and ethics programs comes in waves, and it can be incredibly helpful to your sanity if you recognize that like many things, investment and interest in a compliance program is usually cyclical.  When you understand the cycle, you can understand where your organization is and anticipate what is to come.  The cycle has four stages:

 
Stage One: Low Investment
 
A company that has never had a compliance program or has entirely stopped investing in it begins here.  Usually there is no understanding that compliance is needed, or it is presented as an after-thought, frequently with the legal department handling compliance in its spare time. 
 
Stage Two: Crisis
 
Inevitably, because of non-investment and lack of attention, a crisis brews.  Suddenly management is shocked to learn that unethical conduct has occurred, or a major fraud or bribery allegation has surfaced.  Perhaps a third-party or partner has misbehaved, or a sanctions rule was violated because no one was paying attention to them. 
In Stage Two, organizations begin to invest heavily in compliance.  They throw money at consultants and law firms, desperately trying to combat all of the evils that are suddenly lurking around each corner.  There is fear of the unknown and heightened awareness.  The word “compliance” begins to be used at every high-level meeting, and the compliance program is invested in heavily as the organization gears up for the worst: self-disclosure to the authorities, reporting by a whistle-blower, shareholder derivative suits or the potential for reputational damage if the story leaks to the press.
 
Stage Three: Stability
 
In Stage Three, the organization understands the importance of compliance and ethics, but the immediate crisis has waned.  The initial firestorm of investment has turned into a stable budget where the compliance leaders are able to do their job properly.  Requests for additional funds are thought through intelligently, with proper consideration. 
 
Stage Three is the nicest time to be in a compliance department. 
 
Stage Four: Forgetting
 
In Stage Four, management begins to forget that they had a compliance and ethics crisis.  Perhaps the management has changed since Stage Two.  Perhaps employees have compliance fatigue such that if they have to take one more training, they will throw the computer out the window.  Perhaps even the people in the compliance department are sick of hearing about compliance!
 
Stage Four is dangerous, because the people who have forgotten why compliance is critical begin to de-invest.  First they don’t want to pay for new training, then the travel budget dries up, and lastly, the invitations to high-level meetings disappear.  Management begins to talk of other priorities, and the momentum is lost.  Compliance begins to compete with human resource programs, charitable activities and innumerable other initiatives.
 
The Cycle Begins Again
 
Once Stage Four’s forgetting begins, Stage One reappears, with low investment in compliance and ethics.  Inevitably, a problem occurs, which reignites Stage Two, and the re-investment in compliance and ethics. 
 
If we know this is the traditional cycle, why aren’t corporations better at managing it?  Why isn’t investment in compliance and ethics a consistent, year-in-and-out priority which protects the company and saves money by investing in a compliant and ethical values-based culture?  The answer is easy: people forget, and short-term thinking rules the day. 
 
The good news is that when you understand the cycle, you can see where you are within it and know that it will inevitably run its course again.  Don’t be discouraged if you’re in Stage One or Four, and don’t be too overwhelmed in Stage Two.  Likewise, if you find yourself in Stage Three, understand that Stage Four will come… but likewise, so will reinvestment and the remembering of why compliance and ethics are critical for every business.  Riding the compliance wave can be difficult, but it can also be the ride of your life.

The fantastic folks at The Broadcat partnered with my company Spark Compliance Consulting in order to combat modern slavery.  I presented on the topic with the marvelous Sarah Powell at the Society of Corporate Compliance and Ethics' 2016 Compliance and Ethics Institute in Chicago.  We discussed best practices for compliance to stop modern slavery and how to spot red flags.

The Broadcat created this infographic, which explains in easy steps how compliance can help combat modern slavery.  You can see extended information on this this topic here.  Feel free to download the infographic and use it in your own program!

I'm thrilled to post this interview I did with Richard Bistrong while I was in New York a couple of weeks ago.  In it I talk about my journey from a career in film and TV to compliance executive, then we talk about how compliance can use motivation, influence and persuasion to affect the business.  In this Q & A, we discuss:

• How compliance is there to help people succeed in their work.
• How to get compliance personnel on “team business” and those on the front-lines on “team compliance.”
• How to understand the difference between “named power” and “covert power,” and how covert power sources can help compliance to get the message to the field.
• How to engage field personnel to embrace that being on “team compliance” is cool!
• How to look at “desk artifacts” and to hear “what’s happening at the water cooler” as the basis for understanding people and to become a trusted source of support.
• How to use the power of vulnerability.
• I believe ultimate goal for a compliance officer is to be more than a friendly policeman.  We're here to get those in the busines to understand that compliance is “in this with you.”

