Your Quick Guide To Managing Ethics & Compliance

For many, resources are scarce, budgets are tight, and here you are, tasked with improving ethics programs! I use the plural, as most in-house teams adapt their programs to different internal audiences, regions, and stakeholders.

How might we make this task easier? It depends, of course, on what you do, where, how, and with whom, but let’s pick the big three areas of risk management – prevent, detect, respond – and see what hacks we can muster.

Preventing misunderstandings

One of the biggest challenges in improving ethics programs is getting people to understand what’s covered and what you expect. If you read the average Code of Business Ethics (or whatever name variation you use), you will have sections about “complying with all applicable laws” or some such. That’s a pretty high bar to set for most people. We’re not legally trained, and we’re not capable of making judgments around compliance with laws (found in some ethics programs) that span:

  • Data privacy
  • Confidential information
  • Insider trading
  • Modern slavery
  • Sanctions and export controls
  • Indigenous rights
  • Environmental impact
  • Anti-money laundering
  • Fair employment practices
Confused

That list is just for starters. We might as well write 日本語を勉強してください – please study Japanese. That’ll work well for the minority of the global population who are either Japanese speakers (those with legal training, in this example) or polyglots with spare time (smart but underutilised people).

Learning from others

Might it be a better use of time and resources to provide people with information about what they need to do? Good health and safety training doesn’t spend time asking construction workers to understand the trauma caused by various on-site accidents from the perspective of medical knowledge. Health and safety teams distil messages into actionable behaviours with consequences kept simple – if you don’t wear a hard hat on-site, your chance of injury or death increases X times.

How might we quickly replicate that simplification for us, improving ethics programs? Here’s a starting framework we can build on:

  1. Who needs to know?
  2. What do they need to know?
  3. How do we reach them?
  4. When?

Who

For some topics, who will be a broad audience, but that doesn’t mean we must communicate every facet. For example, all employees must understand that any information (or knowledge) gained through their employment should be considered confidential unless it’s public knowledge. However, those working in strategic or sensitive functions (legal, finance, strategy, human resources, etc.) will need further examples and guidance.

What

With topics including anti-bribery and anti-corruption, you can parse your guidance for different groups. For example, advice around gifts, hospitality and entertainment is only relevant to those interfacing with external parties (sales, leadership, procurement, etc.). Similarly, facilitation payments will resonate with your colleagues interacting with public officials. These examples highlight that what people need to know differs.

How

If you’re now thinking that these first two steps – who and what – sound like hard work, maybe, the first time. Once you’ve done the job, the following steps become much more manageable and save a lot of time and effort you’d spend teaching people things they don’t need to know using formats they won’t remember.

How you reach people is a blend of borrowing and benefiting from technology. If other teams, including health and safety, information security, and sales, have connected with the workforce, how did they do it?

Typically, it’s a blend of mediums – posters for arresting campaigns with simple calls to action – or more immersive training for new ways of working. The key is to move away from long-form legalese policies and distil the message (or learning) into media that resonates with your audience. If your sales folks are on the road, don’t expect them to sit through hours of e-learning on a laptop – use push campaigns on whatever platforms they communicate. If your engineers are at the bottom of big holes in the group, use remote-enabled micro-learning modules. These tools are generally cheaper than your current training, communication, and policy frameworks – ask us how if you’re unconvinced.

When

If a complex issue like data privacy is an issue, when? At the point of data entry or acquisition? Or when a relationship or transaction ends? Time your prompts and training for when they are relevant. The notion that sitting through training once a year is helpful is dying. Sometimes all it takes is a pop-up on a screen asking a simple question or two, “Why do we need this data? What will we use it for?” with a link to a brief video, cheat sheet, or explainer.

Authorised access detected

Prevention is a big topic, so we’re now entering the more straightforward territory; breath!

Detection in the context of improving ethics programs is about access. Can your people access:

  1. You.
  2. Managers and leaders who are willing and able to step up and help solve ethical dilemmas.
  3. Speak up mechanisms (allowing confidential and preferably anonymous reports).

Ideally, any confidential reporting system should extend to your external stakeholders (clients, third parties, local communities, etc.).

Bad reporting line

Surveys conducted by the Association of Certified Fraud Examiners suggest that tips are half the median loss of fraud and speed up detection by six months; half of these tips come from outside your organisation. Be easy to reach! There are many ways you can create a reporting framework – I can help talk you through some options – but whatever you do, make sure it’s reliable, easy to access, and does what it says on the tin. Some of the common pitfalls to avoid include:

  • Inaccessible numbers – e.g., toll-free numbers that colleagues overseas can’t access.
  • Restricted modes of communication – e.g., phone only-precludes most of us who prefer text (ideally mobile-enabled) communication methods.
  • Complexity – downloads, filling in lots of data, jargon-filled dropdowns, etc. In marketing- speak, you want to reduce friction for the user.
  • Poor communication – it takes courage to speak up, so don’t leave people hanging for weeks, and you deliberate internally about what to do. Communicate early and often, even if the progress is slow.

Trustworthy responders

You’re now providing excellent guidance at the right time to the relevant people. You’ve also made it easy for your folks to access support, advice, and channels to raise concerns. The part is simultaneously the most straightforward yet often the most challenging task: maintaining trust.

Bad leader
  1. Trust that all are equally accountable under your laws (not special treatment for leaders).
  2. Trust that you and your leaders will walk the talk (nothing corrodes respect like “Do as I say, not as I do”).
  3. Trust that if people raise concerns, admit mistakes, or say I don’t know, you will support them.
  4. Trust that if you investigate, you will do it competently and protect reporters from retaliation.
  5. Trust that you will fix problems they identify.

You’ll see that many of these steps require accountable and competent leadership, which is why this can be challenging – it’s often (somewhat) beyond your control. There are ways to communicate the importance to leaders, and I can strategise with you if that would help. For now, focus on what you can control – support people, investigate competently (don’t wing it) and fix problems your stakeholders identify.

Improving ethics programs – priorities

If you’re committed to improving ethics programs, make sure you’re communicating optimally to the right people on relevant topics when they need it. Don’t waste your or others’ time needlessly. Make yourselves accessible, and train managers and leaders to respond professionally and sensitively to colleagues raising issues or concerns. Install a proper reporting framework accessible to those in and outside the organisation quickly. Build trust by being transparent, accountable, fair, and competent. Ask leaders to do likewise, and if they won’t, find a new job. Crappy leaders ruin lives.

Need more?

Book a (free) strategy session, get new articles, and other content designed to be useful and fun.

Your Quick Guide To Managing Ethics & Compliance

Be the first to know

Subscribe to receive a weekly newsletter with trends, news, and hacks for all things risk. PLUS, behavioural science, investigations, human risk, and alternate perspectives.