Section 2

Building Your Foundation

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Implement What You Know with Confidence

Discover action-based tools that provide simple steps for program improvement or robust plans for new ways of doing business. 

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Your ethics and compliance program is an ecosystem of moving parts. New laws and regulations, new lines of business, new geographies, mergers and acquisitions become part of a growing enterprise that your compliance ecosystem must support. 

Effective compliance programs are able to deftly navigate these complexities because they have built strong foundations that were developed with the nature of the compliance industry in mind.

This section will give you the expert advice and programmatic best practices to ensure the first steps you take to develop your program are in the right direction. Or if your program is more mature, these resources and insights will give you the necessary guidance to course correct and improve your program’s foundation at whichever stage it is in. 

 

How to Survive a Code of Conduct Violation

Chapter 11 of The Worst-Case Scenario Survival Guide for Compliance Professionals

A thoughtful and easily accessible code of conduct amplifies leadership's tone from the top and defines appropriate workplace behavior. However, when violations occur they may be seen as evidence of ineffective internal controls.

Tom Fox 05/30/2018

Chapter 11 of The Worst-Case Scenario Survival Guide for Compliance Professionals

A thoughtful and easily accessible code of conduct amplifies leadership's tone from the top and defines appropriate workplace behavior. However, when violations occur they may be seen as evidence of ineffective internal controls.

 

4. Display Regular Reviews & Updates

Simply having a code of conduct, together with compliance policies and procedures is not enough. As articulated by former Assistant Attorney General Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” The 2012 FCPA Guidance stated, “When assessing a compliance program, the DOJ and SEC will review whether the company Guiding Principles of Enforcement has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

Some of the questions you should consider are: When was the last time your code of conduct was revised? Have there been changes to relevant laws relating to a topic covered in your code of conduct? Are any of the topics covered in your code of conduct outdated?

5. Garner Executive Buy-in for Your Code of Conduct

Breaches in your company’s code of conduct can be deemed an FCPA internal controls violation. Entering into FCPA territory brings on enforcement fines, sometimes into the millions of dollars.

This enforcement action makes it clear that if there is an exception made to the code of conduct, it must be approved by the highest level in an organization, the board of directors. Further, if there is a code of conduct violation, there should be appropriate discipline issued.

6. Exhibit an Operationalized Code of Conduct

If you haven’t already, work to operationalize your code of conduct, as articulated in the DOJ’s Evaluation of Corporate Compliance Programs. The Evaluation focuses not on whether a company has a paper compliance program but on whether a company is actually doing compliance. A company does compliance by moving it into the functional business units as a part of an overall business process. That is what makes a compliance program effective at the business level.

Both the SEC and DOJ expect you to operationalize your code of conduct as you would the rest of your compliance program.

7. The Bottom Line

The cornerstone of every compliance program is the code of conduct. In the 2012 FCPA, the DOJ and SEC said, “A company’s code of conduct is often the foundation upon which an effective compliance program is built.” More importantly, your code of conduct also serves as an internal control. This means it should be reviewed, trained on and then tested for effectiveness.

The code of conduct is not only a foundational document for your best practice compliance program, but it also acts as an internal control. You need to make sure it is followed closely by consistent training and monitoring. If an exception is taken, it must be appropriately vetted.

 

Illustration by Dex Novak