With the public crying out for more transparency, and stakeholders and regulators demanding accountability, the ethics and compliance function quite often finds that they are stretched thin in combating these issues. There are a number of elements that contribute to a high performing ethics and compliance program. These are our top five:
2016 was truly a year of huge corporate scandals. Some of them that grabbed the headlines included Wells-Fargo’s executives turning a blind eye to the creation of fake accounts, Roger Ailes at FOX resigning due to sexual harassment allegations, Zenefits’ CEO resigning after the company ran into trouble with the law, Mylan’s price-gouging of the life-saving Epipen, Volkswagen’s emissions scandal, and many more.
These scandals were a wake-up call for many organizations, bringing their ethics and compliance functions into the forefront of their businesses. They recognized that its activities are integral to the strategic core of organizations aiming to regain its credibility.
Furthermore, social media and mobile technologies have made it more possible for the public to not only expose illegal transactions but also raise questions about the way businesses are conducted. With the public crying out for more transparency, and stakeholders and regulators demanding accountability, the ethics and compliance function quite often finds that they are stretched thin in combating these issues.
There are a number of elements that contribute to a high performing ethics and compliance program. These are our top five:
One of the most important elements for a high performing ethics and compliance program is to get your board and the senior leadership involved from the onset to empower and support the team with adequate resources. Setting the tone at the top to ensure that every day business operations and the overall strategy are in compliance with corporate and regulatory policies and laws should be a top priority. PwC’s State of Compliance Study states that 98% of the organizations surveyed have a senior leadership that is committed to ethics and compliance. Additionally, it is imperative that this commitment permeates all levels of management.
Getting employees to actually speak up and report unethical conduct is difficult, but mature organizations are investing in a speak-up culture by creating awareness programs and working towards making employees feel comfortable about reporting wrongdoing internally and anonymously. Some of the methods being used are creating newsletters to build awareness and meetings to educate the team about anonymous reporting and investigations. Organizations should relook at their existing investments in whistleblowing and case management systems and implement robust systems to intelligently track the different types of ethics and compliance violations. Whistleblowing training can be provided to help employees understand the protections given to them to avoid carrying out activities seen as retaliation.
Organizations can make ethics and compliance a part of the employees’ performance goals and consistently track their progress against these goals through meaningful metrics. Incentives may be tied to performance reviews, which could include evaluating an employee’s adoption of ethical business practices and adherence to compliance standards. Providing compensation based on program adherence is a simple way to get employees to keep compliance top of mind.
In PwC’s State of Compliance 2016 Report, 77% of the respondents reported that they have an Enterprise Risk Management process. However, 54% of the respondents indicated they needed to conduct at least some additional compliance and ethics specific risk assessment activities in order to fully address risks in these areas.
Compliance risk assessments can help you understand the full spectrum of your compliance risk exposure, including the likelihood for the risk event and the potential severity of its impact. An effectively designed compliance risk assessment can also help you prioritize risks, map these risks to the applicable risk owners and regulations, and allocate resources to mitigate these risks effectively. These risk assessment results can be used to develop or revise the organization’s compliance plan, including policies and procedures, training, auditing, and monitoring.
While there is a huge demand for innovative technological solutions, organizations find it difficult to get the right solution that caters to their specific ethics and compliance requirements. Many organizations have invested in point solutions that help them capture regulatory data, perform compliance risk assessments, manage policies and procedures, and keep track of ethics and compliance cases. Organizations with mature ethics and compliance programs need an integrated platform to track multiple regulatory changes and tie it to the business processes. These programs help conduct an impact assessment, gain in-depth compliance risk intelligence, streamline policies and procedures, and track multiple compliance metrics. They should be able to monitor ethics and compliance risks in real time to proactively spot inconsistencies.
There is no doubt that compliance officers have a tough challenge grappling with a complicated risk landscape and ever-evolving regulatory requirements. Connecting compliance to business strategy provides the foundation for a culture of compliance and ethics that help ensure the organization conforms to all necessary regulatory requirements and ethical standards. By laying a solid foundation with the right tone at the top, focused compliance risk assessment and oversight, enforcing discipline, encouraging a speak up culture and appropriately adopting technology, compliance and ethics officers can strengthen the value that compliance provides to the organization, manage risks associated with the organization’s strategic objectives, and drive cost-effective compliance.