Hallmarks of Effective Compliance and Ethics Programs 13:12, November 8, 2016

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

bloglr_image_hallmarksofethicsandcomplicance_700x500

Hallmarks of Effective Compliance and Ethics Programs

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

The enactment of the Foreign Corrupt Practices Act (FCPA) in 1977, the Federal Sentencing Guidelines for Organizations (FSGO) in 1991, the Sarbanes–Oxley Act of 2002, and the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act all contributed to the perception that a code of ethics is solely a legal compliance and risk management tool. However, organizations that want more than check-the-box compliance know that compliance and ethics programs need to effectively promote a culture of honesty and integrity. This post will explain the “hallmarks” of effective compliance and ethics programs as set forth in the U.S. Securities and Exchange Commission’s (SEC) and U.S. Department of Justice’s (DOJ) FCPA Resource Guide.

Critical Components of a Code of Ethics

The FSGO made clear that a code of ethics must focus on changing behavior to create a culture in which individuals think and act according to the organization’s values. Specifically, to receive credit in sentencing, an organization’s ethics program must:

  •         include a code of conduct
  •         include a risk assessment process
  •         be promoted and enforced consistently throughout the organization
  •         provide appropriate incentives for compliance
  •         provide helplines for reporting suspected misconduct
  •         provide training on the program’s requirements
    .

When the SEC and DOJ review compliance and ethics programs, they are looking to answer these three questions:

  •         Is it well designed?
  •         Is it applied in good faith?
  •         Does it work?
    .

The SEC and DOJ’s guidance explains what it takes to meet these requirements, which we’ll summarize below.

Well-Designed Programs

As the FCPA Resource Guide points out, an organization’s compliance program needs to address its specific needs, risks, and challenges. In addition, the most effective codes are clear, concise, and accessible to all employees, agents, and consultants.

Periodic reviews are also important to make sure that the code of conduct addresses an organization’s changing needs and risk assessment. This approach allows resources to be focused on high-risk areas, increasing the effectiveness of the program and its compliance, since the “DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”

For example, employee surveys have been used to measure an organization’s compliance and ethics culture and to identify new risks. As business needs and legal requirements change, so should compliance and ethics programs.

Training and Continuing Advice

Creating and maintaining an ethical culture requires a sustainable effort. Periodic training for all directors, officers, relevant employees, agents, and business partners should cover policies and procedures and applicable laws, as well as provide case studies to practice skills in real-life situations. Ethics training should be delivered to all levels of the organization in a manner and in the language that is appropriate for the targeted audience.

Resources also need to be available for individuals at all times, so they can seek advice when faced with difficult or unique decisions.

Incentives and Rewards

Stephen Cutler, former Director of the Enforcement Division of the U.S. Securities and Exchange Commission (SEC), said this about rewarding individuals for doing the right thing:

[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.

The SEC and DOJ warn that no one should be deemed above or below compliance, and that organizations should instead reward lawful and ethical behavior with financial or career advancement incentives.

Applied in Good Faith

Research shows that procedural fairness through objective and consistent application of an organization’s code of ethics encourages employees to act ethically and comply with the rules. When an organization enforces its code of ethics in a fair manner, employees trust the organization’s commitment to its values. This encourages compliance with the organization’s policies and is significantly more effective than punishing ethics violations.

Encouraging reports of suspected misconduct is important to show an organization’s commitment to preventing unethical behavior. A previous blog post discusses how employers benefit when they encourage early reporting by internal whistleblowers.

Ethical Leadership

We’ve also written about effect of ethical leadership on employees’ perception of their leaders’ personal character. Leaders’ deeds speak much louder than their words and have a significant effect on promoting a culture of honesty and integrity. For example, companies that self-reported to the SEC that their employees bribed foreign officials avoided steeper fines and harsher scrutiny, but they also earned their employees’ confidence that the organization acts on its values and does the right thing.

As Stephen Cutler put it, “Setting the right tone means letting employees know that no one at the company is above the law; that no matter how important or how senior, someone who has violated an ethical standard will be punished.”

In 2009, the National Business Ethics Survey: Ethics in the Recession found “[e]thical culture is the single biggest factor determining the amount of misconduct that will take place in a business.”

In 2013, the National Business Ethics Survey found that misconduct was down, with the percentage of workers reporting that they observed misconduct on the job falling to an all-time low of 41%. However, workers surveyed also reported that 60% of misconduct involved individuals in supervisory up to top management roles, and that retaliation against workers reporting misconduct is still a widespread problem. Much work remains to be done to build a strong ethical culture and reduce the risk of misconduct.

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

You might also be interested in...

  • SEC Finds Violation for Failure to Require Code of Conduct ComplianceFebruary 1, 2017 SEC Finds Violation for Failure to Require Code of Conduct Compliance Failure to devise and enforce sufficient internal accounting controls to require compliance with a company's business code of conduct violates the Securities Exchange Act (Act), according to a recent order issued by the  Securities and Exchange Commission (SEC). The SEC imposed a $2.4 […] Posted in legal update, bribery
  • Develop and Implement an Effective Code of ConductDecember 9, 2016 Develop and Implement an Effective Code of Conduct Simply having a code of conduct is not enough. Research has found that the process an organization follows to develop a code of conduct can impact its effectiveness (Schwartz, 2008). Researchers have also suggested that the implementation process is an important factor in creating an […] Posted in ethical conduct
Karen Peterson
Karen Peterson is a legal editor at EverFi. Prior to joining the editorial staff, she spent several years in private legal practice. Now she applies her legal skills to research and writing on corporate compliance and higher education law. She earned a BA from UC Berkeley and a JD from the University of San Francisco Law School.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper

 

Compliance Course Catalog
  |   Download Catalog