Ethics & compliance: revamping and enhancing investigatory models
June 2019 | FEATURE | RISK MANAGEMENT
Financier Worldwide Magazine
June 2019 Issue
Strong ethics and compliance programmes have never been more important. Regulators and stakeholders expect companies to ensure their employees act ethically at all times. When misconduct does occur, companies must carry out thorough internal investigations to identify, highlight and correct it.
According to NAVEX Global’s 2018 Incident Management Report, the number of internal reports of potential ethics and compliance incidents hit its highest recorded level last year, with a median of 1.4 reports per 100 employees. A number of factors, including greater emphasis on issues such as whistleblowing and sexual harassment, caused by the emergence of the #MeToo movement, for example, may be responsible for this increase.
The financial and reputational impact of unethical conduct can be significant. One of the key challenges to be overcome is ensuring that companies have a strong culture of compliance. Responsibility for this lies with the chief compliance officer (CCO). CCOs operate in an increasingly dynamic legal, regulatory, social and economic environment, and are integral to the process of establishing and enforcing the company’s ethics and compliance programme. However, while the CCO is usually charged with setting the compliance standard for the organisation, they may not be ideally placed to conduct all internal investigations. “The best compliance officer is really running ‘compliance control central’ for the company,” explains Kelly L. Frey, a partner at Nelson Mullins. “He or she should provide a clearing function for incidents, investigations and reporting, and strategically guide the company’s overall compliance efforts. However, my experience has been that he or she may not be in the best position, or have the bandwidth, to actually lead or conduct numerous internal investigations that may be ongoing at any one time.”
It is the responsibility of the CCO and compliance team to ensure that a strong culture of ethics and compliance is in place within the organisation. A company’s compliance culture should form the bedrock of a robust risk management programme. The culture of an organisation is shaped by its values and their reflection in employees’ behaviour. Therefore, employees must be aware of their individual responsibility for setting high ethical standards by living up to the organisation’s values.
“Companies can ‘learn’ good behaviour over time and such corporate knowledge can be propagated across the company and across time if properly incentivised by a corporate culture that is permeated with a sense of ‘social responsibility’,” says Mr Frey. “Typically, directors and officers of companies have only two responsibilities by law – increase income and maintain capital value over time for the owners of the company, required as part of their fiduciary duties of due diligence and reasonable care. However, robust ethics and compliance culture are part of that fiduciary duty – since serious lapses in a company’s ‘ethical responsibility’ have shown to reduce the capital value of a company. Given that relationship between corporate valuation and ‘ethical social responsibility’, compliance also becomes an integral part of the statutory duty of officers and directors, which should be communicated from the president of the company down to the lowest level employee.”
The growing importance of risk and risk mitigation has become evident since the global financial crisis, which revolutionised the way companies handle ethics and compliance. An effectively managed ethics function has an important role to play in helping to safeguard an organisation’s reputation, providing guidance to staff and creating a shared and consistent corporate culture.
In response to shifting regulatory and stakeholder expectations, many companies have revamped their governance, processes and technology in order to both respond to potential ethical misconduct and assess weaknesses in controls and risks. Establishing a world-class ethics and compliance programme has become vital, as today’s and tomorrow’s leading companies are those that know how to protect their value through risk management, as well as recognise the opportunity for risk to also create value.
And while internal ethics and compliance programmes – and the investigatory models they employ – vary from company to company, there are a number of steps that all companies should take to protect themselves and improve their investigatory methods. Defining internal ethics standards is an important step, as well as introducing codes of ethics and conduct. These standards help companies to set employee expectations and monitor for appropriate employee behaviour. Investigation guidelines are also needed to help employees from various departments conduct workplace investigations, through collaborations between human resources, risk, legal, technology and internal audit. However, as Mr Frey notes, these departments should be led by the C-suite and senior management, who must empower and provide proper resources to those individuals who have day-to-day responsibilities to mitigate ethics and compliance risks and build organisational trust. “‘Tone at the top’ ultimately determines the success of investigatory and compliance programmes,” he says. “If you have high-level reporting and engagement, that typically crosses and breaks down departmental barriers, you tend to facilitate better, more cost and time efficient investigations”.
© Financier Worldwide