If Legal & Compliance are no longer in the driving seat on ethics, what next?
Things are moving fast
From tax deductible bribes abroad in the early 2000s to CEOs and executive management being sentenced for jail time. Ethics & Compliance has moved fast. And it's going apace in new, fascinating directions.
That this is happening is perhaps no surprise when one looks at the shortening of the news cycle, 'constant politics' and a real public interest in ethics and the truth. Not to mention new technologies.
As well as an increased pace we see the convergence of rules across disciplines. Recent sanctions guidance looks remarkably similar to FCPA, UKBA and Sapin II guidance. There has been talk of introducing the presumption of liability and adequate procedures into fraud legislation (à la UK Bribery Act).
So where is the ethics and compliance function in this?
It seems to me that the ethics and compliance function (E&C) isn't the one driving ethics any more ... has ethics become core business? Look at how the SDGs are being used to sell mission statements that translate directly to the revenue line. And the lack of E&C functions in that drive. My take is that things will develop further in this direction.
Many companies (with some very disappointing exceptions) have the basics of E&C fixed. Good ones have hit a 'rolling state' of continuous improvement. Unless your company is particularly exposed, compliance may not be given the attention it once was by the board and leadership.
Lastly, digital transformations have shifted the tectonic plates and E&C isn't necessarily involved. Over 80% of companies' say they've been undergoing a digital transformation in the past five years (McKinsey, Unlocking Success in Digital Transformations, 2019). In my experience legal and compliance experts are almost never comfortable with cutting edge technology.
How do you lead when you're no longer driving? Three examples.
Good news - digital and artificial intelligence are in flux and malleable
The business wants your engagement - so be proactive! Step forward with your key principles for ethical use of data and digital tools, especially related to artificial intelligence. Later down the road, you'll be glad you at least set some broad brush strokes.
Build on what GDPR doesn't get to. Bias & inclusion are fertile ground for improvements by E&C. Governance and independent oversight of tools are a second area where boards could be given comfort by the function.
Go deeper where digital efforts leak into traditional compliance concerns. Competition law is a big worry when new & quick collaborations & partnerships become a core business aim.
Be prepared for bad news - crisis management
If you're not in everybody's focus right now, you will be when a crisis hits within your scope. PwC's recent survey on crises is excellent work, and shows just how reputational, leadership and ethical crises play out and interact. (PwC, Global Crisis Survey, 2019).
Even if the process is typically owned by the Corporate Security team, E&C is a big part of crisis management. Have an investigations procedure in place or revisit the existing one, ensuring it is a detailed but flexible written document.
Practise crisis management during global team meetings. You won't get a chance to practise when an insoluble issue lands on your desk.
If you don't own or coordinate the work on sustainability, get involved!
Ensure that the key elements are mapped over to E&C roles, that your data is reflected in reporting requirements, and that your voice is heard.
I have strongly advised boards to combine ESG with ethics and compliance's work as a natural, logical fit.
Things are moving fast, and E&C cannot and shall not be left behind. As a function it is uniquely placed to really manage risks.
Adapt to your surroundings, pick your battles and convincingly tell your story!