«ADMINISTRATION & SOCIETY / November 2000 Parker / REINVENTING REGULATION Compliance-oriented regulation should be understood as a holistic approach ...»
ADMINISTRATION & SOCIETY / November 2000
Parker / REINVENTING REGULATION
Compliance-oriented regulation should be understood as a holistic approach to regulatory
design, implementation, monitoring, and enforcement in which the guiding principle is the
achievement of regulatory outcomes. Compliance-oriented regulation is therefore distinctively concerned with the effects of public regulation in preexistent regulatory space where it
must compete with private normative orderings. This article sets out the principles of compliance-oriented regulatory innovation together with evidence on their effectiveness. The widespread implementation of in-house corporate compliance systems in recent years means that compliance-oriented regulators need to be particularly concerned with nurturing compliance capacity among regulatees, fostering regulatory community through compliance professionalism, and developing standards for corporate compliance functions.
WITHIN THE CORPORATIONCompliance-Oriented Regulatory Innovation
The author wishes to acknowledge the research assistance of Charlotte Heindow and the helpful suggestions and comments of Julia Black, John Braithwaite, Cesar Cordova-Novion, Rex Deighton-Smith, Michael Power, Colin Scott, Lindsay Stirton, and the anonymous referees for Administration & Society.
ADMINISTRATION & SOCIETY, Vol. 32 No. 5, November 2000 529-565 © 2000 Sage Publications, Inc.
agencies are experimenting with programs that provide incentives for voluntary implementation of sophisticated compliance systems by business and sanctions for lack of a program (e.g., Feitshans, 1997). The global deregulatory movement is maturing in some countries into a regulatory reform movement that moves beyond the cost-benefit analysis of regulatory impact assessment to principles for “better regulation” (e.g., Better Regulation Taskforce, n.d.; see Organization for Economic Cooperation and Development [OECD], 1997a). In the United States, for example, the “re-inventing regulation” program (Geltman & Skroback, 1998;
Nesterczuk, 1996) aims to control “regulatory inflation” by ensuring that the design of regulation and regulatory enforcement strategy meets its goals in an effective and efficient way that maximizes voluntary compliance by business from the beginning. Some governments have even produced comprehensive approaches to encouraging compliance-oriented regulation, and the OECD has produced a report on the issue (see Parker, 1999c).1 These developments are all consistent with the broader style of the “new regulatory state,” which uses enforced self-regulation and incentives for voluntary compliance to steer corporate conduct toward public goals without interfering too greatly with corporate autonomy and profit (Baldwin, 1997; J. Braithwaite, 2000; Grabosky, 1995; Manning, 1987;
Parker, 1999a, 1999b)....
552 ADMINISTRATION & SOCIETY / November 2000
IN-HOUSE COMPLIANCE SYSTEMSCompliance-oriented regulation is aimed as much at reinventing regulation within private regulatory space, such as corporations, as at reforming external regulatory agencies. Compliance-oriented regulatory strategies attempt to penetrate right inside businesses to transform and harness management systems, operational processes, and organizational cultures to regulatory goals. Each of the compliance-oriented regulatory innovations described above will tend to encourage the proliferation of in-house corporate compliance systems as a means of companies taking responsibility for in-house self-regulation to meet regulated outcome standards, implement codes of conduct and management standards, respond to rewards and incentives, or fulfill undertakings to implement a compliance assurance system after a breach has occurred. Internal corporate compliance systems, then, will be one of the important formal functions where the interaction between external regulation and internal management systems occurs. Because of its monopoly on legitimate coercion (i.e., legal and regulatory sanctions), the state can have a great impact in the regulatory space inside companies. But the precise nature of the impact is not controllable because of the complex ways in which state regulation interacts with preexisting orderings. To understand compliance-oriented regulation, it is important to look not just at strategies used by external regulators but at the internal workings of the company, the ethics and professionalism of internal compliance constituencies, and the way they interact with management as well as external regulators.
Organizational actors are already voluntarily implementing compliance programs as a response to perceived risks of legal liability, major ethical breaches, and other adverse publicity outcomes. For example, in the United States, a 1996 Price Waterhouse survey of corporate compliance practices in 262 large companies found that 86% had a formal compliance policy, 9% were developing a policy, and only 5% had no policy (Ward, 1997). In Canada, a 1998 KPMG survey of corporate compliance practices found that 65% of Canada’s largest companies had explicit compliance standards and procedures in place. A total of 63% had produced publications that communicated these standards and procedures to staff and management, and 58% had assigned responsibility to high-level personnel to oversee compliance (Schwartz, 1998). Table 1 summarizes the quanParker / REINVENTING REGULATION 553 titative evidence available on the implementation of corporate compliance programs. The evidence suggests that corporate compliance programs are strongest in the areas of environmental, occupational health and safety, and financial services regulation (see, e.g., Aalders & Wilthagen, 1997, p.
421; Andersen, 1996; Genn, 1993). EEO and affirmative action compliance policies are also widely implemented but to a lesser extent. The evidence also shows that corporate compliance systems are much more likely to be implemented by large enterprises than small and medium-sized enterprises (SMEs).