This past Tuesday I was honored to present the closing keynote at the 2016 Society of Corporate Compliance and Ethics conference in Chicago.  My topics was How to Be a Wildly Effective Compliance Officer, and it was a truly exciting to present before an audience of 1700 of my marvellous compliance peers. 

I was deeply touched by the audience's social media response to the presentation, with Ben DiPietro, Risk and Compliance Editor at the Wall Street Journal tweeting, "The one and only @KristyGrantHart was dynamic today giving the keynote at #SCCEcei" and, "You crushed it up there! A great and inspiring positive message about compliance to people who needed it!."  Thought-leader Tom Fox adding, "If you aren't psyched about compliance after that, you won't be!" 

Thank you to everyone who had me sign their special edition book provided by Convercent, and even bigger thank you to those who brought your own book from home!  The conference was a huge success, and I was so lucky to be a part of it. 

Considering the ever-higher fines for getting it wrong, why wouldn’t you certify your anti-bribery program? Sure, certification is not an absolute guarantee that a bribe won’t occur at your company. Nothing is foolproof after all, but the enormous benefits of certification outweighs any concerns people may have.
In the middle of October, the new ISO 37001 Anti-Bribery Management System standard will be published and available for certification.

The ISO 37001 standard was created by delegates from all over the globe, including the world’s best and brightest anti-bribery thought-leaders, scholars and business leaders. This produced a truly international standard that matches the expectations of U.S., UK, German, Canadian and other prosecutorial authorities throughout the world. 

Knowing your program lives up to the expectations of global regulators is invaluable.
So why wouldn’t you certify your program? Some people say…
Obtaining ISO 37001 certification won’t protect my company against prosecution.
That’s true on the surface. You won’t be able to waive your ISO 37001 certificate at the DOJ as a magical get-out-of-jail-free card. However, in the process of certification, you’ll be required to have done the types of things that naturally lead to mitigation. These include:

• Performing a proper risk assessment and implementing or validating controls to mitigate those risks
• Ensuring that training has been provided to at-risk individuals
• Getting your documentation in order with respect to policies and procedures
• Creating and maintaining a proportionate due diligence process on your high-risk third-parties, and
• Obtaining proper tone from the top and management support for the program.
• While certification won’t automatically get you a declination from regulators, you are much more less likely to have a corruption issue to begin with when you’ve got your compliance program established and embedded enough to obtain ISO 37001 certification.

ISO 37001 certification is a check-the-box review, so companies will only raise to the lowest common denominator required to obtain certification. 
Certification requires companies to meet a relatively high standard that defies the check-the-box mentality. But let’s say for argument’s sake that this objection is true. Wouldn’t we all still be far better off than where we are now in many companies, particularly outside of the U.S. and Europe? 
When you look at the due diligence questionnaires of your intermediaries, agents and suppliers, how many of them check “yes” when asked if they have a compliance and ethics program, anti-bribery policy or anti-corruption training? Hmm, thought so.
The truth is, compliance and ethics programs are still in their infancy throughout much of the world, if they exist at all. The more that we in the compliance community can establish and enforce a minimum standard, the more easily new compliance officers can understand the requirements of a “good” compliance program which will help to rid the world of the scourge of corruption. The ISO standard provides a truly global benchmark for companies world-wide to live up to.
If your company wants to go above and beyond the requirements of the ISO standard, by all means do!  No one will stop you from doing more. But that doesn’t mean that there is no value in having a global standard to which companies can comply and certify.
But who will certify the certifiers? Is it going to be too easy or too hard to pass?
My company, Spark Compliance Consulting, is going to offer ISO 37001 certification as soon as the final version is published. 
We’ve spent months working with the draft standard and ISO 17021-1 to ensure we can truly test the company’s program against the ISO 37001 standard based on the organization's size, structure, operations, level of risk and whether the organization has taken steps that are reasonable to address the nature and extent of bribery risk.
*     *     *
Why wouldn’t you certify your anti-bribery program? At the very minimum certification provides confirmation that you’ve done what you need to do in order to provide a strong baseline of documentation, training, messaging and procedures which will help protect your organization from unethical behaviour and prosecution.

Reduced likelihood of prosecution, with increased security and peace of mind? Those come standard with certification.

This post originally appeared on Sept. 20, 2016 on www.FCPABlog.com