As published in The Financial Post

Just over two decades ago, the Sarbanes-Oxley Act put the regulation of corporate compliance on the map. It has since become a governance preoccupation, spawning armies of compliance professionals, commanding a substantial portion of every board’s agenda and costing hundreds of billions of dollars. Elaborate legal mechanisms — such as sentencing guidelines, whistleblowing regimes and personal liability of directors and management — aim at preventing employee wrongdoing and heightening oversight by directors and senior management to ensure internal systems are effective.

The objective — better, more honest governance — is hard to argue with. Yet time and time again we see high-profile firms encouraging, acquiescing in or simply not discovering seriously non-compliant behaviour. Less than a decade after Sarbanes-Oxley was enacted a crisis in the mortgage insurance industry almost caused the U.S. banking system to seize up and it did bring a global recession. In this country, SNC-Lavalin was crippled when employees (including a former CEO) were found guilty of multiple cases of fraudulent behaviour. Boeing, whose success was built on a reputation for the safety of its aircraft, has struggled since two fatal crashes involving the 737 Max 8 jet in 2018 and 2019. More recent governance failures include settlements by several financial institutions for non-compliance with money-laundering requirements and by a major accounting firm that acknowledged and paid fines for employee exam cheating.

Layering on more and more regulation clearly has not prevented compliance failures. Why? In our view because trust has to be nurtured, not legislated. Getting employees to ring alarm bells early, when problems are just beginning, requires trust. None of the many governance tweaks — whether restricting related-party transactions, clawing back executive compensation, forcing corporate officers to certify internal controls, or reporting “up-the-ladder” — effectively addresses this threshold concern.

At bottom, good corporate behaviour depends on strong corporate cultures characterized by old-fashioned values. Getting buy-in to good norms is becoming harder as employees’ political views become more polarized and the regulation of compliance itself becomes more politicized. Shifts in employees’ personal values and the impacts of digital re-skilling also threaten shared values. But without good values, effective governance is very hard.

Absent a strong culture of tolerance and mutual respect, polarization reduces trust. Opinions within an organization risk being disregarded, suppressed or self-censored. It becomes easier to avoid difficult communications, discount difficult information and double-down on prior beliefs. In an environment of mistrust, compliance concerns are more likely to be suppressed or misunderstood. Identifying and addressing problems (and opportunities) as they arise are less likely. Organizational coherence, adaptability and performance all suffer.

Putting culture first means focusing on how people deal with each other both within an organization and with external stakeholders. The key — no surprise here — is to treat people the way you would want to be treated: with dignity and mindful of their own sometimes differing values and expectations, regardless of their status, gender, race, religion, sexual orientation or political views, but also making sure all employees understand they are expected to adhere to basic precepts of integrity and mutual respect.

Does culture really trump rules and procedures?

Yes. Boeing’s acquisition of McDonnell Douglas is generally viewed as the source of its cultural demise. The rapid decline in its reputation and performance followed quickly. For many organizations, building a safety culture should be a major focus and, over time, a celebrated achievement. When people know you value their safety and are willing to devote real resources to assure it, building a culture of trust and candour becomes much easier.

Strong “listening skills” and creating space for open communication are also essential. Though more art than science, a commitment to continuously measuring cultural goals can help, too — especially in large enterprises operating globally across different languages, economies and political contexts. Actively monitoring these inputs is key to guarding against clashing norms or wishful thinking that risks a disconnect between stated values and prevailing cultural reality. Consider, for example, the need to reconcile tensions between collaboration and individual initiative. Hollow values detract from any company’s resilience, productivity and value creation.

While it often receives less attention, we believe maintaining a strong, effective corporate culture is more important than most of the “best governance practices” encouraged or required by regulators. It is also increasingly challenging to achieve, in part because it requires sustained effort to “look beyond the law” — ticking boxes on a mandated compliance checklist — and to focus hard on values, relationships and workplace psychology, which are what really matter.