How Ethics and Integrity Can Elevate Compliance Management to the Next Level

Compliance management is getting more and more challenging due to a variety of factors. The?complexity and diversity of regulation?require organizations to navigate a labyrinth of laws and standards that can vary significantly across different jurisdictions and sectors. Additionally, the?global nature of business?introduces a multitude of cultural nuances that must be considered, further complicating compliance efforts. Organizations also face?pressure to meet business and performance goals, which can sometimes conflict with compliance requirements. The dynamic and unpredictable nature of the?business environment?adds to the complexity, with factors such as globalization, digitalization, and innovation creating new compliance risks and uncertainties. These challenges highlight the need for a rethinking in compliance management, moving towards a more proactive, integrated, and value/principle-based approach.

Looking into traditional management approaches, the compliance management is the process of ensuring that an organization and its employees adhere to the laws, regulations, policies, and standards that apply to its operations and activities. Compliance management is essential for preventing legal risks, reputational damage, financial losses, and operational inefficiencies. Compliance management also helps to foster a culture of trust, transparency, and accountability within an organization and with its stakeholders.

In this context, the compliance program is the set of policies, procedures, controls, training, and monitoring mechanisms that an organization implements to achieve its compliance objectives. Those programs vary in scope and complexity depending on the size, nature, and industry of the organization, as well as the regulatory environment in which it operates. However, some global standards and best practices have emerged to guide the design and evaluation of effective compliance programs. For example, the U.S. Department of Justice (DOJ) has issued guidance on the evaluation of corporate compliance programs, which outlines the factors that prosecutors consider when assessing the adequacy and effectiveness of a compliance program. Similarly, the U.S. Foreign Corrupt Practices Act (FCPA) provides a framework for preventing and detecting bribery and corruption in international business transactions.

The Evolution of Compliance Management

These Compliance management approaches has evolved over time in response to the changing regulatory landscape and the increasing expectations of stakeholders. One of the key drivers of this evolution was the emergence of anti-bribery/corruption and anti-trust compliance as the baseline for systematic compliance management in the mid-2000s. These areas of compliance were prompted by the enactment and enforcement of laws such as the FCPA, the UK Bribery Act, and the EU Competition Law, which aimed to combat the widespread and harmful effects of bribery, corruption, and anti-competitive practices on the global economy and society. These laws also imposed significant penalties and sanctions on organizations and individuals who violated them, creating a strong incentive for compliance.

As a result, many organizations developed and implemented compliance programs that focused on preventing, detecting, and responding to these specific risks – mainly policy driven. These programs typically included elements such as risk assessments, codes of conduct, policies and procedures, training and communication, due diligence, internal controls, auditing and monitoring, reporting and whistleblowing, investigation and remediation, and continuous improvement. These elements were aligned with the global standards and best practices that were established by regulators, industry associations, and professional bodies. Looking back, these elements have been strongly and solidly developed – but the world is changing.

The Challenges of Compliance Management

However, compliance management is not a static or one-size-fits-all process. It is a dynamic and adaptive process that needs to keep pace with the changing needs and expectations of the organization and its stakeholders. In recent years, compliance management has faced several challenges that have tested its effectiveness and efficiency. Some of these challenges include:

• The increasing complexity and diversity of regulation. Organizations today have to comply with a multitude of laws, regulations, standards, and guidelines that cover various aspects of their operations and activities, such as data protection, environmental protection, Artificial Intelligence/digital, human rights, labor standards, health and safety, consumer protection, and corporate governance. These regulations may vary across different jurisdictions, sectors, and markets, creating a complex and sometimes conflicting compliance landscape.
• The increasing expectations and scrutiny of stakeholders. Organizations today have to meet the rising demands and expectations of their stakeholders, such as customers, employees, investors, regulators, media, and civil society. These stakeholders expect organizations to not only comply with the letter of the law, but also with the spirit of the law, and to demonstrate their commitment to ethical and responsible business practices – including sustainability, ethics and ESG. These stakeholders also have more access and influence than ever before, thanks to the proliferation of digital and social media platforms, which enable them to monitor, review, and comment on the performance and behavior of organizations.
• The increasing uncertainty and volatility of the business environment. Organizations today have to operate in a fast-changing and unpredictable business environment, which is characterized by factors such as globalization, digitalization, innovation, competition, disruption, and crisis. These factors create new opportunities and challenges for organizations, but also new risks and uncertainties that may affect their compliance objectives and outcomes. These risks and uncertainties may include political, economic, social, technological, legal, and environmental changes, as well as emerging issues such as cybercrime, fraud, and terrorism.

The Need for a New Approach to Compliance Management

These challenges have exposed the limitations and shortcomings of the traditional approach to compliance management, which is often reactive, siloed, and rule-based. This approach may not be sufficient or effective to address the complex, diverse, and dynamic compliance issues that organizations face today. Therefore, there is a need for a new approach to compliance management, one that is proactive, integrated, and principle-based. This approach is based on the concept of "Ethics and Integrity", which is the idea that compliance is not only a matter of following rules, but also a matter of doing the right thing, for the right reasons, in the right way.

EY’s Global Integrity Report 2024 Findings: 53% of global respondents say that employee turnover and employees not understanding policy are the greatest internal threats to organizational standards of integrity.

Ethics and Integrity is not a new concept, but it is gaining more attention and recognition as a key driver and enabler of compliance management. Ethics and Integrity can elevate compliance management to the next level by providing a common vision, a shared culture, and a strong foundation for the organization and its stakeholders. Ethics and Integrity can also help to overcome some of the challenges that compliance management faces, such as:

• Reducing the complexity and diversity of regulation. By adopting a principle-based approach, organizations can simplify and harmonize their compliance requirements and standards across different domains and jurisdictions, and focus on the underlying values and objectives that they aim to achieve. For example, instead of complying with multiple and varying anti-bribery/corruption laws, organizations can adopt a universal principle of zero-tolerance for bribery and corruption, and implement consistent and coherent policies and procedures to uphold this principle.
• Meeting the expectations and scrutiny of stakeholders. By demonstrating a commitment to ethics and integrity, organizations can build and maintain the trust and confidence of their stakeholders, and enhance their reputation and credibility. For example, instead of merely complying with the minimum legal requirements, organizations can go beyond compliance and adopt best practices and standards that reflect their ethical and responsible business practices, and communicate and report on their progress and performance to their stakeholders.
• Managing the uncertainty and volatility of the business environment. By embedding ethics and integrity into their strategy, culture, and operations, organizations can increase their resilience and agility to cope with the changing and challenging business environment, and seize the opportunities and mitigate the risks that arise. For example, instead of reacting to the external changes and pressures, organizations can proactively anticipate and adapt to the emerging trends and issues, and leverage their ethical and integrity values and principles to guide their decision-making and actions.

The Fundamentals of Ethics and Integrity Management

Ethics and Integrity management is the process of integrating ethics and integrity into the compliance management system of an organization. Ethics and Integrity management is not a separate or standalone process, but rather a complementary and reinforcing process that enhances and supports the existing compliance management system. Ethics and Integrity management aims to ensure that the organization and its employees not only comply with the rules, but also act with ethics and integrity. And besides this: The US Department of Justice (DOJ) underpinned the importance of integrity & ethics in their most recent guidance on compliance programs - which is a must-read for all practitioners.

"Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top." Quote: DOJ Compliance Program Guidance (2020)

Ethics and Integrity management involves several elements, such as:

• Ethics and Integrity vision and strategy. This is the statement of the organization's ethics and integrity values and principles, and how they align with its vision, mission, and goals. This statement provides the direction and guidance for the organization and its stakeholders on what ethics and integrity mean for the organization, and what the organization expects and aspires to achieve in terms of ethics and integrity.
• Ethics and Integrity culture and leadership. This is the set of beliefs, attitudes, and behaviors that shape and influence the ethics and integrity of the organization and its employees. This culture is driven and supported by the leadership of the organization, who set the tone and example for ethics and integrity, and who foster and promote a culture of ethics and integrity within the organization and with its stakeholders. Including a consideration of ethics-management influence compensation.
• Ethics and Integrity programs, policies and procedures. This is the set of governance, programs, rules and guidelines that define and operationalize the ethics and integrity of the organization and its employees. These structures, policies and procedures are aligned with the ethics and integrity vision and strategy and are integrated with the compliance policies and procedures. These policies and procedures cover various aspects of ethics and integrity, such as conflicts of interest, gifts and hospitality, whistleblowing/speak-up, human rights, diversity and inclusion, and sustainability.
• Ethics and Integrity training, discussions and communication. This is the set of activities and tools that educate and inform the organization and its employees about the ethics and integrity of the organization and its expectations and requirements. These activities and tools include training, workshops, conversations and other awareness programs, communication and engagement campaigns, ethics and integrity champions and ambassadors, and ethics and integrity resources and materials.
• Ethics and Integrity Speak Up culture and Conversation readiness: Tone from the top, Walk the talk and ethics interaction with middle management and other leaders is critical to establish trust and transparency. Employees should feel safe in discussion dilemma situations and/or matters of concern; should receive proper guidance by leadership (based on principles and values) and should not hesitate to speak-up and lead by example in ethics. The speak-up program needs to be strong.
• Ethics and Integrity monitoring and evaluation. This is the set of mechanisms and indicators that measure and assess the ethics and integrity of the organization and its employees. These mechanisms and indicators are aligned with the ethics and integrity vision and strategy, and are integrated with the compliance monitoring and evaluation mechanisms and indicators. These mechanisms and indicators include ethics and integrity audits and reviews, ethics and integrity surveys and feedback, ethics and integrity reports and disclosures, and ethics and integrity recognition and rewards. Measuring ethical climate with KPIs is not easy – but helps to demonstrate the truth of business compliance and ethics thinking. Is ethics “Window dressing”, “a burden in business” or an “enabler for better operations”?
• Ethics and Integrity improvement and innovation. This is the set of processes and practices that enable and encourage the organization and its employees to continuously improve and innovate their ethics and integrity. These processes and practices are aligned with the ethics and integrity vision and strategy, and are integrated with the compliance improvement and innovation processes and practices. These processes and practices include ethics and integrity risk management, ethics and integrity issue management, ethics and integrity learning and development, and ethics and integrity benchmarking and best practices. Tech Transformation with easy-to-use apps, workflows and gamification components can significantly contribute to the level of ethics acceptance and cultural integration in an organization.
• Empowerment of the risk/compliance and ethics function and live “zero tolerance”: One important note: Investing in Risk, Compliance and Ethics is not a cost block – it’s critical for the license to operate, negotiating the organization and the employees in the right direction of travel and demonstrate strong execution in awareness – but also in business decisions and consequence management. Leadership needs to ensure that the ethics and compliance office has a strong seat on the table, is empowered to drive C&E effectively, but is also not negotiable while it comes to critical questions of ethics and integrity.

?Combining the ethics strategy with the corporate vision and long-term value is a must; and ethics needs to be strongly embedded into the organization.

Conclusion

Compliance management is a vital and valuable process for any organization that wants to operate legally, ethically, and responsibly. However, compliance management is not a static or one-size-fits-all process. It is a dynamic and adaptive process that needs to evolve and improve over time to meet the changing needs and expectations of the organization and its stakeholders. Ethics and Integrity is a concept and an approach that can elevate compliance management to the next level, by providing a common vision, a shared culture, and a strong foundation for the organization and its stakeholders. Ethics and Integrity can also help to overcome some of the challenges that compliance management faces, such as the complexity and diversity of regulation, the expectations and scrutiny of stakeholders, and the uncertainty and volatility of the business environment.

Ethics and Integrity management is the process of integrating ethics and integrity into the compliance management system of an organization, by implementing various elements such as ethics and integrity vision and strategy, ethics and integrity culture and leadership, ethics and integrity policies and procedures, ethics and integrity training and communication, ethics and integrity monitoring and evaluation, and ethics and integrity improvement and innovation. By adopting and applying ethics and integrity management, organizations can not only comply with the rules, but also act with ethics and integrity, and achieve their compliance objectives and outcomes.

But don’t forget: Investing in ethics is not a one-time shop order. It’s a marathon – but with tremendous value for an organization.

Note: Views expressed in this post represent my personal opinions and do not necessarily represent the position of EY.

?