One defining feature of 2017 has been seeing corporate directors and officers being held personally responsible for illegal behavior at their companies. For example, after Wells Fargo Bank paid more than $300 million in penalties for creating over 3 million sham customer accounts, Judge Jon Tigar of the U.S. District Court in San Francisco refused to dismiss claims against the fifteen members of the Wells Fargo board. And Oliver Schmidt, the highest ranking Volkswagen officer residing in the United States, was sentenced to seven years in prison and ordered to pay $400,000 for his role in the VW diesel emissions scandal.
As the ultimate guardians of the firm’s financial, human, and reputational capital, corporate boards need to set their bar higher, and replace reactive approaches to misbehavior with a proactive approach to winning with integrity. Instead of assuming everything is fine unless they hear otherwise, directors need to be more probing.
Based on decades of experience working with companies in multiple industries and studying hundreds of compliance failures, we’ve developed a comprehensive ten-step program to help boards reduce the risks of illegal behavior, reinforce ethical conduct as a core value, and enhance the company’s reputation—in the eyes of regulators and stakeholders—as a good corporate citizen.
1. Create an ethics committee of the board. Strategic compliance starts with the tone at the top. To avoid a diffusion of responsibility, the board of directors should designate a committee of nonexecutive directors with responsibility for the firm’s culture of integrity and for creating a robust program of controls and processes to promote ethical conduct and compliance. This could be the audit committee, an ethics and compliance committee, or an ad-hoc committee to address evolving risks and challenges.
Its charter should include appointment, with feedback from the other directors, of the chief ethics and compliance officer (CECO); and the committee should approve the company’s code of conduct, as well as revise it to meet changing conditions in the marketplace.
The committee should be charged with working with the top management team (including the CECO) and the other board members to ensure that the company’s approach to product quality, worker safety, environmental stewardship, sustainability, compliance, and corporate social responsibility is an integral part of its overall business strategy. Committee members should be specially trained in measuring an ethical culture and have the demonstrated ability and moral courage to take responsibility for mistakes and to call out suspicious behavior.
2. Appoint a high-ranking chief ethics and compliance officer (CECO) to take day-to-day operational responsibility for the company’s global ethics and compliance program. The CECO should have knowledge of applicable law, ethical theory, and the science of unethical behavior—and should also possess active listening skills and demonstrated good judgment. This individual should report to the board’s ethics and compliance committee—and should feel secure reporting on the integrity program’s effectiveness without fear of retaliation.
The board committee with responsibility for ethics and compliance should meet with the CECO at least quarterly, oversee the evaluation of his or her performance, and set the officer’s compensation and other terms and conditions of employment, including possible termination (with input from the day-to-day supervisors such as the CEO or General Counsel). The CECO should meet with the full board at least once a year.
The CECO should chair a cross-functional, multi-disciplinary team of managers that reviews the company’s policies and procedures on a regular basis so they remain evergreen. The CECO should have authority over all the local compliance officers just as all in-house lawyers should report to the general counsel. The CECO should also have direct access to companywide information on disciplinary actions, so they can see where there are outliers or clusters of untoward behavior.
3. Establish and post online ethical and compliance standards and procedures to prevent, detect, and remedy illegal or unethical conduct. Well-crafted and company-specific mission statements and codes of conduct are critical to educating directors, officers, and employees about the company’s core values, standards, and procedures. The code of conduct should be simple, easy for employees to understand, refer to values that will resonate with employees, and contain straightforward, relatable, and authentic examples. (Good models include GE’s “The Spirit and the Letter” and Johnson & Johnson’s “Our Credo.”) The code needs to be continuously and creatively reiterated so that it becomes part of the fabric of the company. As seen with Enron’s exemplary policy statements, the only thing worse than having no code is having one the leadership ignores.
4. Promote quality and safety with clear escalation policies. Ensuring product quality and workplace safety starts on the production floor and is defined by the leadership’s response to the problems brought to their attention. The board should make sure the firm has an escalation policy with clear guidance on what types of issues can be handled at the local plant level and which matters should be immediately surfaced to others higher in the organization. For example, Arleen Ashjian, former quality executive and portfolio manager at P&G/Gillette, Ocean Spray, and International Flavors & Fragrances, told us, Gillette’s Grooming Division (the leading manufacturer of razorblades) required immediate escalation to the CEO of any manufacturing problems with the potential to cause physical harm.
