This post is the second in a series of posts on effective Ethics & Compliance in the context of Turkish culture. In the first part, I looked at the motivation for this analysis, and the cultural profile of Turkey in the Hofstede 6D model.
In this second part, I will summarize the current requirements (stipulated by the U.S. Department of Justice) of what constitutes an “effective” Ethics & Compliance program and the central role of culture (national, an to a lesser degree, organizational) in this context. From this and the contents of part one, we will see that there are challenges and opportunities for effective compliance in Turkey resulting from Turkish culture.
In the subsequent parts, I will discuss for each of the 6 Hofstede cultural dimensions how it may affect effective compliance in Turkey. In a final synthesis, I will bring all dimensions together to discuss how the particular combination of the culture dimensions in Turkey impacts effective compliance.
The U.S. defines what “effective” Compliance is
“Compliance” basically means that laws, regulations and rules “are being followed”. It is not a process or program, but a state – the outcome of an effective compliance program.
The U.S. is de facto the global standard setter. It defines the criteria for what constitutes effective Ethics & Compliance in an organization – worldwide. With the FCPA (and the UK Bribery Act), the Anglo-american view of Ethics & Compliance is being globally applied and enforced as the measure of effectiveness. In April 2019, the U.S. Department of Justice (DOJ) has updated its Guidance Document on “Evaluation of Corporate Compliance Programs”.
So what is regarded as “effective”? Let’s take a look at the DOJ guidance. (This is an 18-page document that actually every compliance professional should have read herself. A brief summary can be found on the FCPA Blog, for instance.)
The guidance document is based on three fundamental questions:
1. Is the corporation’s compliance program well designed?
2. Is the program being implemented as designed and effectively? (a.k.a. operating effectiveness)
3. Does the corporation’s compliance program work in practice?
One level below these three fundamental questions, the following elements are considered in the evaluation of compliance program effectiveness:
1. Well-designed program
A. Risk Assessment (Risk Management Process, Risk-Tailored Resource Allocation, Updates and Revisions)
B. Policies & Procedures (Design, Comprehensiveness, Accessibility, Responsibility of Operational Integration, Gatekeepers)
C. Training and Communication (Risk-Based Training, Formt/Content/Effectiveness of Training, Communications about Misconduct, Availability of Guidance)
D. Confidential Reporting Structure and Investigation Process (Effectiveness of the Reporting Mechanism, Properly Scoped Investigations by Qualified Personnel, Investigation Response, Resources and Tracking of Results)
E. Third Party Management (Risk-Based and Integrated Processes, Appropriate Controls, Management of Relationships, Real Actions and Consequences)
F. M&A (Due Diligence Process, Integration in the M&A Process, Process Connecting Due Diligence to Implementation)
2. Effectively Implemented Program
A. Commitment by Senior and Middle Management (Conduct at the Top, Shared Commitment, Oversight)
B. Autonomy and Resources (Structure, Seniority and Stature, Experience and Qualification, Funding and Resources, Autonomy, Outsourced Compliance Functions)
C. Incentives and Disciplinary Measures (HR Process, Consistent Application, Incentive System)
3. Program working in practice
A. Continuous Improvement, Periodic Testing, and Review (Internal Audit, Control Testing, Evolving Updates, Culture of Compliance)
B. Investigation of Misconduct (Properly Scoped Investigation by Qualified Personnel, Response to Investigations)
C. Analysis and Remediation of Any Underlying Misconduct (Root Cause Analysis, Prior Weaknesses, Payment Systems, Vendor Management, Prior Indications, Remediation, Accountability)
The third of the fundamental questions is interesting as we know the first two criteria – design and operating effectiveness – quite well known latest since the good old SOX days. And there’s a good reason the third fundamental question has been added. Because the Guidance is all about if the Compliance program is more than a fig-lead or paper exercise but is working, having an impact on human behavior in practice. That’s effectiveness.
To illustrate the difference, let’s look at a typical so-called Company Level Control (CLC) that has been around since the good old times of SOX: Does the company have a code of conduct and is it communicated to all employees in a language they can understand? Design and operating effectiveness here mean having a document called Code of Conduct, translating it into local languages, giving it to all new employees and making it available on the intranet more or less prominently. Well, if that’s effectiveness, then we needn’t wonder about why “Diesel-gate”, Wells Fargo & Co. could happen.
You may notice that there is no question about how the Code is expressed, what its contents are and most importantly, if people have truly understood what it says and how it applies to their individual job responsibilities and daily (and also extraordinary) work situations; and even if they have understood what’s expected of them, if they did apply the Code of Conduct it in a real-life situation, if misconduct is prevented. And if the company is measuring this level of understanding,￼ competency to apply it and actual application and is making adjustments to the Code and its dissemination to improve it. That’s effectiveness (where the Code of Conduct is concerned). That’s what the third question is about. And it’s the most difficult of the three, the one point that you cannot take out of a consultant’s slide deck, apply one-size-fits-all across a multinational corporation and expect it to work everywhere. This is where multinationals have failed so far. Not only “abroad”, in the “wilderness” of countries considered “corrupt” by Transparency International’s Corruption Perception Index, but even in the U.S. and Europe, as we are seeing again and again.
This level of true effectiveness requires local approaches, tailored to local cultural values and country-specific behaviors. Because effective compliance means having an effect of human behavior in practice.
The importance of culture for effective compliance
The Guidance stresses the importance of ethical culture (or culture of compliance) for effective compliance programs. If I haven’t miscounted the word “culture” appears eight times throughout the 18 page document.
