“Goldilocks compliance”

By Jeffrey M. Kaplan

Consider the following true story.

A company decides to implement what is in effect a zero-tolerance policy for violations of its code of conduct.  Unexpectedly, this seems to have triggered a significant drop in the number of reports of violations being submitted to the company helpline.   Evidently some employees felt that the new discipline policy was too harsh, and that they did not want to subject their colleagues to it.

This is, of course, an example of compliance being taken too far.    

Another example concerns training.  Not every employee of every company needs a full hour of antitrust or anti-bribery training each year.

There may indeed be lots of opportunities for improvement at any given company.  However, I should emphasize that there are more—indeed, a great many more—companies that do too  little C&E wise rather than too much.  

Moreover, not all C&E areas are susceptible to being “too hot” to any significant degree.  Auditing generally falls into this category, in my view.

Adopting a “Goldilocks” approach may help a CECO and others on the ethics team earn trust among other key players at the company, which can be invaluable in various settings.

Finally, companies wishing to have a Goldilocks approach to C&E can do so in part by tailoring their risk and program assessments to this task.