Lately I’ve been thinking a lot about what it means to have a “culture of compliance.” I know … I sound super fun at dinner parties!

The business often thinks a culture of compliance is when the CEO or another executive tells her team that we take compliance rules seriously. This isn’t enough.

At its core, a culture of compliance is an environment where the entire business management team is committed to doing business the right way. This environment fosters compliance curiosity throughout the organization, a shared understanding of what activities are riskier and a willingness to adopt more conservative rules or greater documentation requirements. This environment makes people feel comfortable to ask questions and raise issues when behavior seems problematic.

Practically, when I think about a culture of compliance, these are the attributes I look for:

  • Your legal and compliance teams are seen as partners that help to solve the problems of the business. They are routine participants in business meetings and proactively consulted. An organization or manager that seeks forgiveness rather than proactive input is problematic.
  • Your legal and compliance teams have educated the business on the highest risk activities. Every compliance rule is not equally important, and business teams should understand what’s a land mine versus a speed bump so they can focus compliance curiosity on these issues.
  • Compliance questions and concerns are raised proactively to legal and compliance either directly (ideally) or through a helpline. Don’t assume that just because questions or issues aren’t being raised that it means there are no issues. It could also mean that people don’t feel comfortable coming to compliance. In my experience, most whistleblowers become a whistleblower because they feel the company wasn’t or wouldn’t listen to them.
  • Once compliance issues are raised, employees believe concerns are taken seriously and, if necessary, properly investigated. This means the business supports a thorough investigation done through standardized investigation guidelines and doesn’t hesitate when a senior leader or superstar sales person is involved. I’ve heard business people say we don’t want to dig to deep because we might find more problems. In the life sciences business, problems will find you if you don’t find them first.
  • Legal and Compliance teams are eager to have discussions and provide clear communications in response to questions about whether an activity is appropriate. Lawyers and compliance professionals need to be able to explain both why behavior is problematic and, if it is not problematic, why it is ok. If we can’t explain why something is appropriate then the business needs to think a little more about the activity.

I’d love to hear from others. What am I missing here? What are your challenges to creating a culture of compliance?

If your company is also thinking about its culture of compliance, I conduct effectiveness compliance assessments designed to assess these issues, can help you optimize your investigation protocols and work with legal and compliance teams on risk evaluation and clear communication. DM or email me!

Dan Curto

For more than 20 years Dan Curto has been focused on helping life sciences companies solve legal, compliance and regulatory challenges. Dan was a member of the international law firm of McDermott, Will & Emery from 1998 to 2012. As a partner at…

For more than 20 years Dan Curto has been focused on helping life sciences companies solve legal, compliance and regulatory challenges. Dan was a member of the international law firm of McDermott, Will & Emery from 1998 to 2012. As a partner at McDermott, his practice focused on guiding life sciences companies through government investigations, litigation, and compliance remediation. Since 2012, Dan has held various leadership positions at Sanofi, Biogen and BeiGene, including lead global commercial roles, heading a global investigation function that oversaw all internal and external compliance and government investigations and serving as head of global litigation and enterprise risk management. Dan opened Curto Pharma Law and Compliance in 2021 to provide counsel and compliance on demand support to Life Sciences companies.