INSIGHT: Monitoring Outsized Risk Elements in Your Organization

In March, 1991, a video of four officers of the Los Angeles Police Department beating civilian Rodney King provoked international outcries against police violence. In response, the mayor of Los Angeles appointed Warren Christopher to lead an independent commission to examine the use of force in the LAPD.

According to the Christopher Commission’s report, out of the 8,450 police officers in the LAPD, approximately 1,800 had been complained of excessive force or improper tactics. Of these officers, more than 1,400 had just one or two such allegation; 183 had four or more; 16 had eight or more. The Commission found that the “top 10% of officers ranked by number of excessive force or improper tactics allegations accounted for 27.5% of all such allegations.” The same pattern was also found in the use-of-force reports: 63 officers had more than 20 use of force report each, while half of the LAPD had fewer than five each.

This pattern is known as power law distribution, where a small number accounts for an outsized effect on the whole population. Power law distribution provides critical insight to compliance.

In the case of the LAPD, not all officers were equally prone to use excessive force or improper tactics: 79% of them did not have a single such allegation made against them. The risk in this case resided with the 183 officers, representing 2% of all LAPD officers.

A similarly illustrative distribution pattern was found in an examination of the Wells Fargo fake accounts scandal. Professor Todd Haugh found that Wells Fargo’s critical failure was its inability in identifying “the extreme compliance risk that was developing around a small group of managers who had the capability of spreading that risk throughout the organization.”

By examining the “epicenters”—California and Arizona—that created the most fake accounts, Haugh found a small number of star regional managers who were sent to turn around low-performing branches with high-pressure tactics, and fake accounts increased where they went.
These managers functioned much like infectious agents carrying diseases from one community to another.

Haugh argues that these “Power Few” star managers had outsized contribution to the fake account creations due to their “popularity” and influence in the organization. Haugh proposes that, “[i]nstead of designing compliance programs aimed generally at promoting ethical culture, … [c]ompliance efforts should target those individuals within the company whose unethical decision-making pose the greatest risk according to behavioral and organizational factors such as job task, leadership role, propensity to rationalize wrongdoing, and social and organizational networks.”

My own experience certainly validates Haugh’s theory. While conducting internal investigations, I often found business units that seemed contaminated: Anyone who came into those units ended up engaging in wrongdoing. The common element was often the same managers.
This experience was what led to these two particular questions in the Department of Justice’s Guidance on Evaluation of Corporate Compliance Programs:

1. “Have the company’s investigations been used to identify root causes…and accountability lapses, including among supervisory managers and senior executives?” and

2. “Were managers held accountable for misconduct that occurred under their supervision?”

Had Haugh’s paper been available when I drafted the questions, I would have added:

3. “How has the company identified and monitored its high-risk and high-influence individuals?”

Here are some suggestions on how to address that third question, if not for the next iteration of DOJ questions, certainly for more efficient use of compliance monitoring resources:

1. Continuous analysis of reporting and investigations data. Where are you finding violations and repeat offenders? What do they have in common? (Most often, I have found the common element to be their managers.)

2. Identify other data that may point to the “Power Few.” I am fond of “Top Ten” lists. Top Ten markets/business units ranked by shortfall from target can indicate employees who are currently under great pressure, and thus vulnerable to the temptation of shortcuts. Top Ten spenders of certain expenditures and Top Ten cost centers can point me to who are making most of the riskiest transactions. Top Ten teams with the greatest human resource complaints and/or safety incidents can provide warning to management problems.

3. Synthesize and act. The data points can reveal the most when they are put together. For example, the “Power Few” in Wells Fargo might have been identified when data on improvement in performance is put next to those on increase in fake accounts and personnel movements. Once you have identified your “Power Few”, you hold them accountable and/or heighten monitoring of their activities. You may also need to find ways to reduce their influence, including making sure they are not promoted in ways to further infect more parts of the organization.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

Hui Chen is an independent ethics and compliance consultant and was the Justice Department’s first-ever compliance counsel expert. She has served in global senior compliance lead positions at Microsoft, Pfizer, and Standard Chartered Bank.