Say the word compliance in a room full of employees and you typically get two distinct responses: rolling of the eyes or a look of fear.
With monthly headlines highlighting campus scandals, it is no wonder that the mere mention of the word can invoke fear and frustration among campus administrators. From the nuances of financial aid compliance and consumer disclosure, to NCAA compliance, or even the challenge of responding to the rise in demand for emotional support animals, compliance in higher education covers almost every area of activity. As such, compliance is a crucial part of protecting an institution’s reputation and integrity.
Yet, the reason that simply hearing the word compliance makes many people nervous may be due to misperceptions, or a lack of understanding, or a lack of an appropriate program structure. The demands placed upon a university’s compliance program can ebb and flow based on national debates and cultural challenges. The rulings of each Congress dictate the work of the day, and the unique risks that an institution faces drive the actions of the compliance program. With so many regulations and requirements, compliance programs have often developed into a decentralized network of administrators responsible for compliance in their respective areas. After all, with so many unique requirements, how else could you get everything done?
While compliance consultants and out-of-the-box products have popped up at an alarming rate—each selling a one-size-fits-all approach to compliance—these have often done nothing more than add another layer of red tape to the responsibilities of already overwhelmed administrators. Some compliance administrators believe that higher education institutions simply do not have the resources or the budget to do compliance the "right" way. The truth is that there is no single right way when it comes to compliance. What is most important to the compliance process is a mindset that prepares employees to not only recognize risks, but also to have access to resources enabling them to deal with those risks appropriately.
At Lynn University, a private institution in Boca Raton, Fla., which has about 3,000 students, we accidentally found ourselves on the path to an institutionwide, comprehensive compliance program through the creation of a Title IX program. Four years later, we have developed a robust, campuswide compliance and ethics program by using a people-first approach. In this article, we will explore our journey as one model for effectively engaging stakeholders across the institution, including our intentional focus on the why before the how, so as to shape a culture first, from which the compliance rules follow.
The Push for Programming
In the years following the 2011 Title IX "Dear Colleague Letter," and after an onslaught of higher education sexual assault scandals and headlines, institutions across the country scrambled to hire Title IX coordinators. Suddenly, a responsibility that had been ignored, delegated, and underfunded by many institutions was elevated to one of the most visible positions on campus.
Many institutions realigned organizational structures to make Title IX coordinators report directly to vice presidents, presidents, and even the board. In theory, individuals with experience in this position would be limited because the reinterpretation and focus on Title IX were only in their nascent stages. Human resources officials, who were familiar with Title VII, and student conduct administrators, who were familiar with all types of campus misconduct, had the experience necessary to process these types of cases. Yet, in many instances, they did not possess the political skills to navigate the new national landscape.
In 2014—motivated by the university president’s guiding principle that we should not have to be legislated into doing the right thing, instead choosing to do it for ourselves and our community—we hired a Title IX coordinator, secured funding to support new initiatives, and advocated to provide this new office a voice.
Title IX compliance involves multiple offices and administrators, overlapping pieces of legislation or best practices, increased training requirements, enhanced policy development, and investigations. It encourages proper risk assessment and climate checks, and requires a team of dedicated and compassionate staff members who are capable of handling crisis management, both for the involved parties and for the institution.
So many requirements and moving pieces made it challenging for us to identify a framework to organize an effective program. We knew that a unique structure had to be designed to support our Title IX initiatives in a way that would allow for a trauma-informed approach while still providing the evidence-based and data-driven logistics needed to advance the program. While not designed for a Title IX compliance program, we found structure in the seven elements of compliance as promulgated through the Federal Sentencing Guidelines (see sidebar, "Finding the Right Framework").
A program informed by these seven elements is considered a best practice and one that can be a significant mitigating factor, allowing for a reduced impact in light of a compliance or ethics failure. However, simply adopting this framework without thinking critically about an institution’s unique culture can be risky. In order to truly deliver a return on an institution’s investment, compliance and ethics programs must be based on the culture and politics of a community, with integration into the mission and values of the campus.
While we began the transformation of our compliance program in 2014 with a specific focus on Title IX, we soon found ourselves having regular conversations about the importance of compliance across the board. Eventually, the university president asked us to develop a comprehensive compliance program. The seven elements used to develop a better Title IX program have likewise formed the basis of our campuswide institutional compliance and ethics program.
For us, what started as an effort to adhere to Title IX has become a way of working that extends across our community—what we call compassionate compliance. By listening, learning, and setting the right tone at the top, we are demonstrating how compliance can add value, reduce risk, complement and improve campus culture, and allow educators to concentrate on teaching and learning.
Compliance administrators must provide education on what a compliance and ethics program is, but to do so effectively, they must first become educated themselves. This education comes in two equal but distinct forms: best practices in higher education compliance; and understanding the people, functions, goals, and culture of the institution. Before we could start managing compliance in a centralized way, we had to learn the ropes and determine how compliance was already being handled across our campus.
We launched a listening tour to talk with everyone involved, including vendors, leaders, and front-line employees. We spent a lot of time meeting not only with senior leaders and department heads, but also with the front-line staff and administrative support—everyone including maintenance and janitorial staff, student workers, and the president. Instead of simply asking questions about compliance, we took a different approach, asking open-ended questions such as:
- What is important to you and your department?
- What keeps you up at night?
- What does compliance mean to you?
- Where are we now, and where are we going?
- What do you see as limitations or obstacles?
When you spend time listening to the people who manage and support processes, potential risks come up that you don’t always think about ahead of time. For instance, we learned that our study abroad programs presented unique challenges we had not considered. For example, while we had a fairly comprehensive program supporting our traditional study abroad efforts, we found that individual international study programs sponsored by faculty often fell outside of the purview of the office of international programs and services, and therefore may not be subject to the same assessment and vetting process. This was an easy thing to overlook and an even easier challenge to solve by simply requiring that the office be notified of any international travel involving students.
Taking the time to build relationships through careful listening allows for the development of a nuanced knowledge of the inner workings of a campus infrastructure—a necessary aspect of a successful compliance program. Relationship-building also lays the groundwork for buy-in from across campus for the success of a new compliance program.
Building a Hybrid Model
As noted, every organization approaches compliance differently on a range of factors, including staffing, reporting structure, resources and budget, and division of duties. Some institutions opt to have a centralized office and staff, while others are intentionally more decentralized in approach, allowing each administrative unit to take responsibility as it sees fit.
Through our listening tour, it became clear that we were managing compliance in silos, with each department as the owner of specific compliance obligations. The shared sense of responsibility was generally positive, but a completely decentralized approach can sometimes mean inefficiencies or a lack of oversight. In response, we sought to streamline these processes and ensure effectiveness by building a hybrid model.
As a next step, we set out to understand our obligations and define the needs unique to our campus. Not looking to reinvent the wheel, we leveraged resources available from NACUBO, the Higher Education Compliance Alliance, and other organizations to help us determine our regulatory requirements. Because we wanted to prioritize our compliance activities, we conducted a detailed review of high-risk areas such as Title IX, Title IV, accreditation, minors on campus, study abroad, data privacy and security, and campus safety. We assessed the likelihood and impact of various risks and prioritized compliance activities based on that assessment.
Through this work, our team developed a list of about 200 compliance tasks that must be done every year. For instance, all institutions that receive federal funding are required to hold an educational program about the U.S. Constitution on Constitution Day, September 17. However, if a specific person is not assigned to take ownership of developing and organizing a Constitution Day program, this can easily slip through the cracks.
Today, each of the 200 compliance tasks we identified are designated to a specific administrator, known as a "compliance partner," who is responsible for the day-to-day activities required by the compliance tasks assigned to him or her. Our central compliance office works to ensure that, not only are the tasks completed, but that compliance partners also have the support, knowledge, and resources necessary to fulfill their obligations. Getting to this point required a great deal of work on achieving employee buy-in and educating employees about their roles, as well as providing ongoing training and support.
Creating a Culture of Support
From the beginning, the motto of our office of compliance has been: We have done our best compliance work if no one knows we are doing it. This sentiment is based on an understanding of the human impact of compliance and how an external entity dictating the everyday work of various departments could lead to feelings of lack of appreciation and low employee morale. Compliance is a shared responsibility, and this motto demonstrates that compliance partners should be empowered to succeed through the quiet but constant support of the compliance office. The victories of the compliance office can be seen through the individual victories of compliance partners.
Our new model required us to create a culture where responsible individuals are empowered to be part of the plan. To accomplish this, we paired our compliance partners with senior leaders who celebrated their victories and advocated for them across the campus community. Specifically, each compliance partner is responsible for the day-to-day management of his or her unique compliance responsibilities, and his or her supervising vice president is responsible for providing oversight and ensuring that compliance obligations are not only being met, but are also supported by proper resources.
We also spent time educating employees about what to expect from our new hybrid campus compliance system. For instance, some people thought that a centralized compliance office meant that they no longer had to handle compliance within their departments. While our university compliance officer serves as the point person for all compliance efforts across campus, our communication and training programs reinforced to department staff that they were still responsible for certain aspects. Our centralized office would also be available as a resource to provide support and ensure that their compliance efforts were successful.
Some staff believed that we were trying to fix something that was not broken, so we helped employees understand why we were making changes to compliance processes. While we were pleased with the success of our existing compliance structures, we realized—and had to communicate to other staff members—that risks are ever changing and new best practices have emerged over the years. Compliance programs, like the campuses they serve, must evolve and grow.
Overcoming the Fear Factor
As with any change, staff members can be hesitant at first about implementing a new compliance structure. Because our approach had garnered buy-in and the support of senior leadership through our campuswide listening tour, advocates in every department understood the need for changes to the compliance program and relayed this need to their employees and colleagues to help set the tone and create a climate of support.
Over the past several years, we have worked to remove the fear factor that usually stems from the realization that neglecting compliance can carry grave consequences for our institution and our careers. We do not want our staff members to feel the pressure of making a mistake. Instead, we work with employees to help them recognize potential risks, ensure that they are aware of policies and resources, and equip them to leverage those resources to respond appropriately.
This focus on prevention and preparedness—rather than on catching mistakes—instills a more positive perspective. Instead of fearing compliance, we respect that it minimizes risks, empowers us to resolve issues effectively, and helps the organization stay focused on its educational mission. By building a culture that embraces a team mentality and a sense that we are all in this together, we enhance our compliance success campuswide. To keep our edge and further mitigate any fear of noncompliance, we also place high value on ongoing risk assessment, and testing and monitoring to ensure that our system is working.
Creative Compliance Education
To maintain momentum and employee engagement, we work continuously to provide resources and ongoing compliance education and support. For instance, in 2017, we launched Compliance Awareness Month. Each week during July, our compliance office distributes information to managers about how to talk about ethics with employees and how to find and use our code of conduct, risk management policies, and other compliance-related resources.
We also send out periodic newsletters, complemented by a manager’s toolkit that provides managers with resources to discuss compliance issues with their staff and incorporate the seven elements of compliance into their departments.
As boring as a compliance newsletter may sound, a recent issue included a compliance scavenger hunt that required people to answer questions about information found in previous newsletters, such as where to find a copy of our vendor-selection program. The department that answered the most questions correctly earned coffee and doughnuts courtesy of the compliance team. We were overwhelmed by the amount of scavenger hunt submissions we received and have since expanded our outreach to include lunch-and-learns, coffee and compliance chats, and a compliance-focused game in every newsletter.
Our compliance office also operates a custom-built, digital compliance service desk, allowing people to ask questions about compliance or risk issues and best practices, suggest a change to an existing policy or request creation of a new policy, or ask for additional training. Based on the number of inquiries, it is evident that we are providing a service that people value.
Programs such as these are indicative of our people-first approach. We strive to listen, seek input, and incorporate what we learn back into our program because we know that people will follow the rules if those rules help them in adding value to the service they provide. We choose to focus first on resources, education, and support, rather than checklists and mandates. We appreciate different learning styles and, not only allow employees to choose the education method that best suits them, but also engage others to help with designing training programs and spreading knowledge.
We seek people’s input in order to find effective solutions to challenges related to compliance. This motivates compliance partners to take control of their responsibilities and to celebrate their victories. A strong focus on compassionate compliance prepares and empowers the entire campus community through a culture of shared responsibility and shared victories.
Building an effective compliance program requires plenty of time and the initiative to create and fine-tune a plan that fits your campus and your staff. Our experience shows that a positive and proactive culture of compliance can be accomplished even at a small institution with a small budget.
LAURIE LEVINE is vice president of business and finance, and chief financial officer, and LORNA LANEY FINK is university compliance officer and Title IX coordinator at Lynn University, Boca Raton, Fla., and the founder of the Independent Colleges & Universities Compliance and Ethics Consortium.