By Stuart Gittleman
Companies that want to manage their legal and regulatory liability and their reputational capital should treat current standards as the starting point – not the finish line – for their ethics and compliance programs, conference attendees heard Tuesday.
“Your company will be judged in the future by what it does today. Transparency is rapidly increasing, and you don’t know how it will affect your business and reputation,” one of the speakers, Dirk Mohrmann, chief executive officer of World Compliance, told attendees at the 2013 Global Ethics Summit, which was held in New York and was sponsored by Ethisphere and Thomson Reuters.
Many corruption inquiries involve conduct that began years or even decades ago, before the proliferation of Internet search engines, blogs and social media, or the increasing encouragement by authorities of whistleblowing, Mohrmann said. Then there are widely read and shared resources like WikiLeaks that primarily uncover and spread government secrets, which may also include more opaque private-sector conduct and relationships.
The conference honored a record 145 companies for their ethical standards, as designated by the Ethisphere Institute. The honorees internally promote ethical business standards and practices, exceed legal compliance minimums, and shape future industry standards by introducing best practices today, Ethisphere said.
Expectations change and inquiries can take years to resolve, so no one knows for sure whether a company at any given moment is truly ethical, Mohrmann said. Standard Chartered Bank and HSBC, which were prior year honorees, in 2012 respectively paid penalties of $667 million and $1.92 billion over charges of helping customers evade anti-money laundering laws.
Taking a global – and a local – approach
A global company must approach compliance from a global perspective but with a local touch, said Scott McCleskey, Thomson Reuters global head of financial services regulation, who moderated a session on looming challenges.
This approach should address cultural and generational issues, and should involve multiple means of communication, including training through meetings, webinars, online portals and “apps,” and drills asking employees to respond to what-if scenarios, said William Brierly of CH2M Hill, an engineering firm.
Training should be on-site as much as possible so it is relevant to the job and the locale, and it should recur often so employees who are promoted or moved into new jobs or venues don’t have to wait months before receiving the training they need, Brierly added.
A global company should assess its risks on the basis of the breadth of local, regional, global and industry-sector factors so it can make the best use of its resources, Brierly said.
It is important to be aware of the increasing extraterritoriality of U.S., UK and other laws and to take “practical steps to avoid being left behind” by these changes, Mohrmann said.
Mohrmann also urged taking a structural approach to conducting due diligence by rating the company’s vendors, contractors, agents and other third parties against Transparency International and commercial database reports to identify and focus on the highest risks.
Enterprise risk assessment and management is not a static process. A continuing evaluation of how the company’s risks – and its appropriate range of responses – change along with its business, economic and political environments, warned Alan Yuspeh of HCA Healthcare.
Much of this is operational – people, processes and systems – which raises the difficulty of establishing metrics and measuring these factors, Yuspeh said. The internal corporate challenge is “How do you prove that what you do makes a difference?”
Looking ahead — Yuspeh said to expect more: more rules with more complexity, more internal checks and balances, such as internal audit; and more whistleblowing and litigation by private attorneys.
Companies face the challenges of allocating resources, government tipster hotlines replacing corporate facilities, and an increasing focus on the effectiveness of internal communications and external due diligence, Brierly said.
Mohrmann warned of the growth in anti-corruption rules. He suggested non-U.S. countries may start targeting U.S.-based companies; and said the public is adopting a zero-tolerance stance in holding wrongdoers accountable for their actions.
Mohrmann also said he expects large companies to be more receptive to strong enforcement, because they can afford to spend more on compliance and because tougher rules will give them a competitive advantage over their smaller rivals.
Best practices in third-party due diligence
The question of how global companies can safely work with third parties was examined by a panel including James Carroll of Ford Motor Company, Stephen Donovan of International Paper and Daniel E. Karson of Kroll Advisory Solutions.
A company must conduct background investigations of potential third parties, not just for purposes of complying with the Foreign Corrupt Practices Act but also on to contain other business risks, panel members said. Corruption can include fraud, theft, substandard contract performance, bill-padding, labor and environmental violations, and other legal risks.
There is little difference based on the type of relationship – such as agent or remote employee – because anything can be the greatest risk if you don’t know where the money is really going, or whether a supposedly independent individual is still on a government payroll.
Also, because the reputational risks of child or “slave” labor, pollution, “conflict” products, politics and so-called terrorism are often greater in the U.S. than in the foreign country, the company should conduct ongoing, on-site monitoring to “stay in touch.”
Karson warned to be especially mindful of the long-time, highly trusted senior executives or internal expert whom no one is willing to challenge but just says, “I don’t know how he gets the job done but he does.” Such willful unawareness may open the company to liability; it is important to ask how the job gets done, Karson said. He emphasized that a company should expect some pushback or even bullying from the top executive or internal guru.
The panelists also suggested using social media as a due-diligence resource, and giving third parties the company’s employee code of conduct so they know what is expected.
This article was written by Stuart Gittleman and originally published on blogs.reuters