09 July 2014
Experts in the field of compliance to share their views on the seven steps to embedding integrity in an organisation's culture.
Our panel | |
Daniel Kline Managing Director, EMEA NAVEX Global |
Peter Harris Chief Compliance Officer (Interim), IMI plc |
Philippa Foster Back Director, Institute of Business Ethics |
John Hurrell Chief Executive, Airmic |
Peter Neville Lewis Member, Institute of Risk Management |
Peter Swabey Policy and Research Director, ICSA |
Why should companies go beyond compliance to try and instil ethical behaviour? Isn’t it enough of a challenge to meet the letter of the regulations?
JH: Corporate reputations will be judged in the court of public opinion, which goes way beyond compliance… any unacceptable practices will become transparent to the media and to stakeholders.
PS: For a regulated company there will be a strong imperative towards ‘treating the customer fairly’, but for a non-regulated company there can be significant reputational issues arising from unethical behaviour.
PNL: The extra 21st century ‘must’ is to be seen to be behaving decently, having values in line with what society expects and making contributions – and this includes not doing harm – beyond its own immediate boundaries.
DK: Ethical behaviour touches every part of the organisation… in terms of a license to operate such as Health and Safety, to control for example anti-bribery laws, and the most important piece – creating a culture with the expectation that you will do it right.
PFB: The IBE distinguishes between compliance as a control mechanism – policies, procedures and
rules – and business ethics as the application of ethical values to business behaviour, such as fairness, honesty, openness, integrity. If corporate culture is rotten, compliance controls will not work: culture and behaviour transcend process and control.
PH: Ticking the box does not do enough to get you home with a regulator anymore. You need to demonstrate that thought has been given to risks and that your people are making educated decisions.
PNL: The Government’s adviser on the role of business, Philip Green, has recently reinforced thinking on all the above and it may well become mandatory for corporate reporting.
How often should companies review their code of ethics and how do you go about it? When did your organisation last do this?
PFB: It will largely depend upon the company’s culture, whether or not there has been a serious
ethical breach, or a major merger, or change of senior management. Engage the whole company… to make it a living breathing document which explores how the company’s values can be applied to day-to-day business. At the IBE we aim to review our own internal code of ethics regularly, at least every three years.
DK: Your code of conduct is the crown jewels of ethical standards... reviewing every three years is
the general cadence across our clients. There must always be a feedback mechanism because you want to create a dialogue rather than a ‘thou shall not do…’ approach. You need people engaging with the concepts.
JH: It is good practice to do this annually and/or when anything changes, such as different regulations or an unacceptable incident.
PH: We have just reviewed our values and made changes with the arrival of a new CEO… an opportunity to take stock. If the principles of what you are doing are well grounded and embedded in the business then updating the actual code becomes less of an issue. On-going discussion is a real way to keep the code live and fresh.
PNL: Review every six months in principle. However if ethical issues have occurred this may need to be accelerated. A one day refresher workshop for all staff is preferable, with a focus on a decision-making framework to help deal with ethical dilemmas.
Can an organisation ever guarantee that standards are being upheld by third parties? How do you keep on top of this at home and in riskier jurisdictions?
PFB: A company can never ‘guarantee’ behaviours in its supply chain but it can action procedures and processes that are good practice to encourage high ethical standards, for example, equipping employees with tools such as saynotoolkit.net to help make the right decisions.
JH: Companies should use their influence to bring about positive change rather than relying on the
defence that this risk cannot be controlled… If anything goes wrong, the media will decide what
should have been possible with the benefit of hindsight.
PH: Conduct and renew good risk-based due diligence, enter contracts that commit third parties
to behave in the right way and work with those third parties to make sure that happens.
PS: There is an inevitable cost to the associated contract management and monitoring, and there
will be a commercial dimension to the decision as to how effectively this is monitored. It is important to remember that this will never be foolproof, and all a company can do is its best.
DK: In contracts… have specific clauses that clearly align with your code of ethics. More organisations are taking the time to educate third parties about the standards expected. In addition, background checks and using due diligence platforms will alert you to adverse media, sanctions and watch lists.
PNL: A good example of how this can be managed is the De Beers Best Principles Practice. This requires a signed agreement from anyone who handles their products at any stage, from production to ultimate sale, which states that they will maintain specific ethical standards. De Beers polices this robustly through independent monitoring.
It is often said it is all about culture but what does that mean? How do you assess what the culture is like in your organisation much less change it?
DK: Culture is the collection and perception of actions. Reality and perception is constantly shifting
and it can be inconsistent on different floors of the same company building. Arriving at a solid understanding is a very tricky thing. A companywide survey is an important temperature check.
There are many different ways to shape culture, such as a newsletter or meetings to talk about
ethics. Also taking teaching opportunities to address this in snippits as they arise, for example within a meeting about health and safely. This is about human behaviour which is always changing so you have to be actively engaged.
PH: You want people to feel proud that they work for an organisation that values ethical. Employee
engagement surveys may help and certainly monitoring what comes through your hotline.
Perhaps less tangible is just to check if people are talking about ethics and asking questions.
PNL: Culture is no more than the group aggregate of individual behaviours… driven by decisions, which in turn are formed by people’s character and values. There is a psychometric tool called MoralDNA which can take the cultural temperature of an organisation and highlight areas which require attention. However recalibrating organisational culture is notoriously difficult …and depends on the desire by senior management to assimilate change.
JH: The board should ask themselves: What behaviours are seen to be rewarded? What does
the incentive scheme focus upon and does this have unintended consequences? Would the board,
junior employees and customers all have a common understanding of the company’s culture in regard to ethics?
PFB: Culture is a company living up to its values. It is how the organisation does things, what the
organisation stands for and what it expects from its employees. There are many proxies which can
be used to ascertain what the company cultures is: ‘speak up’ line data, staff surveys, exit interviews, staff turnover, stakeholder consultations. Another option is to undertake an independent audit, such as investinginintegrity.org.uk. There needs to be constant reminders, awareness campaigns… and examples of expected behaviours. People take their lead from what they see others do, not what they are told.
In the next issue of Governance + Compliance our experts discuss how to encourage employees to report concerns, the aspects of policy management that present the biggest challenges and why
ethical behaviour must go beyond protecting your organisation’s reputation.
Join the Ethical Intelligence debate this summer by taking part in our polls at govcompmag.com and join our live event taking place in September.