5. Develop measurable integrity performance indicators, reward good behavior, and do not create misaligned incentives. Integrity performance indicators include customer and employee complaints; comments on help lines and during exit interviews; days without a workplace accident or environmental spill; absenteeism, including sick days; accuracy of expense reports; stolen company property or misuse of company assets; and lying, even on seemingly immaterial matters. It is important to establish and enforce best practices and to benchmark the company’s program and results against those of relevant comparators.
Every job description should include explicit ethical expectations (including the obligation to report misconduct and a ban on retaliation). Supervisors should should factor satisfaction of those expectations when setting employee compensation and making promotion decisions. This emphasizes that “how” something gets done is as important as “what” gets done.
Conversely, threatening to fire employees who did not meet unrealistic selling goals or rewarding managers for deceiving customers into buying unsafe or unsuitable products makes it clear that the codes and espoused values are just meaningless words.
Moreover, financial incentives matter. The Boston Consulting Group found that the CEOs of public companies recently found guilty of fraud had received stock options in the years before the fraud occurred that were worth eight times what CEOs of compliant firms were granted. After Wells Fargo Bank employees opened millions of sham accounts in response to misaligned incentives, Wells Fargo put in place a new incentive program in January 2017 that focused on customer service rather than selling products.
6. Use due care in hiring C-suite executives. Directors should ensure that the officers they appoint to run the business are honorable and of high moral character. Four key character traits correlated with successful business leaders are integrity, responsibility, forgiveness, and compassion. Because the best predictor of future behavior is past behavior, it is critical to talk with individuals who have worked with the candidate and perform thorough background, criminal history, and conflicts-of-interest checks. Executive search firms can also often obtain candid assessments from members of their networks.
7. Mandate interactive training to communicate the ethical and compliance standards to all employees and members of the board. Topics should include firm values, how the firm makes money, a discussion of the laws applicable to the business, and the science behind unethical behavior. Discussing actual cases and telling stories can help employees and directors internalize the message and better identify and address risk areas. Training can also give participants the opportunity to practice exercising good judgment, including knowing when to delegate authority or to escalate a decision.
A well-designed training program will be varied, using video, gaming, and traditional face-to-face communication as well as on-line tools and a touch of humor. The CECO should be responsible for overseeing the training with the assistance of adult learning specialists and subject matter experts. Sometimes multiple sessions in a single week in three-minute spurts can be more effective that longer, less frequent programs.
8. Make sure employees aren’t retaliated against for speaking up. Whistleblowers are the “canaries in the mineshaft.” The board should ensure that the company has a well-publicized reporting system, so employees can report (anonymously or confidentially if they choose) ethical and compliance concerns. Using open-ended ethics questions on employee opinion surveys and exit questionnaires can also help the CECO and board monitor the workplace environment. Because fear of retaliation is often the main reason why concerns are not reported, a strong non-retaliation policy can encourage employees to speak up. Companies should consider honoring employees who report problems with “stewardship awards” or “badges of courage.”
Global companies should have reporting mechanisms for employees to report concerns in their local languages—and they should take culture into account. In hierarchical cultures, it is critical to empower employees at all levels to speak up and take action. A famous and tragic case involved Korean Airlines, whose senior pilot flew the plane into a mountain even though the more junior first officer knew that the pilot was coming in too low. (This is one reason why it is now best practice for surgeons to have a time-out before each surgery, during which everyone in the operating room, from the senior attending surgeon to the lowliest orderly, is called upon to confirm that everything is in order.)
9. Apply the rules evenly across entire organization. When misconduct is detected, the board must ensure that the company takes appropriate steps to respond—regardless of the offender’s rank, sales record, or economic performance. An international law firm learned this the hard way: it failed to sanction a major rainmaker who had sexually harassed two secretaries, until the third secretary won a multimillion dollar judgment against the firm.
Treating offenders equally enhances organizational justice—the employees’ perception of fairness in an organization. According to the Corporate Executive Board, of all the indicators of an ethical culture, organizational justice has the most significant impact on maintaining ethical behavior. The CECO and general counsel should have primary responsibility for ensuring that rules are being enforced equally.
10. Be prepared for compliance failures. Compliance failures and ethical lapses are what Max Bazerman and Michael Watkins call “predictable surprises.” The board needs to ensure that the company has contingency plans in place, including when to contact internal and external players, such as PR and social media experts and government relations personnel. After an offense has been detected, the board must take all reasonable steps to stop the misconduct and to prevent further offenses—including making any necessary modifications to its compliance and ethics program. As Mary Barra, CEO of GM, put it after GM agreed to pay $900 million in penalties arising out of its defective ignition switches: Apologies don’t amount to much if you don’t change your behavior.