Ready-Made Memos are topical best practice messages that are ready to be shared with your team when you want them and when you need them.
Choose from the topics below. Expand content using the arrows on the right. And copy and paste the messages into your internal newsletter and messaging to keep compliance top of mind with your managers and strengthen your organizational culture.
Copy-and-paste compliance communications for your company
How we view issues determines how we go about resolving them. Like many issues facing ethics and compliance professionals, sexual harassment is a compliance issue, but also more specifically a human issue. Human behavior is what is responsible for harassment and any response to eliminate harassment needs to account for a change in behavior.
Harassment takes the human aspect a step further than many compliance issues. It is not only created by human behavior, but it can also be defined by how other humans interpret that behavior. What may not be considered derogatory or diminishing to one may be interpreted that way by another. And that matters.
Furthermore, while all harassment may not result in liability for an organization or supervisor, it can affect employee performance and your organization’s ability to retain good people. This is usually seen in behavior that creates a hostile work environment and involves conduct toward an employee that is unwelcome. The behavior is considered hostile when it becomes so pervasive that it alters an employee’s working conditions.
So when it comes to creating work environments that are free from harassment in all its forms, we need to focus on our people – harassers, victims and the larger employee population who are key to driving a culture of ethics and respect.
Here are several steps you can take to focus on the human issue of harassment.
Keep People Accountable
Enforcement doesn’t have to mean dismissal or severe consequences, but it does have to mean consequences. People need to be held accountable for the way they act and the things they say. Behavior ranging from full-blown sexual harassment to creating or perpetuating hostility in the workplace need to be addressed with a similar range of responses. Allowing any instance of harassment to go unaddressed supports a permissive culture and undermines the effectiveness of your compliance policies, training and leadership.
Never Blame the Victim
When people come forward with a report of harassment, treat them with the respect warranted by such a courageous act. It is not easy to bring forth these reports. That’s why, according to the Equal Employment Opportunity Commission (EEOC), “Employees who experience harassment fail to report the harassing behavior or to file a complaint because they fear disbelief of the claim, inaction on their claim, blame, or social or professional retaliation.” We see here that victims are already fighting an uphill battle. They should not be met with judgement or second guessing when they take the necessary step of reporting their experiences.
Make Everyone Aware of the Impact of Their Words
Employees in the modern workplace should be taught to think before they speak. If a comment is diminishing, marginalizing or any other quality that may negatively affect fellow employees, the comment is best left unsaid. This ties into driving a larger culture of ethics and respect that does not rely on policies to eliminate bad behavior, but on culture to naturally enforce the sentiment of policies with a tone of: That’s just not how we do business.
Create a Listen-Up Culture
The common turn of phrase is “speak-up culture,” however that puts the onus of speaking up on the employee. Before a victim of harassment will speak up, they have to not fear, as quoted earlier from the EEOC, “disbelief of the claim, inaction on their claim, blame, or social or professional retaliation.” This means leadership and the compliance department need to ensure employees that their reports will be heard, taken seriously and resolved efficiently. After consistent proper handling of incident reports, employees will understand that the organization values their voice and is ready to listen.
Generation differences can play a big role in how employees engage with aspects of our business and compliance programs. What’s interesting is that this is becoming less true for how employees across all generations engage with ethics and compliance training. For instance, Millennials and Nexters (those born after 2000) are often referred to as digital natives. These are young folks who have grown up in the era of the internet, mobile devices, and social media who are steeped deeply in technology. One would think that these tech savvy individuals would have higher preferences for compliance training that is socialized, gamified, visually engaging and interactive. While Millennials do prefer this type of training content, so does everyone else.
Millennials and Nexters, who together will make up 70 percent of our global workforce by 2020, are not only changing the way we have to offer training, but they are also changing the way the rest of us learn. This might be less about generational idiosyncrasies, and more about general advancements in technology. In any case, our compliance training must adapt to meet the needs of the modern learner.
Mobile devices, live streaming, on-demand content and multiscreen media consumption have all contributed to the way we apply our attentions. Today everyone is a multitasker. This means that we need to use a blend of training styles so that no one format grows stale to the learning. According to NAVEX Global’s Definitive Guide to Ethics & Compliance Training the top programs use a mixture of “live and e-learning, short- and long-form courses and a variety of engaging formats, and a disciplined approach to reporting and measuring training effectiveness that focuses on training outcomes.”
