Blog Post

15 Tips on Creating, Maintaining, and Evidencing Compliance Culture

Richard P. Kusserow | December 2023

Creating a “Culture of Compliance” within an organization presents many challenges. However, this can be one of the organization’s most important strategic assets in terms of reputation and standing in the community. The following are tips and suggestions for building and maintaining a compliance culture within an organization.

  1. Tone from the Top” is the starting point for building a culture. This means at the board and senior executive levels. The DOJ Evaluation of Corporate Compliance Program Effectiveness states, “the effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top.” This requires more than just “lip service” and must be evidenced by their behavior and conduct. 
  2. Executive Leadership must evidence promoting and personally following a high standard of conduct for others to follow. The CEO and executive team must promote the tone to middle management and have them carry the message to their staff. The OIG also notes that the leadership’s commitment to compliance should extend to evidencing commitment to compliance in annual performance evaluations, bonuses, promotions, etc.
  3. Middle Management must be fully engaged in promoting a culture of compliance. It is one thing to understand the tone at the top but another to assess whether it is translated into action with middle management. The real driver of behavior among employees is what they see and hear from supervisors and managers to whom they report.
  4. Compliance Officers are critical for developing and maintaining an effective compliance culture. Regulatory authorities all stress the importance of having a senior executive for that role empowered with authority and responsibility for the compliance program. They also expect this person to report to the CEO with access to the board and be seen as someone who “sits at the leadership high table.” This is not only a key step in building a culture of compliance, but it has real practical benefits by ensuring compliance issues are discussed and addressed at the highest levels of the organization. 
  5. Everyone must get involved with compliance from their date of engagement. A significant part of the onboarding process should include training on the corporate values, Code of Conduct, compliance standards, and policies in all workplace activities. Employees need to be provided with a strong foundation of expectations in their conduct and behavior toward others in the workplace and those served by the organization.
  6. Substantive Compliance Education and Training are needed to address what compliance risks they are likely to face in their duties and why they must be vigilant about those risks. Training should be ongoing with regular policy review and employee assessment. Investing in an effective compliance program is not cheap, but it’s far less costly than the potential costs of noncompliance.
  7. Clear and Confidential Compliance Reporting Channels are essential, with everyone understanding their duty to report suspected and potential wrongdoing without fear of retaliation and that they can do so confidentially or anonymously. This creates an environment of increased risks for those who might consider engaging in wrongful activity.
  8. User-Friendly and Easily Accessible Compliance Guidance must be written at a level and in a manner easily understood by all, which is critical for promoting a culture of compliance and must be easily accessible by all. These documents include the Code of Conduct, policies, and other guidance telling employees what to do and what to avoid. It provides a framework from which to build the compliance culture.
  9. Integrate Compliance into all the functions and operations of the organization. Compliance must be built into audit, risk, and governance processes. All program managers must take responsibility for identifying compliance high risks related to their operational areas, provide guidance to their staff on compliance, and engage in ongoing monitoring to ensure that guidance is followed.
  10. Compliance Must be Made Real and not just having employees read and acknowledge their understanding of the Code and related policies. It must be made real in practice. It requires reinforcement in the workplace by supervisors and managers with appropriate enforcement actions when compliance expectations are violated.
  11. Embed Compliance, Integrity, and Values in all workplace activities. The Compliance Officer should work closely with HR to build compliance-related issues into orientation, ongoing compliance education and training programs, and those for supervisors and managers. Special events promoting compliance can reinforce the compliance culture, even if these are delivered remotely. Employee acceptance and engagement in compliance is a major factor in creating a culture of compliance. 
  12. Make Use of Technology in promoting a culture of compliance. It permits keeping in closer touch with employees through emails, webinars, training, webcasts, video conferencing, etc.  It also makes it possible for a more visible Compliance Officer.
  13. Employing Compliance Culture Surveys using a properly developed, validated, and independently administered survey anchored in a larger database of users can be an extremely valuable method for gauging and evidencing compliance culture, especially if results can be compared against other organizations using the same survey. A survey can provide insights into what’s happening in the workplace and what employees think that reveals opportunities for development and improvement. The OIG Compliance Program Guidance documents have long encouraged the use of surveys. A few years back, the HCCA-OIG Compliance Effectiveness Roundtable issued their “Measuring Compliance Program Effectiveness: A Resource Guide,” citing the use of surveys in evidencing compliance over 60 times. 
  14. Compliance Culture Ongoing Monitoring is important and requires gathering evidence relating to compliance behavior during business. Relevant data metrics include how complaints and allegations are being addressed, including feedback from HR on workplace behavior, turnover data, hotline reports, etc. 
  15. Incentivize Compliance by incorporating it into performance reviews, as noted in the OIG Compliance Program Guidance. If compliance is tied to compensation and promotions, employees are much more likely to learn, adhere to, and incorporate policies into everyday duties.

You can keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog