Ethics and compliance are far too often neglected by boards at big firms, even though it’s settled law and policy that boards are required to oversee company compliance. In fact, a survey of 26 past and present Chief Ethics and Compliance Officers reveals that most feel their boards don’t fully understand the ethics and compliance programs they should be overseeing and that they ask too little of senior management when it comes to ethics.
with co-author Emily Miner
It seems like ethical failures in major companies are in the headlines on an almost daily basis. Sexual harassment and abuse, toxic workplace cultures, retaliatory firings against those who speak up – the list goes on and on. And after each new case, one of the first and most crucial questions is, “Where was the board?”
While it’s settled law and policy that boards of directors are required to oversee company compliance with law and regulation, it seems that ethics and compliance are far too often neglected by the boards of big firms. The failure of proper E&C oversight can have far-reaching consequences, as the basic function of ethics and compliance can be tied directly to one of the central concerns of a board: value and reputation.
To foster an understanding of how boards engage with ethics and compliance, we at LRN turned to 26 past and present Chief Ethics and Compliance Officers (CECOs) of major global companies for in-depth interviews on the role and impact of boards. We learned most CECOs feel that boards do not fully understand the E&C programs they’re supposed to be overseeing and spend limited time on these programs while requiring too little from senior management when it comes to E&C.
The Results are In
Some of the major findings of our report (based on the interviews with CECOs), “What’s the Tone at the Very Top? The Role of Boards in Overseeing Corporate Ethics and Compliance,” show that:
- Only about 40 percent of CECOs reported that their boards have metrics in place for measuring E&C effectiveness.
- Only 40 percent of CECOs say that their boards of directors hold senior executives accountable for misconduct.
- Nearly half say that their board has not received education and training on their E&C responsibilities.
- Over 50 percent say that boards spend two hours or fewer working on E&C each year.
- About 40 percent say their boards have not done a “deep dive” on compliance failures and scandals, despite recent Department of Justice regulations requiring them to do so.
As a direct result of this lack of oversight, boards are sending messages counter to their aspirational statements of company values and behavioral expectations – namely, that E&C is simply not a high operational priority. On top of this, many CECOs feel they lack the requisite confidential and direct lines of communication with their boards necessary to properly and effectively discuss potential misconduct within the company.
In short, CECOs have a message for directors: time to step up!
Unmistakable Signs of Trouble
When CECOs tell us they feel ethics and compliance is neglected – that it doesn’t get the amount of time or level of focus needed from the board – it is a signal that the company, its shareholders and stakeholders and the board itself may be in for trouble down the road.
There were also positive dimensions to our research. Patterns emerged from the best-practice examples we uncovered during our interviews that illustrate how boards can most effectively fulfill their role in overseeing and shaping ethical organizational cultures, ethics and compliance. So how can boards and senior leaders, including CECOs, enable E&C to be seen as a crucial and indispensable function of business?
For starters, smart boards take a hands-on approach to the compliance function, and savvy, forward-thinking business and compliance leaders seek to move E&C away from the periphery of a company toward the center of operations. In other words, effective leaders create business operations and company cultures in which E&C is “built in” rather than “bolted on.”
Many of the intended effects of this approach will rest on whether or not business leaders properly communicate the importance of E&C – by what they do and not just what they say – and whether or not a company’s values and culture are actually expressed through their E&C program.
And it goes without saying that a lot rests with boards, too. Boards need to elevate CECOs by treating them as essential members of senior leadership. They can do this by looking to CECOs for strategy on influencing proper employee behavior, providing direct and easy access to committee chairs and board members and giving CECOs clearance to challenge management when needed, specifically without any fear of retaliation.
Boards tend to devote too little time, priority and depth to the deeper, more fundamental questions of E&C, with a bias toward a “check-the-box” approach: How many people have been trained? How many calls have been made to the compliance hotline? How many acts of misconduct have been recorded this year? Do we have the right rules in place?
Why the Values-Based Approach is King
If E&C leaders can shift ethics and compliance away from a granular focus on rules, policies and procedures toward being driven and defined by a company’s core mission, beliefs and ethics, then they actually stand a much better chance of minimizing misconduct and encouraging the right behaviors. While an employee can’t memorize every rule in a code of conduct and compliance experts can’t be available around the clock, a deeply ingrained value can serve as a guiding principle for a wide variety of scenarios. And the power of this values-based approach is backed up by other LRN research: 89 percent of the highest-performing E&C programs communicate organizational values as well as rules.
Ultimately, the gulf between CECOs and boards can be bridged – and the companies that get it right in our study can show the way – but we believe the bridge needs to be built quickly. The sooner boards take meaningful steps to acknowledge the tangible financial, tactical and moral benefits of E&C – by their actions, not just their words – the stronger and more resilient their companies will be.