Compliance Lessons Learned from VW Scandal

After Volkswagen admitted designing software that provided false emissions data in order to appear compliant with emissions standards, many questions were raised about the culture of the company. The scandal also highlighted the difficulties in locating risk across an organization.

The resignation of Volkswagen’s CEO further illustrates how difficult it is to run an organization from an ethical perspective.

With a multinational company as large as Volkswagen, it is inherently tough to keep an eye on every single aspect of the business. It is therefore impossible that a senior Volkswagen executive could have known everything about the engine-emissions-testing process.

But should it mean that the company gets a free pass? No. Just because a company is large and has thousands of employees does not mean there is an excuse when integrity issues arise. There is no doubt that identifying issues becomes more difficult as a company gets larger, but this just means those companies need to do more to counteract the risk.

To ask questions and find risks takes real expertise which, frankly, not many people possess. It requires people with a range of skills – part business knowledge and part investigative. It requires great tenacity and the ability to seriously consider whether someone is telling the truth. They usually need to continue digging for some time. Of course, in a very large field of inquiry, they also need to know where to start. The following are a few ideas on how to approach the task.

Leave no stone unturned: There’s an old saying that some rocks on the beach only can be seen when the tide goes out, and overturning those rocks actually can identify quite a lot of information. A good compliance officer waits for the tide to go out and looks at the rocks, picks them up and examines them. Occasionally there is a tendency to ignore the rocks and/or step around them, but this should not be an option. Examining the rocks can be done progressively over time, but you always should be thinking about when the next rock will appear. When it does, examine it.

Know where to look: It’s important to know your company inside out. At Volkswagen, one would assume the company connects with officials from testing agencies and government departments in each country every time a new vehicle is released. Given this interaction with officials, a prudent compliance officer would have been talking with the engineers and been aware of how the tests were conducted. They would, of course, be looking out for any potential corruption, misrepresentation or trickery.

One would hope the compliance officer associated with the process would understand the cars, engines and testing procedures, and might have been able to ask enough questions to uncover the secret. Due to the engines’ sheer complexity it might have been hard for them to see the issues for themselves, but it should be fairly reasonable to expect they could have identified the issues by looking at the tests during and after.

Listen: Presumably there was someone at Volkswagen who watched the market and competitors, and would have known that a few years ago there was a cohort of companies involved in cheating inspections of diesel truck engines. One would have hoped that, upon learning about that issue, the person would have asked the engineering teams to demonstrate and certify there were no similar issues in Volkswagen products.

With a strong focus on the actual evidence, this approach might have identified issues much faster. Likewise, there seemed to be other complaints against the company from industry groups or those mentioned in the press. Again, an astute compliance officer would have taken those things seriously and investigated them.

An investigation should have come to the point that we now have now reached: public acknowledgement of a major problem. Most people don’t just make up stories and circulate them. Where there is smoke there is usually is fire – it just takes tenacity to push through the smoke to locate it.

Utilize your network: It is important for a compliance officer to know who to questions, to have a great network and to have good relationships across the company. This means they need to be a likeable person – someone who can strike up a conversation in any setting and who has been at the company for some time. Questions must be direct and aimed at getting to the truth. The compliance teams should ask about things they already know from the press and other sources, and ask many questions in different formats multiple times to the same and different people. They should ask questions that may not include an obvious specific reference to a possible issue, but where the answer may give rise to other issues.

There will be many people within the company who know what is going on throughout the business and industry; a compliance officer needs to find these people and get to know them. This should not be intended as a false friendship that exists only to elicit information – it should be a genuine attempt to build networks they can use to learn more about the company. They can then use that knowledge to strengthen the compliance infrastructure.

Scott Lane is executive chairman of The Red Flag Group, a global integrity and compliance risk firm that produces a unique set of advice, technology and business-intelligence applications to manage the integrity and compliance risks of its customers. The Red Flag Group is a leader in screening and due diligence across a range of industries in 194 countries. More information on the company is available at www.redflaggroup.com.