The Ethics Journey Part 2
Beware the business enablers and the friendly lawyers who tell you there’s no issue. They will sweep problems under the carpet through ignorance, and you may later find yourself in far greater trouble. E&C must cause friction and impassioned debate; that’s how it's done right. After all, ethics isn't black and white. It's painful and controversial.
In most of our work we try to focus on a positive message. But this doesn’t help when you’re in a crisis - whether it’s obviously a crisis like a corruption scandal, or whether you’re sleep-walking through problem after problem. Whilst a crisis isn’t inevitable, it is a big part of how most industries experience ethics and compliance. This post is not concerned with positivity for its own sake. It’s just not that relevant here.
Last week I wrote briefly about the context in which compliance has developed. Here we look at how companies and individuals experience this journey through a few select topics. There are countless other discussion points about the ethics journey, but those will have to be for another day.
Are we in a rush? Companies going at their own leisurely pace
Some companies have been fortunate not to have had public E&C issues that create a sense of obligation to put a decent program in place. Active shareholders, a diligent CEO or external rules would be the key to making progress on E&C in such organisations. But in the absence of these other pressures, headway can be tough. And of course, the company’s financial situation can dictate a lot when it comes to what you can achieve.
Genuine early-movers are rare even though those who pitch E&C as a competitive advantage can reap huge rewards. Volvo Cars is a nice example of genuine and consistent thinking around why decisions are made, and how we can develop behaviour positively. Such foresight is only found when combined with sufficient ‘air cover’ from the top to drive change. There are lamentably few examples.
I have seen many companies who have in fact had public issues yet fail to get over even the first hurdles. This is dangerous territory, where a cycle of non-compliance can take hold. It’s a problem typically faced by industrials in B2B markets. They don’t feel like they’re exposed, as they don’t deal directly with the public. They often don’t face structured and specific legal or financial regulations. And the core of their business often has an engineering and safety focus. Once they enter this cycle, fines and penalties for ethics violations can be viewed as a cost of doing business. Pay them and move on to pushing the envelope further. Prosecutors should single out such recidivism for especially harsh treatment. If you’re a board member looking for simple ways to break such ‘paper compliance programs’, see here: https://www.northstarcompliance.net/post/helping-board-members-improve-paper-compliance-programs
Where is home?
Where do we put this thing, ‘E&C’? Does the CEO take it? Is it a Communications thing? Is it an Audit job? How about Legal?
You can picture an executive team pondering this dilemma if E&C is thrust on to them. Where on earth do you house it? The only correct answer is the first one – the CEO. And even then it’s only half right because the function needs independence and dotted lines into the Audit Committee and full Board of Directors. Why do so many companies get this wrong?
Compliance is often treated like a large bucket for all of the issues without a home, or all the issues that have ‘compliance’ in their title. In my first CCO role I had to defend the function from taking on all sorts of financial and operational tasks. This speaks to the lack of understanding about what E&C does. This dearth of knowledge and tendency to throw things into the bottomless pit mean that E&C itself is often mis-placed in the organisation.
Surveys indicate that E&C reports to CEOs in around half of all respondents. The other half mostly report to the General Counsel, with a handful to Audit/Business Assurance and others. A few sit on executive management teams.
The reporting line into Legal has always been difficult for people to explain. Legal makes decisions, they rally the troops and they advocate positions taken by the company. If the Chief Compliance Officer reports to the General Counsel, there must be some significant safeguards for him or her to be able to independently review all decisions in the company. There must be space for Legal’s processes to fall under the same scrutiny as all other functions. If there has been a failure by Legal as part of an acquisition, why shouldn’t that be brought up, discussed and improved? If Legal has failed to put in place adequate contract management routines, why shouldn’t that be on the Board’s table?
If we continue to insulate Legal from scrutiny, we allow a major conflict of interest right at the top of the organisation. Perhaps the worst set up I will ever witness involved both the CCO and the Head of Audit reporting to the General Counsel. The conflicting pressures on the GC were shamefully apparent to onlookers.
