According to acclaimed researcher and author Brené Brown, being vulnerable can be a strategic asset to any organization. Although this may sound counterintuitive to some, Brown made the case for how vulnerability cultivates innovation to a rapt audience of directors and corporate-governance professionals gathered at the 2017 NACD Global Board Leaders’ Summit.
Brown became an Internet sensation after she discussed her academic research on these themes at a TEDxHouston event in 2010. Although her presentation was enthusiastically received by her in-person audience, she was frustrated by negative online comments left on the video. But soon after, she discovered a quote by President Theodore Roosevelt that not only has reframed how she viewed her experience, but also has guided her subsequent work:
“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.”
Brown then identified the following four qualities that, when operationalized within an organization, will create a culture of courageous leadership:
Vulnerability. Based on Brown’s research, there is no job where a person is not vulnerable. She noted that vulnerability is not the same as cowardice. Rather, it’s the willingness to expose your new ideas to public scrutiny. Without trying to do something new, and risking the possibility of failing horribly, progress can never happen.
Courage. It takes courage to compete in business. Luckily, Brown’s research into the behaviors of 80 senior leaders and more than 300 MBA students demonstrates that courage is a skill that can be taught and measured. She recommends four practices to instill a culture of bravery in an organization: (1) encouraging vulnerability, (2) defining the organization’s values and operationalizing those values, (3) inculcating trust between individuals and teams, and (4) empowering people with “rising skills,” or the skills to pick one’s self up and brush one’s self off after failing. Regarding rising skills, Brown pointed out that if your employees cannot recover from and learn from their failures, they will begin to feel that they need to be on the defensive—a mind-set that can hinder creativity and innovation.
Ethics. One of the most difficult situations a person can encounter in a business setting is standing up to someone who is making unethical choices. According to Brown, ethics should be the grounding framework that drives behavior. When someone acts outside the set of ethics that the organization adopts or outside the law, leaders must be brave enough to call out that person’s missteps. Her point holds particular relevance to directors and executives who are responsible for overseeing business ethics and promoting a culture of ethical performance.
Trust. Brown asked the audience, “If you can’t see a person’s vulnerability, will you ever be able to trust them?” Vulnerability is a key to building trust, and top-performing teams rate trust in their coworkers as the deciding factor for success.
Brown noted that people who lack trust in one another are likely to avoid confronting their fears and anxieties. Trust makes workers brave enough to develop and share their ideas, and allows them to discuss failures in a respectful manner.
“Can innovation come without exposure?” Brown asked. “Can you have innovation without vulnerability? No. It doesn’t exist.”
One of the board‘s key responsibilities is the oversight of a company’s conduct, including the strength of its culture and the effectiveness of its ethics & compliance (E&C) program. In recent years, that responsibility has become even weightier. Recent corporate scandals, such as Volkswagen, Unaoil, and Mitsubishi Motors, have created public skepticism about business ethics, and policy makers have responded with a new emphasis on accountability for both companies and responsible individuals, including directors who are either negligent in preventing fraud or willingly participate in it. Enforcement agencies now scrutinize a company’s E&C efforts before making prosecutorial decisions by inquiring about board oversight in the company’s approach to E&C.
Organizations around the world invest tremendous resources to establish internal E&C programs and prevent corporate wrongdoing. Although E&C was historically a U.S. focus, a number of international standards have heightened the importance of E&C programs globally: the UK Bribery Act; the new International Organization for Standardization (ISO) 19600 Compliance Management System Guidelines; and the OECD Anti-Bribery Convention.
Directors observe these developments and scratch their heads. What does an effective E&C program look like? How can we succeed with E&C without stifling our business? What is the board’s role in E&C oversight? Has any organization gotten it right?
There is good news for directors. There are exemplary organizations—representing a wide variety of sizes, sectors, and industries—that have raised the bar even higher than mere compliance with the law. These organizations have transformed their workplaces through their E&C efforts to yield stronger, more positive results. And even better, there is now a framework to help directors guide their own organizations in establishing such an E&C program.
The Framework: Principles and Practices of High-Quality E&C Programs
In May 2015, the Ethics & Compliance Initiative (ECI) convened a group of 24 thought leaders with E&C program experience, including corporate directors, former deputy attorneys general, former members of the United States Congress, business executives, senior E&C practitioners, and academics. The panel produced a new report with leading principles and practices for effective E&C program implementation: Principles and Practices of High-Quality Ethics & Compliance Programs. The report includes five key principles practiced by organizations not satisfied with “minimum” E&C efforts; these organizations are referred to in the report as high-quality programs (HQPs). The principles, which should be tailored to each company’s individual circumstances, are adapted below from the original report:
Principle 1: Ethics and compliance is central to business strategy.
E&C is both a function on the organizational chart and is considered to be an essential element within every operation.
A high standard of integrity and compliance is articulated as a business objective, and every strategic decision is evaluated for alignment with the organization’s values and standards.
An HQP ensures compliance with law and regulation, and is resourced to help leaders across the organization understand their critical role in setting and meeting the standard for integrity.
The E&C program is expected to provide an independent voice, and regularly updates the board on E&C objectives, risks, and progress.
HQP staff maintains excellence by dedicating themselves to continuous improvement in E&C through innovation, engagement with stakeholders (inside and outside the organization), and consistent consideration of employee feedback.
Principle 2: Ethics and compliance risks are identified, owned, managed, and mitigated.
While organizational values are the heart of any E&C program, risk assessments provide the foundation upon which HQPs are built.
E&C staff collaborates across the organization to support a risk assessment process that identifies, prioritizes, and mitigates risk consistently.