The implementation of corporate compliance programs does not of itself necessarily represent an increase in compliance or in optimal regulatory outcomes. Indeed, it is possible that corporate compliance systems are a response to unnecessarily complex laws and high risks of private liability and bad publicity. But on the whole, the growth in adoption of corporate compliance programs illustrates a widespread acceptance among big business of the need to be seen to be responsive to, and ensure compliance with, reasonable regulatory requirements and social pressures. From the regulator’s point of view, at least three factors will affect the success of these regulatory interactions within the organization: regulators’ ability to nurture compliance capacity in business, the emergence of compliance professionals to act as mediators between regulators and organizations, and the development of meta-standards for internal corporate controls that help ensure the effectiveness of compliance constituencies within the organization. (Clearly, research from the point of view of corporate mangers and employees will also be helpful in understanding the impact of compliance-oriented regulation; see Parker, 1999a, 1999b.)
ABILITY TO NURTURE COMPLIANCE CAPACITY
Strategic compliance-oriented regulatory design and enforcement does not necessarily reach an audience equipped to understand or effectively respond with compliance to regulatory objectives. Innovative regulatory strategies for encouraging compliance are not likely to be effective if organizations have no capacity or expertise in how to comply with regulation. Indeed, Heimer’s (1996) study of the impact of law inside neonatal intensive care units shows that many organisations are organized anarchies, functioning much like garbage cans into which a variety of elements are tossed.... Rather than decisions being made in the “rational” way that organisation charts would suggest they are..., decisions instead result from the episodic coupling of key 554 ADMINISTRATION & SOCIETY / November 2000 elements that co-exist semi-autonomously in organisations. Which decisions get made depends on what participants happen to be there at the time, what is identified as a problem needing a solution, what solutions are available in the organization, and consensus that a choice point has arrived and it is time to make a decision. (p. 44) Indeed, one of the main advantages of implementation of a compliance system from a corporate management point of view is that it will improve controls, efficiency, and the rationality of certain processes within the organization. Studies of organizational decision making and ethics have shown that organizational processes often tend to result in decisions in which the group decides on action that is more risky and unethical than any one of them individually would have chosen and that people often remain committed to group policies even when they are obviously working badly and have unintended consequences (Sims, 1994, p. 50; also see Gioia, 1992). Compliance-oriented regulatory strategy should foster “ethical intelligence” within organizational processes. Therefore, one of the more strategic things regulators can do to increase compliance is to nurture organizational capacity to comply through education, assistance, offering consultancy services, and encouraging the growth of compliance professionals with specialist expertise in the area.
SMEs are often particularly low in compliance often because they lack capacity (such as specialized staff) to comply. Assistance targeted at SMEs may therefore bear fruit. For example, OSHA’s Consultation program is a broad network of occupational safety and health services that provide a free source of information and technical assistance targeted at SME employers (those with no more than 250 employees) who request help in establishing and maintaining a safe and healthful workplace. The comprehensive assistance available includes an appraisal of all mechanical systems, physical work practices, and environmental hazards of workplaces and all aspects of employer’s present job safety and health programs. According to OSHA, the consultation program has helped identify and control more than 500,000 workplace safety and health hazards. The program is popular with SMEs because of the government’s willingness to pay for expert services that would otherwise cost thousands of dollars. The consultation program is also completely separate from OSHA’s inspection program, and the consultant pledges confidentiality provided the employer agrees to correct in a timely manner any serious hazards uncovered during the consultation visit. In an independent survey conducted for OSHA in 1995, employers who had received onsite consulParker / REINVENTING REGULATION 555 tation visits indicated very high levels of satisfaction with the service provided (Weinberg, 1996).
REGULATORY COMMUNITY AND
COMPLIANCE PROFESSIONALISMFor targeted monitoring and enforcement, incentives for voluntary compliance, and voluntary agreements to be effective, there must be a meaningful avenue of engagement between regulator and regulatee; there must be some medium through which information can flow and dialogue can occur. Regulators must receive information about whether compliance programs put in place to stave off more harsh sanctions are effective and in line with legal standards. Regulatees must understand what regulators and communities require and why regulators have taken particular strategic enforcement decisions. They must have enough in common to understand when escalation up the pyramid will fit regulatory goals and when escalation is not necessary. Indeed, compliance-oriented regulation generally relies on the assumption that regulatory messages are communicated into a world of shared bonds and shared understandings in which companies can effectively respond to regulatory signals, and the parties deliberate effectively about their responses to them, which, in turn, creates shared commitments to regulatory goals. Regulators and regulatees need to be part of the same “community” to have continuing relationships and the same basic understanding of the meanings and goals of regulatory action (see Ayres & Braithwaite, 1992; Black, 1997, pp. 30-38;
Meidinger, 1987, p. 365).
An emerging compliance profession can act as a medium of regulatory community if regulators are willing to engage with them and can also act as a pool of compliance expertise that can be translated into corporate compliance capacity. The expansion of compliance and risk management programs in corporations has opened a new professional jurisdiction in which practitioners who identify themselves as “compliance professionals” is emerging. The new occupation spans nonlawyers including human resource managers, auditors, ex-lawyers who now see themselves as compliance managers, and lawyers who specialize in compliance issues....