Your Quick Guide To Managing Ethics & Compliance

Knowing what to choose is hard, especially when you have little (or no positive) experience. I see this frequently, including:

  1. Third-party management systems
  2. Due diligence
  3. Training platforms and content
  4. Case management systems
  5. Speak up and reporting tools
  6. Monitoring and detection (data analytics, etc.)
  7. Risk assessment systems

How might some of my startup mistakes help you avoid similar pitfalls?

Keeping Up With The Jokes

Not having a nice website is startup suicide, or so I thought. While a (hopefully) professional-looking shop front is sensible, I’ve realised it’s not always the best conduit for communication. For that, you need options reflecting our differing needs. You’ve heard how we all learn differently. I see it in the interaction and visitor data. Some of you relate to long-form content, others to imagery, and some to audio (visual) content.

For the visual folks, the image below might resonate as a metaphor for managing risk in your average organisation (with varying levels of awareness and competing agendas). Others might need a bit more explanation (text or an audio-visual walkthrough).

risk assessment and archers
Pulling in a similar fashion, just not in the same direction = risk management in most organisations.

For core content, like a Code (of conduct, business ethics, etc.), making it available across varied communication channels might help increase engagement. If that sounds like a lot of work, it is a bit. But still a lot less than people not reading the Code and getting into trouble. You might also use your multi-channelled Code as a stealth vehicle for other risk & compliance wins, including:

  1. Short (90-second to 3-minute) video snippets with senior leaders discussing ethical dilemmas they faced across the topics covered in the Code. These ethics moments humanise leaders, make them more relatable, and bring the topic some relevance.
  2. Introduce ethics ambassadors as you localise the code, giving people a go-to person for the inevitable questions (many prefer talking to humans rather than searching Sharepoints).
  3. Link processes to checklists, visuals, cheat sheets, flowcharts, and the rest, to help visual learners make sense of the text.

Don’t Call Us; We’ll Call You

People want to interact with you on their terms. Shocking, I know.

It took me four years to sensibly codify this approach into a Linktree.

Ethics Insight Linktree

Most of us like to test people out before trusting them. In risk & compliance, we’re essentially selling trust. “Let me help you … where do you face challenges … tell me your problems and secrets.” That’s hard to do via one medium. We must meet the readers, talkers, and listeners across their preferred communication channels.

We need to be patient. Initially, I wasn’t. I didn’t know what I didn’t know. In year one, we spent much more than we should have on cold outreach campaigns and LinkedIn advertising. It led to near-no work and probably annoyed many people. A lot of risk & compliance content seems to revolve around smashing into people’s email inboxes with alarmist statements. How effective is that? How many people get in touch with you after such campaigns? What is the click rate, how long to people spend reading, etc.? This data should be available, and it is usually revealing and instructive.

I’m not suggesting we don’t (sometimes) need to arrest attention. From my experience (for whatever that’s worth), allowing people to kick the tyres (read, hear, and watch my/our stuff) works better. They can take the days, weeks, or months needed to decide whether or not you’re someone they might trust.

Fractious Exchanges

Have you heard marketing people use the word “friction”? It’s helpful. The aim of good marketing is to relieve the pain (friction) of the prospective customer. This is why apps let you log in using Google, Apple, or Facebook, as they know it’s less painful than typing all your data again.

Friction seems to be a design feature in most third-party management, expenses, and other screening and reporting tools. I still don’t understand why. Simple software (like Typeform or ScoreApp – both of whom I’ve used for assessments) has logic (if Y, then C, if N, then B). That I still see large organisations asking their third-parties tens (hundreds, sometimes) of largely irrelevant questions is lunacy. Needless, thankless, and torturous extra work for both sides.

If you are one of the people who view vendorswith an element of superiority (they should be grateful to work for us), be careful. By making someone’s life harder than it needs to be, you erode goodwill. Goodwill often translates into the additional value you never asked for but benefits hugely.

Connection Matters

As Ethics Insight matured, I was advised that I needed a professionalised CRM (customer relationship management) system. We built content for “funnels” and alike. Essentially emails and marketing we’d hope people would find amusing but were created well in advance and designed to lead the person (who’d signed up, downloaded, or otherwise engaged) to buy.

It was a HUGE waste of time. Our work comes from referrals, people who read/see/hear content and like it, and speaking engagements at events. In four years, I can count on the fingers of one hand the engagements that stemmed from someone finding us online and coming in cold. I ditched the CRM and returned to things like this newsletter (and the email one). Here, people can engage. You tell me what you want to read or hear, and I love that (coming up with ideas is exhausting!).

Tech + Connection IS Possible

Moving from Singapore to the UK, we also changed accounting systems and associated support. A largely impersonal and automated system was replaced with a human who helps me with the systems. The added value they provide on everything from tax to travel has been revelatory. In risk & compliance terms, it’s like someone who helps me understand:

  1. How does my risk assessment data compare to industry or country averages?
  2. What do numbers and data (machine learning, blah blah) mean in my monitoring and analytics?
  3. Speak up data in comparative terms (volume, response rates, response times, issues, etc.).

The trick, my accountants, payroll, and finance support don’t speak to me every day or even week. They schedule regular check-ins with clear agendas and add value. The hours a year they spend save days answering my questions by email (or other automation).

Tech is great. Tech with teaching is best.

Questions For You

I’ll leave it there with the analogies and sum up with three questions:

1. Are we communicating across multiple channels (building trust and capacity)?

2. Can we reduce friction in our processes?

3. Would a bit more face time reduce a lot of waste time?

Need more?

Book a (free) strategy session, get new articles, and other content designed to be useful and fun.

Your Quick Guide To Managing Ethics & Compliance

Be the first to know

Subscribe to receive a weekly newsletter with trends, news, and hacks for all things risk. PLUS, behavioural science, investigations, human risk, and alternate perspectives.