Compliance performance, strength or weakness of organizational culture, employee willingness or fear to report, and other key E&C areas are evaluated and reported to the board as potential risks to the organization.
Leaders at all levels assume ownership for the ongoing identification and mitigation of risks that are relevant to their areas, both inside and outside the organization.
The board is regularly briefed on emerging E&C risks and how the E&C program is monitoring and mitigating risks where necessary.
Principle 3: Leaders at all levels across the organization build and sustain a culture of integrity.
Culture is the largest influencer of business conduct, and leaders are recognized as the primary drivers of that culture.
Leaders throughout the organization are committed to, and responsible for, making ethical conduct and decision making central to the organization and its operations.
The board assumes responsibility for evaluating the performance of senior management in providing ethical leadership and setting a proper tone at the top.
HQPs equip managers and supervisors with the support needed to make those values relevant to their day-to-day operations.
Recognizing that employees at all levels make ethics-related choices every day, HQPs provide resources, guidance, and training that emphasizes to all employees the importance of acting in accordance with shared values, seeking help, and speaking up.
Principle 4: The organization encourages, protects, and values the reporting of concerns and suspected wrongdoing.
HQPs focus on establishing an environment where issues can be raised long before situations are elevated to the level of misconduct.
HQPs prepare leaders and supervisors to respond appropriately if/when employees do come forward with concerns about wrongdoing.
Managers understand the impact of their actions, and HQPs hold them accountable for contributing to a culture that does not support the reporting of concerns.
There are focused efforts to prevent and deter retaliation.
HQPs treat all those who report violations fairly and consistently, and effectively support employees who report suspected violations.
The board is regularly briefed on high-level trends in employee reporting, and management is expected to be transparent with the board when substantive “bad news” transpires.
Principle 5: The organization takes action and holds itself accountable when wrongdoing occurs.
Investigations are timely, neutral, thorough, competent, and consistent.
When a violation is confirmed, the organization responds with appropriate consequences, regardless of the violator’s position within the company.
The organization maximizes learning from every substantiated case of wrongdoing.
HQPs recognize that technology has increased reputational risk.
HQPs have well developed systems for escalating issues, with regular testing for crisis management and response.
When appropriate, HQPs disclose issues to appropriate regulatory and government authorities and work cooperatively to respond to their concerns.
The board is well informed when substantive issues arise that require organizational accountability to stakeholders.
As corporate directors know better than anyone, there is no one approach to effective ethics and compliance. Each company’s circumstances are unique; therefore, their E&C programs must vary accordingly. But there are some universals among organizations that “get it right,” particularly when it comes to implementing a proper E&C tone at the highest levels of the organization. The board has an essential role in setting the expectation that the organization will not be satisfied with upholding only the minimum standard. Understanding the principles and practices that characterize leading E&C practice will help board members engage with management to ensure that the highest standard of integrity is seamlessly aligned with the performance of the organization overall.
Patricia Harned is CEO of the Ethics & Compliance Initiative (ECI) and frequently speaks and writes about workplace ethics, corporate governance, and global integrity. Ronnie Kann is executive vice president of research and program development at ECI, having served chief ethics and compliance officers, general counsel, and chief human resource officers throughout his career. Harned and Kann both contributed as authors to the ECI reportPrinciples and Practices of High-Quality Ethics & Compliance Programs. The Ethics & Compliance Initiative (ECI) empowers its members across the globe to operate their businesses at the highest levels of integrity. ECI provides leading ethics and compliance research and best practices, networking opportunities, and certification to its membership, which represents more than 450 organizations across all industries. ECI is comprised of three nonprofit organizations: the Ethics Research Center, the Ethics & Compliance Association and the Ethics & Compliance Certification Institute. www.ethics.org
In Thursday’s NACD Directors Daily, the Wall Street Journal reported on the actions large companies have taken in response to the SEC’s proposed whistleblower program. While the SEC has received hundreds of comment letters opposing various provisions of the proposed rules, the Journal reported on more than two dozen of the country’s largest companies that have asked the SEC to revise the proposed rules. One of the more contentious issues is the proposed “bounty” that would be rewarded to a whistleblower if the company receives a sanction of more than $1 million. That bounty could range between 10 and 30 percent of the penalty paid by the company.
The article covers both sides of the debate surrounding the new whistleblower program. Businesses fear that employees will bypass the internal compliance programs and whistleblowing hotlines mandated by Sarbanes-Oxley, and report directly to the SEC. On the other hand, attorneys defending whistleblowers argue that requiring the use of internal reporting channels prior to the SEC would discourage fraud reporters for fear of losing anonymity. The SEC has just weeks to issue final rules that balance the use of internal reporting systems with reporting fraud.
Since the SEC first proposed rules on the new program last fall, NACD has worked to amplify the voice of the director on this issue. In our comment letter, we voiced concerns similar to the reservations expressed by the companies in the Journal article. Our letter stressed that the SEC should work to enhance and strengthen the internal reporting channels already in place, rather than bypass those channels by going directly to the SEC with an issue. Encouraging internal reporting can help management address and solve issues in the early stages, which in many cases are best solved by internal human resources professionals.
In the past months, NACD has also met and discussed the possible consequences of the proposed whistleblower rules with key members of the regulatory and investor communities to discuss your concerns and suggestions as we heard them in our survey prior to submitting our comment letter. In addition, last week’s edition of NACD BoardVision features NACD’s Managing Director & CFO, Peter Gleason discussing the whistleblower provisions with PwC’s John Barry.