We asked industry experts, colleagues and compliance officers what they believe will be the top issues impacting workplace ethics and corporate compliance programs in 2015. We gathered their best thinking and prepared our annual summary of trending issues and the steps you should consider taking as you plan for the coming year.
We’ll share each of the trends here over the next few weeks, but you can also download the whitepaper that includes all ten trends at any time.
While ethics and compliance scandals that implicate brand name companies tend to grab the headlines, smaller organizations have always borne the brunt of regulatory enforcement. Over the years, U.S. Sentencing Commission data has consistently shown that a significant percentage of organizations sentenced under elements of the Organizational Guidelines have had fewer than 1,000 employees, and the majority have had less than 50. This has been true since the Organizational Guidelines were first promulgated in 1991.
In part, this is simply a matter of numbers: small to mid-sized organizations vastly out-number the Fortune
500. But another piece of the explanation is that small and mid-sized companies have also been more at-risk because they have lagged behind in the creation of ethics and compliance programs. The vulnerability of smaller companies was highlighted in two important cases from 2014.
1) Lawson vs. FMR: On March 4, 2014, the U.S. Supreme Court issued its first decision interpreting whistleblower protection under the Sarbanes-Oxley Act of 2002 (SOX). In Lawson vs. FMR, the Court greatly extended the scope of SOX when it ruled that the whistleblower provisions of SOX apply not just to public companies, but also to employees of private contractors and subcontractors. The ruling expanded the reach of SOX to cover an estimated six million contractors including smaller private companies, many of which may have thought they were beyond the reach of SOX.
2) SEC’s Smith & Wesson Settlement: The second important case from 2014 focuses on one risk area in particular—bribery and anti-corruption. In July, the U.S. Securities and Exchange Commission charged Smith & Wesson Holding Corporation with violating the U.S. Foreign Corrupt Practices Act. In contrast to the multi-million dollar bribery cases the SEC and DOJ have focused on in recent years, the Smith & Wesson charges involved a few small contracts in the Middle East where the profit was barely $100,000. The eventual settlement was described by the SEC’s chief of FCPA Enforcement as a “wake up call for small and medium businesses.”
Key Steps Small to Mid-Sized Companies Should Take:
An important take-away from these cases is that ethics and compliance programs are not just for the big guys. Small and mid-sized companies would be wise to create a cohesive, strong ethics and compliance program that includes:
- Code of conduct
- Key policies
- Hotline/helpline and case management system
- Online training and
- Employee awareness programs
Of course they needn’t have ethics and compliance programs on the same scale or complexity as larger organizations, though they still should be designed to address identified risk areas.
Key Steps Large Companies Should Take:
Large companies also need to pay attention to these down market regulatory trends. For larger organizations this matters because it can impact their supply chain.
Given the pressures placed on organizations to know and understand the risks posed by all their various—often thousands—of third parties, it’s prudent for companies to consider implementing a system with standardized questions for third parties together with automated systems for processing responses, generating auditable reports and flagging third parties that require follow up attention.
In addition, in order to help their smaller business partners that may not currently have sufficient ethics and compliance programs, compliance offers at large companies should also consider the following steps:
- Ensure you have an accurate and complete record of all your third parties.
- Assign managers within your organization with the responsibility to ensure that third parties are aware of their ethics and compliance responsibilities, enforcement trends and your expectations.
- Make your code of conduct available to business partners and third parties and consider ways that you can assist them in developing or accessing relevant training and other ethics and compliance resources.
- Some organizations host quarterly training calls for business partners and have reported excellent participation. Their experience is a good indicator that business partners are often eager for this type of information.