Active vs. passive Compliance
I am very frustrated with people who overemphasize passive compliance activities –
things such as writing policies, education, risk assessments, and codes of conduct. Some are consumed by writing, analyzing, and talking. Active compliance involves investigation, auditing, monitoring, follow up on complaints, and discipline. Active compliance activities FIND AND FIX PROBLEMS. Passive compliance activities hope to find and fix problems.
When I was at the , we wrote policies and conducted some training but we emphasized active compliance activities. A colleague of mine, who started about the same time, spent 90% of his first two years writing. I spent 90% of my first two years investigating, auditing, monitoring, and enforcing. We had two major investigations that involved important people from high places. It wasn’t easy, but we got the problems fixed, and we sent a message that no training, policy writing, risk assessment or updated code of conduct could have ever sent. We, in effect, accomplished much more than just fixing two major issues. We proved that the compliance/ethics function had value. I am not saying that all the talking and writing don’t have a purpose. I think active compliance activities can accomplish many of the same outcomes while finding and fixing problems.
We are all wired differently. Some are wired to avoid pain. Some would rather do a risk assessment, update the code of conduct, and talk about ethics than to investigate and possibly irritate people. Personally, I hate conflict. I try like crazy to avoid conflict. However, I am so against letting problems rot that I can’t keep from facing them. So when I see compliance and ethics professionals who are passively – rather than actively – trying to find and fix problems, I get frustrated.
We are not cheerleaders. We are here to do what those who came before us couldn’t do. Our job exists only because those before us were passive. Nobody wanted to step up. If passivity wins out, our profession will cease to be pertinent. If you think it’s hard to get resources now, cut down on the active parts of compliance and you will see more cuts. There is no reason for our profession to exist if we just repeat the efforts of those who came before us.
I see greater and greater emphasis on risk assessments, ethics, and now some are talking about social responsibility. I am absolutely dumbfounded that some would think that social responsibility has any place in the compliance and ethics department. We are here to prevent fraud and abuse. We are here to prevent the next investigation and settlement by the government. We have limited time and resources. We don’t have time for anything else. If you want to prevent the next settlement by the government, you have to use active compliance tools. The government does not update the code, do training, or conduct risk assessments to find and fix problems. How do we expect to compete with them by using passive tools when they are using active tools? Those emphasizing the passive tools are taking a knife to a gun fight. Most importantly, those who are passively fighting fraud and abuse are hurting our profession. It is hard enough to justify the expense now. It’s going to be harder to justify the expense of compliance and ethics programs if we don’t do what we were hired to do – find and fix problems.