To be clear, there is also no such thing as a combined Ethics and Legal department. Operational responsibility cannot sit in the same place as the ethics and compliance team. The self-review risk would be unavoidable, and the second line of defence would be broken.
When an ethics scandal hits and a crisis ensues, you need a calm and factual approach. What actually happens is a political merry-go-round as positions are taken and blame begins to attach.
Crises are often handled by the Communications function. But that should only be in terms of who speaks to the media. The content of the statements and the underlying analyses are entirely non-Communications issues. Quelling a crisis by playing the media is a bad idea until you are certain that you know all of the facts and are in control of the situation. Look no further than Telia for an example of this.
Once it is realised that a crisis is an ethics matter and that it needs dealing with from the roots up, E&C is often elevated to the CEO (if it didn’t already report to the CEO). To people outside of the field investigations, remediation and settlements can follow a surprisingly uncomplicated path. Cooperation these days should be a given. But for the individuals involved this process can be hugely stressful. The personal experience of the CCO is one such example. The strain of a crisis can be too much to take and can cause even the strongest people to need some air. Negotiating this phase of the ethics journey is a whirlwind, where several years can go by in the blink of an eye.
The rules-based approach
Alongside closing out a crisis, a company will look to ensure they can explain lessons learned, can point to rules they have put in place and can show off a new or upgraded E&C Program. This almost inevitably results in the pendulum swinging strongly towards rules-based compliance. Justifiably hated, it’s necessary for a while.
Employees are expected to document all contact with competitors, all gifts and hospitality and all conflicts of interest. Infractions are investigated with rigour and discussed centrally, even if they are best handled locally.
None of us enjoy the rules-based part of the journey. It’s hard work, for little tangible gain. It can even damage some people’s views on E&C. But as a tool for re-setting a culture, it’s quite powerful. After all, the worst thing to happen would be exiting one crisis only to step into another.
When the moment is right, a good CCO should pivot over to values-based E&C work. This approach emphasises the good culture in the organisation and builds on frameworks where the CEO and senior leaders can take the reins. Good behaviour is reinforced through adherence to the values, rather than exhaustedly pointing to rules and launching investigations. Benchmarking colleagues and nudging them to compete on compliance is just more fun (‘fun’ being loosely defined).
The time and energy saved, not to mention the money, is significant.
What you do with your new-found time, energy and money is absolutely the best part of the E&C journey. You get to look up from your desk, look around your industry and take time to discuss with your peers and the community. And you’ll discover how E&C fits into a bigger set of societal issues. Human rights make for meaningful work. ESG (environmental, social and governance) makes for impactful work. Playing a role with innovation and sustainability and strategy make for a more enjoyable working environment.
I would encourage every CCO to stop and reflect on whether your program could make this pivot. I’ve written about it further here: https://www.northstarcompliance.net/post/freedom-from-corruption-is-a-human-right
Renewal. Memory loss
A crisis can take years to run its course. The follow-on issues, disputes and the constant stakeholder management (internal and external) take serious time. And after this a renewal often takes place. A board will see its seats rotate as tenures expire and as angry shareholders slowly make necessary changes. With that, management teams will also be renewed. A crisis often taints individual leaders.
New leaders mightn’t recall the crisis. They weren’t there. And nobody wants to revisit a painful episode, so we move on and people forget. And this causes issues. For example, in the context of values-based compliance, accountability can be very difficult to pursue.
Group memory loss isn’t confined to the facts of a crisis. It extends to concepts of organisational justice and fair, consistent discipline. Bad behaviour can quickly become a nuisance again, and leaders are reluctant to act. The politics return and the blame game re-starts.
What happens on this part of the journey? Seeds of doubt creep in, and the role of E&C is questioned. Why so elevated in the organisation? Why so much influence? Can’t all of this be done by someone else?
I’ll be writing about these doubts next time.