Well-designed Program, Policies & Procedures:
… assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.
Effectively Implemented Program
… criteria for an effective compliance program include “[t]he company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated”.
Commitment by Senior and Middle Management
… Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the top.
Program Working in Practice, Continuous Improvement, Periodic Testing and Review
… Some companies survey employees to gauge the compliance culture and evaluate the strength of controls, and/or conduct periodic audits to ensure that controls are functioning well, though the nature and frequency of evaluations may depend on the company’s size and complexity….
Culture of Compliance
How often and how does the company measure its culture of compliance? Does the company seek input from all levels of employees to determine whether they perceive senior and middle management’s commitment to compliance? What steps has the company taken in response to its measurement of the compliance culture?…
The last point is remarkable. It points out the importance of measuring ethical culture to determine its effectiveness in practice.
Cultural lenses and W.E.I.R.D. psychology
We don’t see the world as it is, we see it as we are.
– attributed to French-born novelist Anaïs Nin
Now we need to understand, that this U.S. view of effective compliance culture, is conceived from a U.S. cultural perspective. It perceives, understands and judges the world through the “cultural lens” of the U.S. and the the criteria and necessary actions for achieving a more effective Ethics & Compliance culture may appear to be quite clear:
- An ethical climate including a strong tone from the top and the middle; those at the top actually “walking the talk” with regards to values and ethics, employees perceiving organizational fairness and justice in applying ethical principles and rules; and a strong speak-up culture.
- Values and principles-based decison-making rather than a focus on rules and doing what is legally possible and can be justified.
- Individual empowerment and accountability.
- Ownership of compliance (and other risks) by the business.
But U.S. culture is not the norm in the world. Actually, U.S. culture is W.E.I.R.D. (acronym coined by Joe Henrich: “Western Educated Industrialized Rich Democratic”). And the question is, how to most effectively communicate and implement these elements in countries whose culture profiles differ fundamentally from the W.E.I.R.D. perspective of how the world works (or should work best) held by the U.S. and Europe.
A note on cultural relativism
At this point I want to make a point about cultural relativism to prevent that I am misunderstood. No (national) culture is “good” or “bad” and no other culture has the right to judge other cultures as being inferior (or superior), because there are no absolute criteria for judging other cultures; every individual trying to make such a judgment is perceiving the world (and hence other cultures) through her own cultural lens. However, self-criticism is possible, meaning that one can examine and judge one’s own culture.
Turkey and the U.S. in the Hofestede 6D-model
As we can see from the figure below, when comparing the abbreviated (using only 4 of the 6 dimensions) Hofstede culture profile for Turkey with the ones for the United States (or Canada, which has quite similar values), the two cutures are almost diametrically opposed to one another.
- Whereas the U.S. is the most individualistic society in the spectrum of the countries analyzed by Hofstede, Turkey is a collective society.
- Whereas the U.S. is a low Power Distance country, Turkey is high in this dimension.
- Whereas the U.S. is a clearly masculine society, Turkey’s culture is feminine.
- And whereas the U.S. culture has a low Uncertainty Avoidance, Turkey is among the countries with the highest scores worldwide.
- The two dimensions Long-Term Orientation and Indulgence are not shows because Turkey does not show a particular preference in these dimensions.
To illustrate my point, let’s take Power Distance – Turkey with a high score vs. a relatively low score in the U.S. In Turkey, we find a paternalistic leadership style with powerful leaders possessing privileges, setting and enforcing rules and demanding loyalty in return. In such a context, it is understood and expected by followers and by leaders alike
- that different standards and rules apply to employees at different power levels;
- that information is shared restrictively and selectively and not transparently;
- that it’s not appropriate or desirable if leaders’ decisions and actions are questioned or inappropriate conduct by more senior (higher power) employees is reported;
- that consequences are dependent on personal relationships and not on a fair and impartial application of clear rules;
- and that those speaking up may face serious retaliation unless someone else in a high power position protects them.
I don’t go into more detail here, because the individual dimensions of Turkish culture will be the subject of subsequent posts. But the paragraph above should be sufficient to illustrate that it’s absolutely questionable if – even if implemented according to available guidance on implementation coming largely from major U.S. accounting or advisory firms (like the Big Four; or Gartner, Thomson Reuters…) – the elements of ethical culture according to the W.E.I.R.D. paradigm will lead to an actually effective compliance culture in Turkey. Or in any other country significantly different in one or more culture dimensions – meaning actually most countries in the world.
Simply translating W.E.I.R.D. paradigm concepts and policies into local languages and providing more training is not the answer. What we need to do is analyze national culture and behavior of people with regards to rules, authority, control, responsibility etc. in order to gain a deeper understanding of how we need to tailor and “culturally translate” global Ethics & Compliance guidance and programs. Based on these insights, we need to emphasize some elements, tone down or reframe some others, and maybe also adjust the expectations of what is realistically achievable in different countries. By doing this, we can achieve more effective and engaging Ethics & Compliance programs in local cultural context.
One thing is clear, however: In our global economy, at the end of the day, any local Compliance program must stand up to scrutiny by the U.S. standards. So all elements required by the U.S. Guidance should be present. Even where they may not be truly effective locally and there are other mechanisms that work better to achieve Compliance in the local cultural context. In such cases, the required elements become more of a formal “compliance” exercise, but the true focus of the local should still be to achieve actual effective compliance in practice.
2 thoughts on “Culture, Compliance … and Turkey – Part 2”