Hallmarks of Effective Compliance and Ethics Programs

The enactment of the Foreign Corrupt Practices Act (FCPA) in 1977, the Federal Sentencing Guidelines for Organizations (FSGO) in 1991, the Sarbanes – Oxley Act of 2002, and the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act all contributed to the perception that a code of ethics is solely a legal compliance and risk management tool. However, organizations that want more than check-the-box compliance know that compliance and ethics programs need to effectively promote a culture of honesty and integrity. This post will explain the “hallmarks” of effective compliance and ethics programs as set forth in the U.S. Securities and Exchange Commission’s (SEC) and U.S. Department of Justice’s (DOJ) FCPA Resource Guide.

Critical Components of a Code of Ethics

The FSGO made clear that a code of ethics must focus on changing behavior to create a culture in which individuals think and act according to the organization’s values. Specifically, to receive credit in sentencing, an organization’s ethics program must:

  • include a code of conduct
  • include a risk assessment process
  • be promoted and enforced consistently throughout the organization
  • provide appropriate incentives for compliance
  • provide helplines for reporting suspected misconduct
  • provide training on the program’s requirements

When the SEC and DOJ review compliance and ethics programs, they are looking to answer these three questions:

  • Is it well designed?
  • Is it applied in good faith?
  • Does it work?

The SEC and DOJ’s guidance explains what it takes to meet these requirements, which we’ll summarize below.

How to Meet the SEC and DOJ’s Requirements

Well-Designed Ethics and Compliance Programs

As the FCPA Resource Guide points out, an organization’s compliance program needs to address its specific needs, risks, and challenges. In addition, the most effective codes are clear, concise, and accessible to all employees, agents, and consultants.

Periodic reviews are also important to make sure that the code of conduct addresses an organization’s changing needs and risk assessment. This approach allows resources to be focused on high-risk areas, increasing the effectiveness of the program and its compliance, since the “DOJ and SEC take into account whether and to what degree a company analyzes and addresses the particular risks it faces.”

For example, employee surveys have been used to measure an organization’s compliance and ethics culture and to identify new risks. As business needs and legal requirements change, so should compliance and ethics programs.

Training and Continuing Advice

Creating and maintaining an ethical culture requires a sustainable effort. Periodic training for all directors, officers, relevant employees, agents, and business partners should cover policies and procedures and applicable laws, as well as provide case studies to practice skills in real-life situations. Ethics training should be delivered to all levels of the organization in a manner and in the language that is appropriate for the targeted audience.

Resources also need to be available for individuals at all times, so they can seek advice when faced with difficult or unique decisions.

Incentives and Rewards

Stephen Cutler, former Director of the Enforcement Division of the U.S. Securities and Exchange Commission (SEC), said this about rewarding individuals for doing the right thing:

Make integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.

The SEC and DOJ warn that no one should be deemed above or below compliance, and that organizations should instead reward lawful and ethical behavior with financial or career advancement incentives.

Applied in Good Faith

Research shows that procedural fairness through objective and consistent application of an organization’s code of ethics encourages employees to act ethically and comply with the rules. When an organization enforces its code of ethics in a fair manner, employees trust the organization’s commitment to its values. This encourages compliance with the organization’s policies and is significantly more effective than punishing ethics violations.

Encouraging reports of suspected misconduct is important to show an organization’s commitment to preventing unethical behavior. A previous blog post discusses how employers benefit when they encourage early reporting by internal whistleblowers.

Ethical Leadership

We’ve also written about effect of ethical leadership on employees’ perception of their leaders’ personal character. Leaders’ deeds speak much louder than their words and have a significant effect on promoting a culture of honesty and integrity. For example, companies that self-reported to the SEC that their employees bribed foreign officials avoided steeper fines and harsher scrutiny, but they also earned their employees’ confidence that the organization acts on its values and does the right thing.

As Stephen Cutler put it, “Setting the right tone means letting employees know that no one at the company is above the law; that no matter how important or how senior, someone who has violated an ethical standard will be punished.”

In 2009, the National Business Ethics Survey: Ethics in the Recession found “[e]thical culture is the single biggest factor determining the amount of misconduct that will take place in a business.”

In 2013, the National Business Ethics Survey found that misconduct was down, with the percentage of workers reporting that they observed misconduct on the job falling to an all-time low of 41%. However, workers surveyed also reported that 60% of misconduct involved individuals in supervisory up to top management roles, and that retaliation against workers reporting misconduct is still a widespread problem. Much work remains to be done to build a strong ethical culture and reduce the risk of misconduct.

The Relationship Between Positive Culture and Corporate Reputation

Efforts to protect reputations fail when compliance programs don't address ethical issues on a cultural level.