Culture, Integrity and the Board’s Role in Guarding Corporate Reputation

Corruption, perhaps more than anything, risks irreparably damaging a hard-earned reputation. While reputation risk due to corruption goes along with other risks (especially ESG risks), reputation damage typically arises when a company pretends to have proper anti-corruption measures in place and then gets caught in a corruption scandal it is ill-equipped to deal with.

The Emergence of Anti-Corruption Compliance

Citizens in countries across the globe continue to see business executives and politicians as corrupt. Corruption shakes the foundations of civil society, weakens trust in public institutions and destroys faith in democratic leadership.

Though corruption has been decried throughout history and across cultures, like other crimes, it has grown increasingly sophisticated over the last several decades, with devastating effects on the well-being and dignity of countless innocent people.

Corruption and bribery, price-fixing, systemic financial manipulation, toxic spills and corporate misconduct have tragic and far-reaching consequences for individual victims and society at large.

Fines for corporate misconduct have reached astronomic levels that were unthinkable a handful of years ago. Individual managers and directors are now also being held accountable.

Boards of international companies and those looking to expand their global footprint face constantly shifting political, economic, tax, regulatory and legal risks. They are being challenged to evaluate these risks in the context of ongoing operations and expansion. They are often faced with the additional challenge of needing to deal in real-time with the actions of foreign governments and their regulators, who may be influenced by unethical motives, politics, culture and value systems embedded in foreign markets but unknown to corporate headquarters. Identifying and coping with these threats requires a proper set of policies, protocols and other mechanisms.

Is your board structured to accommodate the constant demands of your geographic presence, use the tools at its disposal and demonstrate vigilance leading to reliable oversight?

How does your board make informed decisions and assess the financial impact of these risks?

Who does your board rely on, and how does it obtain truthful, independent, knowledgeable feedback through formal or informal channels when it cannot be on-site?

The most challenging aspect of anti-corruption compliance is ensuring that it is integrated into company operations and the overall business strategy. In the same way that security regulations are only effective if they are accepted, understood and implemented by all, anti-corruption procedures require employees to accept and appreciate their effectiveness in order to ensure appropriate implementation.

Although talented people with the best intentions design anti-corruption compliance procedures, they are up against audacious individuals who can be very creative at bypassing company rules. It is, therefore, necessary to question our way of addressing the issue on a regular basis. Compliance must evolve constantly to adapt to the ever-changing methods used by criminals.

Combating corruption and fraud is an endless battle; in order to keep up with global fraud trends, fraud deterrence must show determination and perseverance.

Governance Response to Rumors of Bribery

Corporate board members devote significant time to financial oversight and strategy while often neglecting steps needed to protect and promote the organization’s most important intangible asset: its culture and reputation. The negative effects of rumors of bribery and corruption can be as problematic as clear accusations or even convictions.

Corporate boards should assess the actual and potential impact allegations of corruption and other unethical conduct may have on the share price of their company, including their company’s market capitalization. There are plenty of recent examples to show that simple allegations of corruption, even when occurring a decade in the past, can cause share price to plummet by more than 50 percent.

Corporate directors and officers have three general legal duties: the duty to act carefully, the duty to act loyally and the duty to act lawfully.

The duty of care of corporate directors and officers is a special case of the duty of care imposed throughout the law under the general heading of negligence. Laws build on moral, policy and experiential propositions. The law of negligence is no exception. Its moral proposition is that if a person assumes a role whose performance involves risk that affect others, this person is under a moral duty to perform that role carefully. Therefore, corporate directors and officers are under an obligation to take steps to affirmatively reduce risks, and an omission may be wrongful.

On this foundation of moral blame, the law of negligence has established a structure of legal blame or liability. The structure of legal blame under the law of negligence generally parallels the structure of moral blame. Government officials are engaged in governing by definition, and their decisions will often have adverse effects on others. When government officials are threatened with personal liability for acts taken pursuant to their official duties, they may well be induced to act with an excess of caution or otherwise to skew their decisions in ways that result in less than full fidelity to the objective and independent criteria that ought to guide their conduct (i.e., veer toward corruption).

There are plenty of case studies evaluating the impact the loss of trust from key stakeholders resulting from public rumors and allegations can have. These stakeholders may be the general public and institutional investors, but they may also include existing and potential clients. Institutional investors are especially increasingly sensitive to compliance-related violations (or rumors thereof) by companies within their portfolio. As an example, the world’s largest pension fund (Norwegian Government Pension Fund) excluded the telecommunications company ZTE from funding due to alleged corrupt behavior.

International authorities are beginning to establish a track record of corporate convictions and multimillion-dollar penalties. Recent and ongoing criminal prosecutions of individuals have also put executives on notice that they too will face the harsh consequences of violating anti-corruption laws, including the U.S. Foreign Corrupt Practices Act (FCPA) or the Canadian Corruption of Foreign Public Officials Act (CFPOA). Under Canada’s Integrity Regime (a government policy intended to ensure the government only contracts with clean companies), companies that do business with government also face suspension or debarment when charged or convicted under the CFPOA or similar foreign anti-corruption laws.

Internationally, cases have shown that enforcement agencies are going to continue to scrutinize anti-bribery and anti-corruption (ABC) compliance programs and will likely bring charges when violations are the result of willful or reckless conduct. In particular, enforcement agencies may bring charges when there is a failure to adequately ensure the existence of an effective ABC compliance program that results in the failure to prevent violations of the law.

Therefore, board members and executives must protect their organizations and themselves by effectively implementing a robust ABC compliance program, as well as maintaining effective detection and investigation procedures, including continuous improvement of the effectiveness of any existing ABC compliance program.

Compliance Vs. Ethics

While “compliance” involves following the laws and rules that apply to your organization, “ethics” goes beyond what the law requires; it involves doing the right thing and following both the spirit and the letter of the law. Some view good corporate ethics as the social license to operate.

Rules matter, but culture and ethics matter more. Organizations may have written, accessible policies, processes and tools, all of which their employees are trained on. However, if the organization has a poor culture, none of its controls, policies or procedures will matter. Instead, in organizations with poor cultures, employees tend to act in ways that harm the organization’s reputation, increase the risk of compliance failures and act in ways that can lead to illegal and/or fraudulent conduct. What’s written on a piece of paper is only of value if the people required to abide by it believe in it, implement it and enforce it.

The Integrity Challenges

Organizations cannot control the integrity of individuals, but they can certainly influence it.

An organization’s culture influences the integrity of those employees that are either on the fence or would rationalize wrongdoing when the culture promotes willful blindness, permits ignorance of policies and controls or encourages the avoidance of those controls through unreasonable business goals and rewarding success by any means.

No controls, compliance program or business culture can eliminate or totally prevent people without integrity from doing wrong, but the absence of those factors greatly increases the capacity of wrongdoers to operate with impunity, while the strong presence of those factors greatly increases the likelihood of preventing and detecting wrongdoing, as well as providing a foundation to mitigate its impacts and consequences on the organization. People often adopt the mindset of the masses and tend to fall in line.

Noncompliance seriously increases risk and liability, depreciates M&A and joint venture value, potentially damages the brand, undermines and reduces trust and confidence, increases the potential for prosecution and threatens sustainability.

In addition to an organization’s culture, business and thought leaders must also consider what role greed, selfishness, blind ambition, reckless need for recognition or even performance anxiety can play in the noncompliance rationalization process.

These leaders must be proactive and continuously diligent in their efforts to mitigate individual and organizational risks.