Today’s Washington Post carried a story about a significant compliance failure. Ernst&Young settled with the SEC paying a $100 M fine due to hundreds of its employees cheating on the ethics test required for their CPA licenses. The story says that the SEC found that “… beginning in 2017, 49 Ernst & Young professionals shared or received answers to ethics exams they needed to pass to get licensed as certified public accountants. Hundreds more cheated on courses they needed to maintain their standing with state oversight boards, while others who didn’t participate themselves helped facilitate the behavior, the SEC said.”
Hard to imagine this happening in an organization with an effective internal reporting process. How could it be that no one called the hotline or informed a compliance official? The Post adds, “The firm’s leaders then covered up the activity, failing to report it to the SEC after the agency asked Ernst&Young about complaints it had received and the company launched an internal investigation that confirmed the misconduct, according to the SEC.” You have to ask yourself how this could happen, especially in a company charged with monitoring compliance.
The lesson is that if it can happen there, you have to assume it could happen anywhere. And this example makes it clear that as technical as compliance often becomes, it is really about the the culture.