On this page:
- What this means
- Why it matters
- How you can build a culture of compliance
- Tips for building a strong culture of compliance with management support
What this means
Culture of compliance
Most businesses really want to comply with the law and do the right thing. The best way to achieve compliance is by making it a part of your organization’s culture. Culture refers to the core values that define your organization. Having a strong culture of compliance means having an environment where everyone can say and do the right thing and this commitment is aligned with the goals and vision of the business.
Senior management leads the way when fostering a culture of compliance in your organization. However, it depends on the contribution of every employee working at all levels. You should also encourage your service providers and other third parties working with your organization to develop a culture of compliance. Everyone must actively participate in creating a culture of compliance.
“Tone from the top” is an essential part of a culture of compliance. Your organization’s leaders should be clear, vocal and visible in promoting compliance. Senior management should foster an open culture where compliance is part of an ongoing conversation. However, it takes more than mere words; they should lead by example. Leaders’ actions and decisions should demonstrate that breaking the law is unacceptable. This empowers your employees at all levels to keep compliance in mind in their everyday work. Having buy-in at all levels is a key part of a strong culture of compliance.
Your compliance program needs to be credible and effective to truly help you.
To be credible, your program must at a minimum show your business’ genuine commitment to obeying the law and competing fairly.
To be effective, your program must inform all your people, and those acting for your organization, that compliance is important. It must inform them of their legal duties and your internal compliance measures. It should also give you the tools to prevent and detect misconduct.
Your program should be reasonably designed, implemented and enforced in the circumstances. This means that it addresses your organization’s risks within your resources and in light of your business activities.
Why it matters
Your organization’s culture of compliance with management support impact all aspects of your compliance program.
Creating a culture of compliance enables management and employees at all levels to confidently do the right thing. It empowers them to speak up if they notice any non-compliance or risky behaviour. A strong culture of compliance will enhance the reputation of your organization among present and potential customers. It will also help you in recruiting and retaining the best talent.
You can undermine your business’s credibility if you say you have a compliance program but fail to act on it. Besides poisoning your culture, this will reduce the benefits that compliance measures may bring to your organization. Compliance programs can easily fail without effective implementation and management commitment.
Recent research coordinated by the Organisation for Economic Co-operation and Development has studied the role of gender in competition. Some of the studies show that conspiracies are more likely to form in homogenous groups. They also show that traditionally male-dominated industries could be more prone to conspiracies than industries with a more diverse set of managers.
You can strengthen your organization’s compliance culture by taking steps to improve diversity and inclusion throughout your organization. These actions may include keeping diversity in mind when:
- recruiting your compliance officer
- appointing board members and senior management
- recruiting and promoting employees at all levels of your organization
While the Competition Bureau’s focus is on competition, deceptive marketing and labelling issues, these actions may help you to do the right thing in all areas of the law.
Organizations of all sizes should foster a culture of compliance. Some small businesses might not have a board of directors and a separate management team. The principles mentioned here still apply to the owners of the organization and its senior leaders
You don’t need to recruit a separate person as a compliance officer. Any person with authority and seniority in the organization can perform the role if they are aware of your business’ legal risks and know the compliance management steps needed to mitigate the risks. Senior management’s support for the compliance program is crucial for its success.
For large or small companies, commitment is what makes the difference.
How you can build a culture of compliance
Culture of compliance
To foster a culture of compliance, all members of an organization must be involved.
The board of directors should adopt a culture of compliance. Senior management and compliance officer should implement this culture. Once such culture is established at the top, it will provide a conducive environment where employees will be encouraged to adopt the culture.
To build and promote a culture of compliance, your organization needs the support of:
1. An engaged and committed board of directors or highest governing authority
- The board, either as a whole or through a committee , should set the mandate for a compliance program and appoint the business’s compliance officer
- Only the board should be allowed to remove or replace the compliance officer through strong, clearly defined terms
- The board should receive direct, uncensored reports from the compliance officer and from senior management at least quarterly
- The board should provide all necessary funds, staff and infrastructure to ensure that the compliance officer is able to fully implement the compliance program
2. A visibly committed management team at all levels
- Management should continuously learn about competition and marketing risks and help to build programs that encourage compliance
- Strong management should lead by example and show through their actions and active participation that abiding by competition law is important
- By demonstrating its strong commitment to compliance, management conveys the message that it is never acceptable for anyone in your organization to break the law
- When management doesn’t do these things, employees could get the message that compliance isn’t important and could increase the chances of risky behaviour
3. A strong and effective compliance officer
- Assign responsibility for your compliance program to a high-level executive
- The compliance officer should have:
- a senior, board-appointed management position
- high visibility and a title that reflects the position, such as “compliance officer”
- sufficient seniority, authority, credibility and independence to create and enforce a compliance program across the business
- financial and human resources that fit your business’ size, industry and risk profile
- the opportunity to participate in senior management decision-making
- a role in discussions on performance evaluation and promotion of employees
- knowledge of what is taking place within the business and the industry
- the ability to properly assess the potential risks of non-compliance
- unrestricted access to the business’s data, subject to applicable privacy laws
Tips for building a strong culture of compliance with management support
A yin-yang diagrammatic representation of tips to help your organization build a strong culture of compliance and of management support.
To build a culture of compliance:
- Involve the whole organization
- Make the compliance officer visible
- Protect employees from retaliation
- Practice diversity and inclusion
- Empower business units and field office
To build culture of management support:
- Practice what you preach
- Incentivize compliance leadership
- Choose the compliance officer wisely
- Maintain oversight at the highest level
- Communicate often
Culture of compliance
Involve the whole organization
Each employee at every level in the organization is accountable for participation in the compliance program. It should be clear that misconduct by anyone at any level in the organization will not be tolerated.
Make the compliance officer visible
Employees should know who this person is and how to get in touch with them.
Protect employees from retaliation
Institute strong protections for staff who report misconduct and cooperate in investigations.
Practice diversity and inclusion
Consider how to strengthen diversity and inclusion in your organization’s culture.
Empower business units and field offices
Except for very small companies, consider designating compliance liaisons or ethics ambassadors or champions in business units or field offices. These roles could be part-time, based on the resources and size of the business.
Practice what you preach
Management should promote your organization’s compliance program through its actions everyday, and uphold — and be seen to uphold — compliance. Leaders should also show through their actions that knowing the law is important and competition law risks are serious.
Incentivize compliance leadership
Management should actively participate in programs supporting compliance and create incentives promoting support of and leadership in the compliance program.
Choose the compliance officer wisely
The officer should be senior, respected, capable and dedicated. They should be able to rally staff support. They do not need to be a lawyer, but they should be able to get answers for any questions or concerns about compliance and the law.
Maintain oversight at the highest level
Only the board of directors should select and dismiss the compliance officer and approve the compliance program.
The compliance officer should provide frequent updates to management (monthly or as often as needed), and should report quarterly to the board.
The compliance officer should also inform the board of directors about disciplinary action for breaches of the compliance program and potentially illegal conduct. The Board should also be informed of any allegations regarding senior managers.
DISCLAIMER: Because every situation presents unique facts, the information set out herein is provided for general information only. This content is not a substitute for legal advice, nor is it a binding statement of the Commissioner of Competition’s position on the requirements or efficacy of any particular compliance program. Indeed, there is no one-size-fits-all approach when it comes to achieving credible and effective compliance.
The Competition Bureau launched a Compliance Portal to help you and your business stay on the right side of competition and labelling laws. It replaces the Corporate Compliance Programs Bulletin. We’re currently reviewing the feedback we received during the recent consultation on the form and substance of this portal. An update will follow later this year.