An Ethics and Compliance Program in Seven Steps

"Ethics is the activity of man directed to secure the inner perfection of his own personality" - Albert Schweitzer

Want to build a culture of integrity in your organization? Sure you do. Here's how: Effective ethics and compliance programs are key in this objective.

Establishing compliant and ethical behaviour among the masses, and regulating against non-compliance is a big step in the fight against fraud and abuse. All organizations have their own unique plan in the running of their businesses and achieving success, but there's a similar foundation that sets the base of any effective program, in any industry.

It's important to promote a culture of compliant and ethical behavior, and exercise due diligence to prevent and detect criminal conduct, otherwise you'll find your organizations subject, but not limited to, fines, periods of probation for federal offenses, securities, bribery, fraud, money laundering, criminal business activities, extortion, embezzlement, conspiracy, and other sinful activities that just might have your tail between your legs if caught!... and not to mention media scrutiny, front page news, verbal backlash, twitter fodder... well you get the idea.




So, what are the elements of an effective compliance program (to help prevent all that nasty stuff)?

Communicate standards and procedures:
Key to a company’s ability to create a culture of integrity is to ensure employees are communicated to and understand what standards and procedures they should be adhering to. Employees, and all stakeholders for that matter, need to be living and breathing the organization's Code of Conduct. Expected behaviour, as outlined in the Code, needs to be understood by everyone. So go ahead, educate everyone - have lunch and learns, team meetings, performance reviews... communicate, then communicate again.

High-Level oversight:
Someone has to facilitate the ethics and compliance program, someone higher in the totem pole of seniority. Meet your compliance officer. This position must be held by a strong and honest leader, or group of leaders depending on the size of your organization. The person or people holding this position should be vetted - exercising of appropriate due diligence must be completed before handing over those reigns - because they are higher in authority, and according to the ACFEs 2014 Report to the Nations, the higher the position in seniority, the more median fraud is committed.

Educate and train:
Education and training organization-wide is vital to the success of your program. Many organizations have policies in place but have not communicated them fully to achieve optimum success. Then you find people doing things they're not supposed to (fraud because it "wasn't clear") and the organization suddenly finds itself in hot water. Hot water hurts... bad, and can ruin a business. All stakeholders need to understand the Code and need to prove they understand it via verification. So start collecting those John Henry's as proof.

Audit and monitor:
Any internal system needs to be checked out to see if it's working. Auditing and monitoring of the ethics and compliance program should be top of mind of the compliance officer. A focus on ensuring that relationships with third-party vendors, financial and accounting entities, remain compliant in order to prevent fraud, bribes, abuse, and other wrongdoings

Organizations should have a formal whistleblower system in place as part of their ethics and compliance program. It's important to ensure that every employee and stakeholder has a place to safely and anonymously report or voice any allegations of wrongdoing without fear of retaliation. Implementing a third-party system is the best solution to allow reporting of wrongdoing anonymously and ensures employees feel safe to voice their concerns.

When systems are set up and programs are put in place, there's the flip side to these - consequences when the rules and standards are not abided by... no matter the level of seniority of the employee within the organization, consequenses should be the same. From employees in the mail room to the CEO - if you commit fraud, or partake in bribes, you will be punished equally. Bad behaviour should not discriminate on position.

Address every allegation:
Don't ignore any allegation that comes forward. By responding to complaints, you're showing an interest in what whistleblowers are feeling or experiencing that made them come forward in the first place. Not all allegations may need outside help - IE stealing, harassment, etc. Some may actually be HR queries that can be passed off. IE. a co-worker keeps hanging around your desk updating you every 10 minutes on their personal life. These can be handled by Human Resources. But by communicating with the whistleblower, keeping them informed of the process, goes a long way!

Should your organization find itself suddenly the focus of felonious conduct, having an effective ethics and compliance program in place can greatly reduce any sentencing or fines the organization an incur. By protecting your organization with a comprehensive ethics and compliance program, you lessen your chances of facing major fines and violations.

There is a lesson here. Due diligence is smart business practice.




photo Amanda Nieweler

Amanda Nieweler

Amanda writes for WhistleBlower Security about ethics, compliance, workplace culture, and whistleblower hotlines. Amanda brings her nearly two decades of risk and compliance experience to the WBS blog where she is dedicated to helping people and companies promote speak-up cultures.