[author: Charlotte Emerson]
On 9 June 2022, NAVEX hosted the 2022 European Risk and Compliance Virtual Conference, in which industry leaders and experts came together to discuss all the latest news, trends, updates and challenges surrounding company compliance, whistleblowing and ESG.
Below is a summary of some of the main points discussed throughout the three risk and compliance sessions of the virtual conference.
Why is Compliance Important?
Speakers: Giles Newman, Managing Director, International NAVEX and Natali Engstam Phalen, Specialist Counsel, Lindahl
Why does compliance matter and how does it influence corporate culture?
Outside of maintaining good standing with legal requirements, compliance is meant to apply a systematic approach to certain principles, standards, and ethical situations for employees to follow. By working in a systematic way, organisations can develop and grow an ethical and respectful culture. By combining ethics and compliance principles with factors such as ESG, companies operate more sustainably and see long-term business value.
Essential action items when starting a compliance journey
Compliance priorities vary depending on the organisation’s risk profile and which risks would have the greatest impact on the business.
The starting point for compliance programs, is a factually based risk analysis to understand the main risks the business faces. Once completed, the compliance areas that need to be prioritised will be clear. Leaders need to understand how compliance programs will work in practice, what the major risks are, and what areas of compliance would make the greatest impact to the business.
Organisations should have policies and procedures in place, along with appropriate communication and training, in order to fully integrate compliance into the organisation. Other key aspects include installing a whistleblowing or speak up programme and a structured approach to third parties. Compliance programs should include easily accessible resources for all employees and continuous monitoring of risk areas and third parties.
While there are many standard components to a compliance program, each organisation will need to tailor their program to meet the regulatory requirements and demands of the business.
How can companies measure the effectiveness of a compliance program?
The measure of success will depend on the metrics an organisation decides to implement. This can include completion and attestation rates of training, volume of whistleblowing reports, and more.
While non-metric-driven effects are challenging to measure, the influence of a compliance programme on behavior and company culture is an indicator of success. Companies should build benchmark reports to review program elements that are and are not successfully functioning. For example, some figures may relate to the number of third-party partnerships that were turned down in a year due to ethical concerns, or how many times the business escalated E&C inquiries to senior management in comparison to years before.
Emerging Behavioral Perspective on Bribery and Corruption
Speakers: Vera Chereponova, Ethics Advocate, Consultant, Author at Studio Etica and Michael Volkov CEO, The Volkov Law Group LLC
The essential factor of ethics
The most effective compliance programmes are those with a strong and positive ethical culture instilled within every part of the organisation. When the company projects a strong culture of ethics, and a supporting mission statement, employees tend to exhibit the desired behavior.
Companies can have established policies and procedures, but ultimately, the best form of control is instilling an ethical culture across the organisation. Because companies are unable to monitor all employee behavior, it is essential that ethical conduct is demonstrated by leadership and reiterated regularly. A culture of ethics is an essential factor in maintaining compliance. This topic continues to gain importance for the workforce, and guides decision making for investors – which means that ethics and compliance have wide-reaching impacts to the business as a whole.
Corruption: the path from legal to behavioral definition
When discussing bribery and corruption, it’s important to think beyond the narrow, legal definitions under the FCPA or UK Bribery Act. As such, it is important for compliance leaders to try and understand the criminal incentives and motivations, beyond the classic legal examples of it.
Now, many organisations are creating joint ‘anti-bribery and corruption’ policies and addressing corruption in a far broader sense. Some behaviors surrounding corruption, such as examples involving an abuse of trusted power, government officials and private entities include:
- Government officials demanding money or secure benefits in exchange for government services
- Government officials misuse of public money and resources e.g., jobs or contracts
- Businesses bribe officials to secure advantages and contracts
There are many factors that influence behavior around bribery and corruption. An organisation’s commitment to (or lack thereof) ethics and compliance, and cultural norms of the employee’s location are both factors that can affect behavior. Expectations about employee conduct and organisational culture must be managed to prevent instances of misconduct – and when issues arise, it’s important for leadership to address them swiftly and consistently.
Corruption policies and global measurements
The FCPA and UK Bribery Act, dictates that companies, on a global level, must have anti-bribery and corruption policies in place with a zero tolerance to corruption. However, a more sensible approach in the future is needed – one which considers the different country laws, customs, local markets, and values. Uniform expectations that fail to take those nuances into account decrease the efficacy of ethics and compliance programs.
Getting Board Buy In
Speakers: Sean M Thompson, President and Chief Executive Officer at NAVEX and Bob Conlin Executive Chairman at NAVEX
The relationship between the board of directors and the executive committee
Every board member has some degree of strategic, operational, legal, and ethical duty. Board members are there to provide oversight, governance and guidance for an organisation. Many board members are picked because of their prior experience that can help a company achieve its long and short-term goals.
Successful relationships between the board of directors and the executive committee include the following:
- An effective working strategy in place, highlighting the intended direction of the company and providing goals for the executive committee to work towards
- Board members must have confidence in the management team, knowing the team they are working with can effectively execute the strategy while protecting the company’s reputation
- Consistent communication between teams. Metrics to measure success, operational steps, challenges, and risk reporting from management are all vital and must be clearly communicated to the board. Board members have a legal duty, and therefore, need to understand the status of the company at a high-level view. This overview also helps the board to stay out of the operational steps taken by the executive committee, reducing relationship friction
- Board members need to know what the main risk categories are across the organisation and what risk mitigation efforts are currently in place
How to get the board engaged with the governance, risk and compliance agenda
In addition to the general oversight and governance obligations board members have, there is a global increase in legal and compliance requirements coming from regulators. As a result, organisations and board members are under scrutiny to meet these regulatory requirements.
Governance, risk and compliance (GRC) is an important concept for board members to understand, with board members recognizing the heightened pressures on those employees involved in legal audits, risk and compliance. Attention to GRC has grown significantly in recent with board members interested in what organisations are doing to maintain and accelerate their risk and compliance initiatives.
Board members have the responsibility to be aware of issues, including GRC-related challenges, within their organisation. Communication from management and the gathering relevant metrics, can help board members predict where those challenges could happen, mitigating GRC-related risks before they occur.
Management teams need to ensure the CEO and board members are educated about GRC and how this influences the strategic goals of the company. Management must provide board members with data, reports and dashboards on the various goals and initiatives taking place, surrounding GRC, and encourage board members to actively participate in those areas – something that is difficult to do without the correct data. Another tactic to engage the board, is to involve board members – such as those who are heads of committees, key projects or have specific compliance knowledge – with specific GRC activities.
The considerations of data and technology
One key issue boards and organisations face with data and technology is data silos. Companies can only manage what they can measure, so the right people must have access to data critical to areas such as GRC performance. Risk and compliance are not traditionally looked at as a holistic practice; there are HR risks, operational risks, IT risks, etc., all operating on their own systems. However, this is starting to change, and it is important that management teams begin to collapse these silos, and approach certain topics in a more holistic and integrated way. Doing so will assist the board to see challenges and where investments need to be made.
Board members need to ensure that an organisation is adequately resourced, especially in the critical areas relating to legal or regulatory compliance and risk management. It is also their responsibility to assist with technology implementation, so they can support company growth, profit, and fulfill any legal and compliance obligations. Management teams should demonstrate strong and weak areas of technology to the board, so that a strategy and budget can be put into place.
To learn more about how NAVEX can help your company stay compliant, discover our NAVEX ONE platform solutions here.