To help prepare compliance professionals for the year ahead, we’ve talked with industry experts, our colleagues at NAVEX Global, and ethics and compliance professionals from our more than 12,500 client organizations to gather insights on the top issues and trends that will impact compliance programs in 2016. We’ll share each of the trends here over the next few weeks, but you can also download the whitepaper that includes all ten trends at any time.
FREE WEBINAR: Join us on Tuesday, January 12 as NAVEX Global Advisory Services VPs Ed Petry and Andy Foose answer questions and share additional insights on 2016 trends in E&C. Register today!
According to the U.S. Sentencing Guidelines for Organizations—and similar provisions found in other guidelines worldwide—an organization’s governing body is responsible to “exercise reasonable oversight with respect to the implementation and effectiveness” of an E&C program. This expectation has been around as long as compliance programs, but practical guidance on what boards of directors should do to meet the standard has been incomplete at best—until recently.
In April, 2015, the U.S. Department of Health and Human Services, Office of Inspector General (OIG) released a comprehensive set of guidelines, Practical Guidance for Health Care Governing Boards on Compliance Oversight, to help healthcare boards successfully execute oversight of their E&C programs.
While directed to healthcare boards, the OIG guidance is helpful to boards in any industry or jurisdiction. In fact, similar guidance was also released recently by the Bank of England Prudential Regulation Authority, which could signal the beginning of a global trend.
Two key takeaways from the new guidance are:
- Boards need to take very specific and proactive roles relative to their compliance oversight duties.
- Boards need to gain a better understanding of the adequacy and effectiveness of their organization’s E&C programs, set the right expectations and ask the right questions.
The guidance may be part of the broader trend to hold E&C programs—and boards—to more uniform and comprehensive standards. Regardless of what direction this trend might take, all ethics and compliance officers and boards should use this latest guidance to begin taking appropriate action now.
Key Steps for Organizations to Take
1. Use the new guidance to jump-start your board’s engagement. To help leverage the new guidance, NAVEX Global has developed questions for each of the key areas in the guidance. (See our blog article, "Real Guidance (Finally) On the Compliance Oversight Role of Boards".) The article includes 25 practical questions based on the guidance and can be an excellent tool to use at a board retreat or for board training.
The document also addresses the board’s role in shaping culture. Provide the list of questions to your board and/or senior leadership to help them think through their roles and responsibilities related to the E&C program. Offer to work with them to address the questions.
2.Reassess your current board training. While using the new guidance as a framework for a board retreat or training may be the ideal, for many it may be more practical to take small steps to improve existing board training. With this in mind, here are five steps to consider:
- If your board receives only a briefing on your company’s E&C activities or if they only participate in the same training as all employees, make the case that neither approach is sufficient since neither one addresses unique board-related risk areas or the board’s unique E&C responsibilities.
- Add a discussion of E&C risk areas that pertain specifically to board members to your board training. This may include: conflicts of interest (both personal and organizational), insider trading, government and media relations, gifts and entertainment, the consequence of unintended influence and the importance of tone at the top.
- In addition to exploring specific risk areas, also create opportunities for board members to discuss their unique E&C responsibilities, including: setting the tone at the top, oversight of senior leadership and managing board-related ethics and compliance violations. Help them to understand how to interpret E&C data and trends and what questions they should be asking senior leadership about the organization’s commitment to ethics.
- Develop a plan for how to “credit” board members for training they receive on other boards on which they sit. Also encourage them to share best practices from other organizations.
- Consider utilizing the specific expertise of board members and involve them in creating or facilitating board training.
3.Make the most of the report to the board. Whether or not you get your own E&C section, a page or just a paragraph in the legal or audit tab of the board report, the report can be your best chance to tell your story. Unfortunately, most of us compete for space and prestige with other functional departments such as legal, finance, operations and sales. Here are some tips to make the most of the limited space and time you’re allotted:
- Don’t assume too much. While you may be familiar with the latest government standard or trend in E&C, don’t assume the same level of expertise among your board members. They may think they know all there is to know about ethics, but that doesn’t make it so. The best approach is to tread lightly and work with a trusted senior leader who can help you assess how much background information is needed—and how best to deliver it.
- Don’t let the tail wag the dog. It is often said that “you can only change what you can measure.” Nevertheless, we need to guard against the impulse to focus too much attention on data. This impulse is especially strong with respect to helpline data, which is readily available and offers so many data points.
- But remember: if your board report is dominated by hotline/helpline data, the natural conclusion that the board will draw is that E&C is only about the helpline. While helplines are a critical element of an effective program, we know that the data represents only a fraction of all reports that are raised, and helpline calls are certainly not illustrative of overall employee concerns or behavior. Nor do they accurately reflect your organization’s culture. As a result, be sure to provide detailed information on aspects of your E&C program beyond the helpline.
- Avoid the data dump. While functions such as finance, sales and marketing often present data-rich reports to the boards, the temptation is to try and match them. The difference is that these functions have a long history of collecting and analyzing data and the board members are comfortable looking for trends or gaps. However, comparatively speaking, ethics and compliance is new to the table. Don’t use data as a crutch. Dumping every possible data point into your board report does not make your compliance department look better. Data should be used to tee up or support the “why” and “how” of your overall effectiveness. Tell the board what the data means to you, what it should mean to them and how you are using the data to move toward your strategic goals and vision.
Still feel like you absolutely must share all data you can generate? That’s what an appendix is for. Your biggest news for the board shouldn’t be about how many people completed required training.
To make sure you see all of our posts on 2016 trends, subscribe to the NAVEX Global blog today. Or, to see all ten trends at once, download the whitepaper here at any time. Want to talk with an expert about your specific challenges for the coming year? Schedule a consultation with our ethics and compliance experts—we'd love to see how we might help support you and your organization.