Blog Post

Building Blocks for a Culture of Compliance

Richard P. Kusserow | October 2022

Register for a complimentary CEU credited webinar “Building Blocks for Effective Compliance Programs (,” November 10, 2022, at 2 PM Eastern. The Compliance Certification Board (CCB)® has approved this event for up to 1.2 Live CCB CEUs.

Building Blocks are activities, solutions, resources, & processes by which the Compliance Culture of an organization can be built, developed, and maintained.

A compliance culture should provide consistency, direction, & guidance  in decisions and actions.

Culture of compliance refers to an organization’s environment of remaining true to its mission, core values, practices, and commitment to complying with laws, regulations, standards, Code of Conduct, and policies. To be effective, everyone in the workplace must understand their part in ensuring that they are followed.

The DOJ Compliance Program Effectiveness Evaluation Guidelines focus attention on determining whether an organization can evidence a “culture of compliance.”  The challenge has been how to build, promote, and evidence this.  The following building blocks relate primarily to process and outputs, and the key is ensuring that together they achieve the desired outcome in practice.

A. Compliance Program Design. A DOJ Guidelines fundamental question, “Is the corporation’s compliance program well designed?”  The design needs to include:

  • Board Compliance Charters evidencing formal establishment of the Compliance Program and for providing its oversight and support.
  • Evidence of Active Board Compliance Oversight and Support with meeting minutes and in compliance briefings/training by the Compliance Officer. 
  • CEO Commitment that is evidenced by the Compliance Officer reporting directly; and in signing a cover letter to the Code of Conduct endorsing and supporting its principles.
  • Executive/Management Oversight Committee that is evidenced in providing support and oversight of the compliance program.
  • Compliance Officer Empowerment that is evidenced by charter, position description, and in operations that include having independent authority and resources to meet obligations.
  • Strong Compliance Officer being evidenced as a responsible member of senior executive leadership, including being listed as such on organization charts and in the interactions with board and executive oversight committees. 
  • Open Compliance Program Visibility that projects the Compliance Officer as being friendly, open, interested, and welcoming and has confidence to report and discuss sensitive compliance issues.
  • Middle Management Commitment is critical for carrying forward the message into daily practice. The DOJ asks: “What evidence is there of high-level commitment by middle management?”  Manager training should include emphasis to personally carrying the compliance message to their staff.

B. Compliance Messaging. Compliance culture building blocks involve steps in promoting a strong sense of shared compliance values that are clearly and consistently carried to all in the workplace.

  • Providing Clear/Understandable Guidance to commitment to applicable laws, regulations, standards, and compliance must be emphasized and be reinforced in the Code of Conduct and compliance policies.  DOJ Guidelines ask, “Have policies and procedures been implemented that incorporate the culture of compliance into its day-to-day operations?”
  • Communicating Values is much like a marketing campaign and needs to capture employee attention by employing different content, formats, and communication channels that remain fresh.
  • Compliance Message Consistency is included in operational directives and business imperatives that align with the messages from leadership related to ethics and compliance.
  • Making Compliance a Priority as  promoted by the Compliance Officer, CEO, and members of management at all levels and reinforced though a variety of channels. Every opportunity for delivering the message should be used, including meetings with managers and executives.
  • Engaging Employees from the Start with the message of compliance commitment at time of orientation and annually thereafter helps lay a strong foundation for what is expected of employees.
  • Compliance Education is a very important way to communicate values to individuals and to avoid losing employee attention. Education materials should be periodically updated.  Participants should be given the opportunity to seek clarification of lesson messages.
  • Multiple Compliance Communication Channels are needed by which employees would feel comfortable coming forward with legal, compliance, and ethics questions and concerns without fear of retaliation.  If people believe what they say matters, their level of trust in the organization increases. Today, it is common for organizations to use video-conferencing and interactive webinars to keep  compliance visible.
  • Special Compliance Activities, such as Compliance Week, is another way to reinforce the compliance message.  Any opportunity whereby live, audio, podcasts, and video activities that can spread compliance messages from executive leadership and the Compliance Officer is worthwhile.

C. Compliance in Practice. The third DOJ fundamental determination is whether the compliance program works in practice.

  • Accountability, whereby leadership holds themselves and those reporting to them equally accountable for complying with law, regulations, Code of Conduct, and policies.
  • Performance Evaluations as an element assessing employee performance is stressed by OIG Guidance..
  • Discipline Process must be viewed by employees as fair, appropriate, and consistently applied.  The DOJ asks, “Does the compliance function monitor disciplining to ensure consistency; and has there been appropriate discipline of employees, identified as responsible for the misconduct?”
  • Compliance Incentives importance is stressed by the DOJ  where they ask, “Has the company established incentives for compliance and disincentives for non-compliance?” It is useful to have evidence that the organization rewards and promotes people based, in part, on their adherence to ethical values. 

D. Evidencing Policy Effectiveness. After all the building blocks have been laid, the question is how outcome effectiveness can be evidenced.

  • Building Blocks Implementation is important and the more building blocks that can be evidenced, the stronger the evidence of an organization actively promoting and maintaining a “culture of compliance.”
  • Independent Compliance Program Evaluations by outside experts are viewed by the OIG and DOJ as the most credible means by which the culture of compliance can be evidenced.  
  • Credible Culture Surveys  are recognized by both the OIG and DOJ to evidence the compliance culture through feedback from employees on their perceptions and attitudes towards compliance. The DOJ Guidelines specifically ask: “Have surveys of employees been used to gauge the compliance culture (and how often)?”

Compliance FAQs at

Keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog