Tag Archive: ethics

What Boards Should Look for in Corporate Ethics and Compliance Programs

Published by

One of the board‘s key responsibilities is the oversight of a company’s conduct, including the strength of its culture and the effectiveness of its ethics & compliance (E&C) program. In recent years, that responsibility has become even weightier. Recent corporate scandals, such as Volkswagen, Unaoil, and Mitsubishi Motors, have created public skepticism about business ethics, and policy makers have responded with a new emphasis on accountability for both companies and responsible individuals, including directors who are either negligent in preventing fraud or willingly participate in it. Enforcement agencies now scrutinize a company’s E&C efforts before making prosecutorial decisions by inquiring about board oversight in the company’s approach to E&C.

Ronnie Kann

Ronnie Kann

Patricia Harned

Patricia Harned

Organizations around the world invest tremendous resources to establish internal E&C programs and prevent corporate wrongdoing. Although E&C was historically a U.S. focus, a number of international standards have heightened the importance of E&C programs globally: the UK Bribery Act; the new International Organization for Standardization (ISO) 19600 Compliance Management System Guidelines; and the OECD Anti-Bribery Convention.

Directors observe these developments and scratch their heads. What does an effective E&C program look like? How can we succeed with E&C without stifling our business? What is the board’s role in E&C oversight? Has any organization gotten it right?

There is good news for directors. There are exemplary organizations—representing a wide variety of sizes, sectors, and industries—that have raised the bar even higher than mere compliance with the law. These organizations have transformed their workplaces through their E&C efforts to yield stronger, more positive results. And even better, there is now a framework to help directors guide their own organizations in establishing such an E&C program.

The Framework: Principles and Practices of High-Quality E&C Programs

In May 2015, the Ethics & Compliance Initiative (ECI) convened a group of 24 thought leaders with E&C program experience, including corporate directors, former deputy attorneys general, former members of the United States Congress, business executives, senior E&C practitioners, and academics. The panel produced a new report with leading principles and practices for effective E&C program implementation: Principles and Practices of High-Quality Ethics & Compliance Programs. The report includes five key principles practiced by organizations not satisfied with “minimum” E&C efforts; these organizations are referred to in the report as high-quality programs (HQPs). The principles, which should be tailored to each company’s individual circumstances, are adapted below from the original report:

Principle 1:  Ethics and compliance is central to business strategy.

  • E&C is both a function on the organizational chart and is considered to be an essential element within every operation.
  • A high standard of integrity and compliance is articulated as a business objective, and every strategic decision is evaluated for alignment with the organization’s values and standards.
  • An HQP ensures compliance with law and regulation, and is resourced to help leaders across the organization understand their critical role in setting and meeting the standard for integrity.
  • The E&C program is expected to provide an independent voice, and regularly updates the board on E&C objectives, risks, and progress.
  • HQP staff maintains excellence by dedicating themselves to continuous improvement in E&C through innovation, engagement with stakeholders (inside and outside the organization), and consistent consideration of employee feedback.

Principle 2: Ethics and compliance risks are identified, owned, managed, and mitigated.

  • While organizational values are the heart of any E&C program, risk assessments provide the foundation upon which HQPs are built.
  • E&C staff collaborates across the organization to support a risk assessment process that identifies, prioritizes, and mitigates risk consistently.
  • Compliance performance, strength or weakness of organizational culture, employee willingness or fear to report, and other key E&C areas are evaluated and reported to the board as potential risks to the organization.
  • Leaders at all levels assume ownership for the ongoing identification and mitigation of risks that are relevant to their areas, both inside and outside the organization.
  • The board is regularly briefed on emerging E&C risks and how the E&C program is monitoring and mitigating risks where necessary.

Principle 3: Leaders at all levels across the organization build and sustain a culture of integrity.

  • Culture is the largest influencer of business conduct, and leaders are recognized as the primary drivers of that culture.
  • Leaders throughout the organization are committed to, and responsible for, making ethical conduct and decision making central to the organization and its operations.
  • The board assumes responsibility for evaluating the performance of senior management in providing ethical leadership and setting a proper tone at the top.
  • HQPs equip managers and supervisors with the support needed to make those values relevant to their day-to-day operations.
  • Recognizing that employees at all levels make ethics-related choices every day, HQPs provide resources, guidance, and training that emphasizes to all employees the importance of acting in accordance with shared values, seeking help, and speaking up.

Principle 4: The organization encourages, protects, and values the reporting of concerns and suspected wrongdoing.

  • HQPs focus on establishing an environment where issues can be raised long before situations are elevated to the level of misconduct.
  • HQPs prepare leaders and supervisors to respond appropriately if/when employees do come forward with concerns about wrongdoing.
  • Managers understand the impact of their actions, and HQPs hold them accountable for contributing to a culture that does not support the reporting of concerns.
  • There are focused efforts to prevent and deter retaliation.
  • HQPs treat all those who report violations fairly and consistently, and effectively support employees who report suspected violations.
  • The board is regularly briefed on high-level trends in employee reporting, and management is expected to be transparent with the board when substantive “bad news” transpires.

Principle 5: The organization takes action and holds itself accountable when wrongdoing occurs.

  • Investigations are timely, neutral, thorough, competent, and consistent.
  • When a violation is confirmed, the organization responds with appropriate consequences, regardless of the violator’s position within the company.
  • The organization maximizes learning from every substantiated case of wrongdoing.
  • HQPs recognize that technology has increased reputational risk.
  • HQPs have well developed systems for escalating issues, with regular testing for crisis management and response.
  • When appropriate, HQPs disclose issues to appropriate regulatory and government authorities and work cooperatively to respond to their concerns.
  • The board is well informed when substantive issues arise that require organizational accountability to stakeholders.

As corporate directors know better than anyone, there is no one approach to effective ethics and compliance. Each company’s circumstances are unique; therefore, their E&C programs must vary accordingly. But there are some universals among organizations that “get it right,” particularly when it comes to implementing a proper E&C tone at the highest levels of the organization. The board has an essential role in setting the expectation that the organization will not be satisfied with upholding only the minimum standard. Understanding the principles and practices that characterize leading E&C practice will help board members engage with management to ensure that the highest standard of integrity is seamlessly aligned with the performance of the organization overall.

See NACD’s Director Essentials: Strengthening Compliance and Ethics Oversight for more guidance on how directors can effectively oversee compliance and ethics efforts at their companies. Fortune 500 company directors offer additional insights on the role of the board and the audit committee in E&C oversight in the research brief NACD Audit Committee Chair Advisory Council: Audit Committee Oversight of Compliance.

Patricia Harned is CEO of the Ethics & Compliance Initiative (ECI) and frequently speaks and writes about workplace ethics, corporate governance, and global integrity. Ronnie Kann is executive vice president of research and program development at ECI, having served chief ethics and compliance officers, general counsel, and chief human resource officers throughout his career. Harned and Kann both contributed as authors to the ECI report Principles and Practices of High-Quality Ethics & Compliance Programs. The Ethics & Compliance Initiative (ECI) empowers its members across the globe to operate their businesses at the highest levels of integrity. ECI provides leading ethics and compliance research and best practices, networking opportunities, and certification to its membership, which represents more than 450 organizations across all industries. ECI is comprised of three nonprofit organizations: the Ethics Research Center, the Ethics & Compliance Association and the Ethics & Compliance Certification Institute. www.ethics.org

NACD Insight & Analysis: SEC Whistleblower Program

Published by

In Thursday’s NACD Directors Daily, the Wall Street Journal reported on the actions large companies have taken in response to the SEC’s proposed whistleblower program. While the SEC has received hundreds of comment letters opposing various provisions of the proposed rules, the Journal reported on more than two dozen of the country’s largest companies that have asked the SEC to revise the proposed rules. One of the more contentious issues is the proposed “bounty” that would be rewarded to a whistleblower if the company receives a sanction of more than $1 million. That bounty could range between 10 and 30 percent of the penalty paid by the company.

The article covers both sides of the debate surrounding the new whistleblower program. Businesses fear that employees will bypass the internal compliance programs and whistleblowing hotlines mandated by Sarbanes-Oxley, and report directly to the SEC. On the other hand, attorneys defending whistleblowers argue that requiring the use of internal reporting channels prior to the SEC would discourage fraud reporters for fear of losing anonymity. The SEC has just weeks to issue final rules that balance the use of internal reporting systems with reporting fraud.

Since the SEC first proposed rules on the new program last fall, NACD has worked to amplify the voice of the director on this issue. In our comment letter, we voiced concerns similar to the reservations expressed by the companies in the Journal article. Our letter stressed that the SEC should work to enhance and strengthen the internal reporting channels already in place, rather than bypass those channels by going directly to the SEC with an issue. Encouraging internal reporting can help management address and solve issues in the early stages, which in many cases are best solved by internal human resources professionals.

In the past months, NACD has also met and discussed the possible consequences of the proposed whistleblower rules with key members of the regulatory and investor communities to discuss your concerns and suggestions as we heard them in our survey prior to submitting our comment letter. In addition, last week’s edition of NACD BoardVision features NACD’s Managing Director & CFO, Peter Gleason discussing the whistleblower provisions with PwC’s John Barry.

NACD Insight & Analysis for September 10, 2010

Published by

As noted this week in national news headlines, the SEC has seen an uptick in fraud tips since the passing of the Dodd-Frank financial legislation. Previously, informants were rewarded with a maximum of 10 percent of sanctions. The new financial laws, however, raise this potential bounty to as much as 30 percent of the penalties paid to the SEC. The article notes that the new whistleblower reward program has the potential to create inefficiencies by inciting employees to report fraud directly to the government, rather than using the established channels within the organization.

To establish a healthy and productive corporate environment, directors must exemplify and encourage an ethical culture. According to the NACD Key Agreed Principles, “the tone of corporate culture is a key determinant of corporate success.” Governance practices that promote integrity and ethics are a feature of successful, sustainable organizations.

Signs* of a positive corporate culture include leaders who:

  • Provide employees access to information that is relevant to the strategic direction and performance of the company
  • Keep their promises and commitments
  • Make decisions openly
  • Accept responsibility for wrongdoing, and
  • Reward performance that supports transparency

*Findings from the Ethics Resource Center’s National Business Ethics Survey 2009, p. 22