NAVEX Global’s Carrie Penman gives advice on how UK companies can develop policies that promote integrity, ethics and respect
Not too long ago, ethics and compliance regulatory initiatives and best practices were considered to be a US-led phenomenon. But in the past 15 years the centre of gravity has shifted. Today, regulatory initiatives and best practices are more likely to come from the UK, the EU, or countries other than the US. Ethics and compliance scandals are just as common in Rio de Janeiro (in the case of Petrobras) or Wolfsburg, Germany (in the case of VW), as they are in Houston or New York.
But has this growth in global ethics and compliance scandals and regulations led to a standardisation of compliance culture across different markets? In our experience the answer is “no”, and there remain wide disparities in the way that compliance culture is entrenched in businesses in different parts of the world.
There are a number of reasons global compliance standards have converged. First and foremost is the increased interconnectedness of global business. This is particularly true in financial services, science, and technology, where the alignment of standards is of high importance.
The second reason is the global advance of the rule of law, especially as it pertains to combating bribery and corruption and advancing human rights, which has brought about minimum standards in ethics to countries across the world.
Third is the scrutiny that comes from the all-seeing eye of business and social media. More often than not social media is a force for good that has empowered citizens to become whistleblowers, particularly in emerging markets where formal whistleblowing procedures tend to be more nascent. In Nigeria, for example, the Anti-Corruption Internet Database (ACID) enables members of the public to report incidents of corruption via text or Twitter live onto Google Maps.
UK firms three to five years behind
With all of this in mind, ethics and compliance professionals, no matter where they’re located, need to stay up to date on the latest news from the European Union courts, the UK’s Serious Fraud Office and all manner of international organisations, including the United Nations, the ISO and the Organisation for Economic Co-operation and Development (OECD).
While businesses globally are striving to meet their regulatory requirements, experience and research suggest that UK firms are as much as three to five years behind the US in developing an ingrained ethics and compliance culture, with the rest of Europe at least five years behind that.
For example, our research shows that while in the US the use of employee incident reporting hotlines is at an all-time high, organisations in Europe, the Middle East and Africa and Asia-Pacific are receiving very few reports, with fewer than two incidents filed for every 1,000 employees in 2015, compared to 13 reports per 1,000 employees in the US.
This disparity cannot be explained by a lack of whistleblower incentives alone. Reasons why employees (anywhere in the world) do not report incidents include: a lack of awareness of the reporting mechanisms available to them, including whistleblower hotlines; a belief that nothing will be done even if they do file a report; and fear of retaliation by colleagues or managers.
Four steps to a step-change
As new regulations become entrenched and business becomes ever more global, ethics and compliance programmes outside the US are likely to continue to mature and converge, and the differences in reporting levels will lessen.
Faced with the dual pressures of complying with regulations from multiple jurisdictions while instilling a strong behavioural ethos that permeates through the business, there are a number of steps that can advance a firm’s ethics and compliance culture:
1 Get help to stay informed. The legal landscape is changing rapidly and it is important to fully understand the law in the jurisdictions where your firm operates. Consider creating a mechanism to keep yourself informed and to help you anticipate, identify, prioritise and react to change. Enlist the help of local legal liaisons to keep up to date and be sure to broaden your sources for information and best practices, for example by attending ethics and compliance conferences.
2 Identify your organisation’s risk areas and obligations. It is not always easy to determine which provisions apply to your organisation, but doing so is important. For instance, when setting up your whistleblower/compliance hotline you’ll need to know whether any country-specific regulations apply. Further, ensure that your organisation has conducted an ethics and compliance risk assessment and that the findings inform the operation of the ethics and compliance programme. Doing so will help you make the best use of scarce resources.
3 Keep key decision makers up to date. You may be in the best position to regularly update senior leadership on ethics and compliance regulatory and best practice developments. Include this information in your regular communications and as part of your risk assessment process.
4 Develop targeted communications and training. Often the most successful way to implement such training for those impacted by regulations is to involve local managers, or “compliance champions”, both to ensure cultural resonance and local relevance as well as to demonstrate that these policies are priorities of the business, not just the ethics and compliance team.
The global compliance landscape is constantly shifting, with change in Europe driven by Brexit particularly noticeable. But, while meeting global audit or certification requirements is essential for any business, prioritising an organisational culture – from the top down – that promotes integrity, ethics and respect, and supports employees in good decision-making, brings benefits far beyond compliance.
And even though many countries and organisations are at different stages in the evolution of their compliance culture, in time we can expect even more convergence.
Carrie Penman is chief compliance officer and senior vice president, advisory services, at NAVEX Global.
Ethical Corporation is holding its Compliance and Conduct Risk in Financial Services Forum conference in London 7-8 June.
Main image credit: Testing