How Ethics and Integrity Can Elevate Compliance Management to the Next Level
Compliance management is getting more and more challenging due to a variety of factors. The?complexity and diversity of regulation?require organizations to navigate a labyrinth of laws and standards that can vary significantly across different jurisdictions and sectors. Additionally, the?global nature of business?introduces a multitude of cultural nuances that must be considered, further complicating compliance efforts. Organizations also face?pressure to meet business and performance goals, which can sometimes conflict with compliance requirements. The dynamic and unpredictable nature of the?business environment?adds to the complexity, with factors such as globalization, digitalization, and innovation creating new compliance risks and uncertainties. These challenges highlight the need for a rethinking in compliance management, moving towards a more proactive, integrated, and value/principle-based approach.
Looking into traditional management approaches, the compliance management is the process of ensuring that an organization and its employees adhere to the laws, regulations, policies, and standards that apply to its operations and activities. Compliance management is essential for preventing legal risks, reputational damage, financial losses, and operational inefficiencies. Compliance management also helps to foster a culture of trust, transparency, and accountability within an organization and with its stakeholders.
In this context, the compliance program is the set of policies, procedures, controls, training, and monitoring mechanisms that an organization implements to achieve its compliance objectives. Those programs vary in scope and complexity depending on the size, nature, and industry of the organization, as well as the regulatory environment in which it operates. However, some global standards and best practices have emerged to guide the design and evaluation of effective compliance programs. For example, the U.S. Department of Justice (DOJ) has issued guidance on the evaluation of corporate compliance programs, which outlines the factors that prosecutors consider when assessing the adequacy and effectiveness of a compliance program. Similarly, the U.S. Foreign Corrupt Practices Act (FCPA) provides a framework for preventing and detecting bribery and corruption in international business transactions.
The Evolution of Compliance Management
These Compliance management approaches has evolved over time in response to the changing regulatory landscape and the increasing expectations of stakeholders. One of the key drivers of this evolution was the emergence of anti-bribery/corruption and anti-trust compliance as the baseline for systematic compliance management in the mid-2000s. These areas of compliance were prompted by the enactment and enforcement of laws such as the FCPA, the UK Bribery Act, and the EU Competition Law, which aimed to combat the widespread and harmful effects of bribery, corruption, and anti-competitive practices on the global economy and society. These laws also imposed significant penalties and sanctions on organizations and individuals who violated them, creating a strong incentive for compliance.
As a result, many organizations developed and implemented compliance programs that focused on preventing, detecting, and responding to these specific risks – mainly policy driven. These programs typically included elements such as risk assessments, codes of conduct, policies and procedures, training and communication, due diligence, internal controls, auditing and monitoring, reporting and whistleblowing, investigation and remediation, and continuous improvement. These elements were aligned with the global standards and best practices that were established by regulators, industry associations, and professional bodies. Looking back, these elements have been strongly and solidly developed – but the world is changing.
The Challenges of Compliance Management
However, compliance management is not a static or one-size-fits-all process. It is a dynamic and adaptive process that needs to keep pace with the changing needs and expectations of the organization and its stakeholders. In recent years, compliance management has faced several challenges that have tested its effectiveness and efficiency. Some of these challenges include:
The Need for a New Approach to Compliance Management
These challenges have exposed the limitations and shortcomings of the traditional approach to compliance management, which is often reactive, siloed, and rule-based. This approach may not be sufficient or effective to address the complex, diverse, and dynamic compliance issues that organizations face today. Therefore, there is a need for a new approach to compliance management, one that is proactive, integrated, and principle-based. This approach is based on the concept of "Ethics and Integrity", which is the idea that compliance is not only a matter of following rules, but also a matter of doing the right thing, for the right reasons, in the right way.
EY’s Global Integrity Report 2024 Findings: 53% of global respondents say that employee turnover and employees not understanding policy are the greatest internal threats to organizational standards of integrity.
Ethics and Integrity is not a new concept, but it is gaining more attention and recognition as a key driver and enabler of compliance management. Ethics and Integrity can elevate compliance management to the next level by providing a common vision, a shared culture, and a strong foundation for the organization and its stakeholders. Ethics and Integrity can also help to overcome some of the challenges that compliance management faces, such as:
The Fundamentals of Ethics and Integrity Management
Ethics and Integrity management is the process of integrating ethics and integrity into the compliance management system of an organization. Ethics and Integrity management is not a separate or standalone process, but rather a complementary and reinforcing process that enhances and supports the existing compliance management system. Ethics and Integrity management aims to ensure that the organization and its employees not only comply with the rules, but also act with ethics and integrity. And besides this: The US Department of Justice (DOJ) underpinned the importance of integrity & ethics in their most recent guidance on compliance programs - which is a must-read for all practitioners.
"Beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company. The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top." Quote: DOJ Compliance Program Guidance (2020)
Ethics and Integrity management involves several elements, such as:
?Combining the ethics strategy with the corporate vision and long-term value is a must; and ethics needs to be strongly embedded into the organization.
Conclusion
Compliance management is a vital and valuable process for any organization that wants to operate legally, ethically, and responsibly. However, compliance management is not a static or one-size-fits-all process. It is a dynamic and adaptive process that needs to evolve and improve over time to meet the changing needs and expectations of the organization and its stakeholders. Ethics and Integrity is a concept and an approach that can elevate compliance management to the next level, by providing a common vision, a shared culture, and a strong foundation for the organization and its stakeholders. Ethics and Integrity can also help to overcome some of the challenges that compliance management faces, such as the complexity and diversity of regulation, the expectations and scrutiny of stakeholders, and the uncertainty and volatility of the business environment.
Ethics and Integrity management is the process of integrating ethics and integrity into the compliance management system of an organization, by implementing various elements such as ethics and integrity vision and strategy, ethics and integrity culture and leadership, ethics and integrity policies and procedures, ethics and integrity training and communication, ethics and integrity monitoring and evaluation, and ethics and integrity improvement and innovation. By adopting and applying ethics and integrity management, organizations can not only comply with the rules, but also act with ethics and integrity, and achieve their compliance objectives and outcomes.
But don’t forget: Investing in ethics is not a one-time shop order. It’s a marathon – but with tremendous value for an organization.
Note: Views expressed in this post represent my personal opinions and do not necessarily represent the position of EY.
?