Background Image

Risk and Compliance

Preventing Bad Things from Happening to People and Organizations

Situation

  • Sexual harassment and assault, authority figures having sex with minors, abuse, defalcation, fraud, discrimination – outright racism, theft, bribery, safety and security breaches, violations of law, policies and procedures - it seems that at least one such incident makes the news every week. We have become inured to what has been infamous, but to the victims the implications are very real and may be horrifying. And for every incident in the news there are hundreds that never become public knowledge. All of them share three common characteristics:
    • They were caused by an individual’s or individuals’ aberrant behavior. (Of the over 100 incidents that we studied closely; thorough background checks were conducted on all except one.)
    • The behavior undermined the organization’s performance, in some cases significantly.
    • Virtually all the harm to the victim(s) and the organization would have been avoided if the behavior had been promptly addressed.

The Law

  • What hasn’t been reported and is little known is that Sarbanes-Oxley directs the U.S. Sentencing Commission to ensure that the guidelines that apply to all organizations, including “corporations, partnerships, associations, joint-stock companies, unions, trusts, pension funds, unincorporated organizations, governments and political subdivisions thereof, and non-profit organizations”, are sufficient to deter and punish organizational criminal misconduct.
  • The associated and routinely revised Sentencing Guidelines are well-crafted, compelling and require all organizations to have an effective compliance and ethics program, including a system, to prevent and detect criminal conduct.
  • There are no legal penalties if a nonpublic entity does not have an effective compliance and ethics program. However just having an effective compliance and ethics program can protect a nonpublic entity or leader from prosecution or reduce a nonpublic entity’s or leader’s fine or sentence in the event of a prosecution. Regardless, there are increasingly civil implications associated with nonpublic entities or leaders not having an effective compliance and ethics program.
  • The American Bar Association notes that in addition to avoiding liability, programs to raise and address problems are a good business practice and regardless of governance or size, every organization should voluntarily implement them. “Should the benefits of compliance not be significant, avoiding liability should be.”
Research and Solution
  • TDI10 has been studying organization behavior for decades and evaluated and consulted on these types of incidents. In over 98% at least one other person knew of the behavior and in 93%, multiple people at least strongly suspected the aberrant behavior. In almost half of all incidents it was considered “common knowledge”.
  • Since the Penn State child sex abuse became public knowledge TDI10 has been conducting seminal and extensive research on why people do not report serious issues and what it would take for them to do so, to optimize reporting.
  • Based on the research, applications were developed, tested and refined to increase serious issue notifications. Although there is a lot more to the applications, they enable people to communicate when they want, how they want and what they want. And responding to continual input from populations that may have critical information to report will set an ever-higher standard for effectiveness. Organizations provided input regarding functionality including dashboards and reports.
  • Recent research documents that all surveyed populations are far more likely to report serious issues using TDI10 applications than they would with current designated procedures.
  • There is already anecdotal data that TDI10 applications have the prophylactic effect that psychologists and law enforcement predicted.
  • Publicity about the research led to a group of mothers assuming the role of advisors and asking – demanding a means to know if schools and youth programs had an effective compliance and ethics program and notification system to protect their children. (Interestingly, a CEO asked the exact same question about protecting her company in our book, Outsourcing: The Definitive View, Applications, and Implications.)
  • The mothers ultimately proposed and designed Shields which are now incorporated into all applications.
Conclusions
  • Although the benefits of compliance are significant, only about 4% of nonpublic entities have an effective compliance and ethics program.
  • Until recently nonprofits and small organizations largely ignored the most serious implications of these incidents, but that’s changing. The National Federation of Independent Business, for example, is offering programs on sexual harassment; 60% of their members have between one and five employees.
  • Organizations should ensure that their partners, suppliers, contractors and borrowers have at least an effective compliance and ethics program. (The lack of a program, for example, is responsible for over $60M in bank losses from a regional oil and HVAC provider.)
  • Rules aren't enough. Pennsylvania, for example, “mandates” educators report suspicions of abuse and neglect. U.S. Senator Casey has proposed a similar, nationalSPEAK Up Act yet while TDI10 was meeting with his staff about our research a Springfield Township Pennsylvania teacher was arrested for having sex with two middle school students. Many students, teachers and administrators knew of the increasingly inappropriate relationships months before the sex.
  • Predators and other criminals know that procedures, policies and even laws alone are unlikely to result in anyone reporting their illegal behavior.
  • Laws, policies, procedures and training, without a system people trust, are ineffective.
  • Effective notifications systems don’t just prevent and detect wrongful acts, they also provide a critical conduit for positive communication.
References
Timeline
  • March 1964, purported circumstances associated with the murder of Kitty Genovese are the origin of the bystander effect or Genovese syndrome.
  • 1968, first academic reference to bystander effect.
  • Sarbanes–Oxley Act of 2002.
  • October 2009, SuperFreakonomics published and notes there was no bystander effect associated with Kitty Genovese’s murder.
  • November 2011, Penn State child sex abuse scandal breaks.
  • 2012, TDI10 begins researching why serious issues are not reported.
  • 2013 - 2017, TDI10 begins researching what would optimize the reporting of serious issues.
  • 2014, Publish first edition, Comprehensive Analyses of Factors Associated with Communicating Serious Issues, Feedback and Suggestions, Why Serious Issues Go Unreported and How Leaders Can Protect Their People and Organizations from Devastating Consequences.
  • 2016, U.S. Sentencing Commission Guidelines Sentencing of Organization Chapter updated.
  • 2016 - 2018, TDI10 applications developed and tested.
  • 2019, TDI10 starts to rollout and refine applications.
  • 2021, TDI10 will partner with academics to take the research to another level and present a whitepaper to the U.S. Sentencing Commission and the Security and Exchange Commission.