For many, resources are scarce, and budgets are tight, and here you are, tasked with improving ethics programs! I use the plural, as most in-house teams adapt their programs to different internal audiences, regions, and stakeholders.
How might we make this task easier? It depends, of course, on what you do, where, how, and with whom, but let’s pick the big three areas of risk management – prevent, detect, respond – and see what hacks we can muster.
One of the biggest challenges in improving ethics programs is getting people to understand what’s covered and what you expect. If you read the average Code of Business Ethics (or whatever name variation you use), you will have sections about “complying with all applicable laws” or some such. That’s a pretty high bar to set for most people. We’re not legally trained, and we’re not capable of making judgments around compliance with laws (found in some ethics programs) that span:
- Data privacy
- confidential information
- Insider trading
- Modern slavery
- Sanctions and export controls
- Indigenous rights
- Environmental impact
- Anti-money laundering
- Fair employment practices
That list is just for starters. We might as well write 日本語を勉強してください – please study Japanese.
That’ll work well for the minority of the global population who are either Japanese speakers (those with legal training, in this example) or polyglots with spare time (smart but underutilised people).
Learning from others
Might it be a better use of time and resources to provide people with information about what they need to do? Good health and safety training doesn’t spend time asking construction workers to understand the trauma caused by various on-site accidents from the perspective of medical knowledge. Health and safety teams distil messages into actionable behaviours with consequences kept simple – if you don’t wear a hardhat on-site, your chance of injury or death increases X times.
How might we quickly replicate that simplification for us, improving ethics programs? Here’s a starting framework we can build on:
- Who needs to know?
- What do they need to know?
- How do we reach them?
For some topics, who will be a broad audience, but that doesn’t mean we must communicate every facet. For example, all employees must understand that any information (or knowledge) gained through their employment should be considered confidential unless it’s public knowledge. However, those working in strategic or sensitive functions (legal, finance, strategy, human resources, etc.) will need further examples and guidance.
With topics including anti-bribery and anti-corruption, you can parse your guidance for different groups. For example, advice around gifts, hospitality and entertainment is only relevant to those interfacing with external parties (sales, leadership, procurement, etc.). Similarly, facilitation payments will resonate with your colleagues interacting with public officials. These examples highlight that what people need to know differs.
If you’re now thinking that these first two steps – who and what – sound like hard work, maybe, the first time. Once you’ve done the job, the following steps become much more manageable and save a lot of time and effort you’d otherwise spend teaching people things they don’t need to know using formats they won’t remember.
How you reach people is a blend of borrowing and benefiting from technology. If other teams, including health and safety, information security, and sales, have connected with the workforce, how did they do it? Typically, it’s a blend of mediums – posters for arresting campaigns with simple calls to action – or more immersive training for new ways of working. The key is to move away from long-form legalese policies and distil the message (or learning) into media that resonates with your audience. If your sales folks are on the road, don’t expect them to sit through hours of e-learning on a laptop – use push campaigns on whatever platforms they communicate. If your engineers are at the bottom of big holes in the group, use remote-enabled micro-learning modules. These tools are generally cheaper than your current training, communication, and policy frameworks – ask us how if you’re unconvinced.
If a complex issue like data privacy is an issue, when? At the point of data entry or acquisition? Or when a relationship or transaction ends? Time your prompts and training for when they are relevant. The notion that sitting through training once a year is helpful is dying. Sometimes all it takes is a pop-up on a screen asking a simple question or two, “Why do we need this data? What will we use it for?” with a link to a brief video, cheat sheet, or explainer.
Authorised access detected
Prevention is a big topic, so we’re now entering the more straightforward territory; breath!
Detection in the context of improving ethics programs is about access. Can your people access:
- Managers and leaders who are willing and able to step up and help solve ethical dilemmas.
- Speak up mechanisms (allowing confidential and preferably anonymous reports).
Ideally, any confidential reporting system should extend to your external stakeholders (clients, third parties, local communities, etc.).
Surveys conducted by the Association of Certified Fraud Examiners suggest that tips are half the median loss of fraud and speed up detection by six months; half of these tips come from outside your organisation. Be easy to reach! There are many ways you can create a reporting framework–we can help talk you through some options–but whatever you do, make sure it’s reliable, easy to access, and does what it says on the tin. Some of the common pitfalls to avoid include:
- Inaccessible numbers–e.g., toll-free numbers that colleagues overseas can’t access.
- Restricted modes of communication – e.g., phone only-precludes most of us who prefer text (ideally mobile-enabled) communication methods.
- Complexity – downloads, filling in lots of data, jargon-filled dropdowns, etc. In marketing- speak, you want to reduce friction for the user.
- Poor communication – it takes courage to speak up, so don’t leave people hanging for weeks, and you deliberate internally about what to do. Communicate early and often, even if the progress is slow.
You’re now providing excellent guidance at the right time to the relevant people. You’ve also made it easy for your folks to access support, advice, and channels to raise concerns. The part that is simultaneously simplest, yet somehow often the most challenging task: maintaining trust.
- Trust that all are equally accountable under your laws (not special treatment for leaders).
- Trust that you and your leaders will walk the talk (nothing corrodes respect like “Do as I say, not as I do”).
- Trust that if people raise concerns, admit mistakes, or say I don’t know, you will support them.
- Trust that if you investigate, you will do it competently and protect reporters from retaliation.
- Trust that you will fix problems they identify.
You’ll see that many of these steps require accountable and competent leadership, which is why this can be challenging –it’s often (somewhat) beyond your control. There are ways to communicate the importance to leaders, and we can strategise with you if that would help. For now, though, focus on what you can control – support people, investigate competently (don’t wing it) and fix problems your stakeholders identify.
Improving ethics programs – priorities
If you’re committed to improving ethics programs, make sure you’re communicating optimally to the right people on relevant topics when they need it. Don’t waste your or others’ time needlessly. Make yourselves accessible, and train managers and leaders to respond professionally and sensitively to colleagues raising issues or concerns. Install a proper reporting framework accessible to those in and outside the organisation quickly. Build trust by being transparent, accountable, fair, and competent. Ask leaders to do likewise, and if they won’t, find a new job. Crappy leaders ruin lives.