Think about the evolution of the cinematic experience. For instance, compare the special effects of a great, yet old movie like the Goonies, with something like Avatar, which itself is now a few years old. After being introduced to the whole new world of computer-generated imagery (CGI), some of our old movie favorites start to lose their appeal because we are more attuned to flaws in the set, unrealistic costume design and contrived special effects. Consider this when you deploy your training courses. Do those courses reflect the visual media that learners are now accustomed to? Do they offer the same seamless digital experience? It’s not just updating the clothing actors are wearing, but also the layout of the interface, good use of white space and packaging up complex concepts in easily consumable ways.
Social media has gotten everyone excited about building connections. This is great for peer-to-peer learning, which can help the adoption of training concepts through naturally occurring discussions among co-workers. Think about different offline ways to complement your online compliance training. Have manager-led discussions around case studies to help further educate employees on specific behaviors – these should be sanitized of course and respect confidentiality. Training concepts could also be woven into team and department meetings so employees are regularly connected with those concepts and have a chance to discuss them with others.
While younger generations are often labeled as having short attentions spans, they have also been responsible for a new phenomenon called “binge watching.” This is where people consume multiple episodes of a TV show in one sitting. Now that sounds like expanded attention. This seems to indicate selective attention. And that attention is reserved for highly engaging content that tells a story that you just have to see what’s coming next. So while your training program might not be able to rival the production value of a Game of Thrones or Netflix original series, you can still ensure that learners are engaged in a story. And this story should be relevant to employees and not just tell them about concepts but actually place them into scenarios where those concepts can be seen in their day-to-day jobs.
Ethics and compliance is a people business. Sometimes the person you have to focus on first is yourself. Take the necessary steps to create a daily, weekly or monthly professional development plan to grow a little more every day and create a personal compliance brand that transforms your program and your career.
Use these four steps as general guides directing your efforts toward developing professional credibility and your personal brand.
1. Know It All, or at Least as Much as You Can
A lot of times the buck stops with Compliance. And that means we need to have the answers. Elevating your professional standing and personal brand as an integral part of the business requires an extensive knowledge of the compliance industry and its evolving landscape. Therefore, learn the business and learn everything you can that touches your work.
You can start by selecting one of Compliance Next’s five learning tracks to take your ethics and compliance knowledge reserve to the next level.
2. Hone Your Expertise with Experience & Community
Becoming an expert requires more than just knowledge. The most effective compliance professionals have a deep understanding of their field, but also know how to navigate through unexpected situations, and handle issues that can’t always learned from a book. The best way to build your expertise is through experience – putting in the time. The next best thing is expanding and strengthening your professional peer network. A tight knit group of compliance professionals who actively share experiences and lessons learned can effectively contribute years of expertise to one another through knowledge sharing.
Explore groups on Compliance Next to start building your peer-to-peer network.
3. Make Respect a Part of How You Do Business
Respect is key to relationship building. It’s key to gaining the loyalty of your peers, department and organizational decision makers. And it is also key to supporting the larger healthy workplace culture that compliance professionals are charged with cultivating. So, as a starting point, always speak and act with honesty and transparency. There are enough hidden agendas at play in workplace politics. Make it a point to develop trusting and honest relationships with all those you interact with, as well as be a champion who fuels that behavior throughout the organization.
4. Don’t Avoid Accountability
The higher you rise in your career, the more responsibility you acquire. Effective professionals in any function bolster this responsibility with accountability. Understand that your decisions and actions are just that, “yours,” for better or worse. Everyone makes mistakes; established compliance professionals own their mistakes and take the necessary steps to amend the wrong and improve for next time. It’s all part of the growing pains of a successful career.
Your organization has an inherent information source ready to provide early warning signs of problems percolating within. This is your whistleblower hotline and incident management program. Effective incident management programs nurture speak-up cultures, help programs focus on the most critical areas of behavior change, and provide a safe and confidential place for employees to clarify policy or discuss concerns.
Each facet of an effective whistleblower hotline and incident management program enables compliance officers to respond swiftly to prevent, contain or resolve incidents before they become compliance disasters. That is, if your hotline and incident management program is factually effective. The only way to know this is to test.
Call Your Hotline & Submit a Web Report
Test your hotline by calling it directly with various compliance concerns, reports, questions and violations. The goal is to ensure that the system in place processes, triages and elevates reports properly. Track your reports all the way up your organizations to see if escalation kicks in properly to notify your compliance team and board when necessary.
Make Sure Your Program Works for Everyone
First off, is the call specialist answering your hotline able to speak the language of the caller? Same goes for your web intake platform – are necessary forms and communications translated to meet the language needs of all your employees and third parties? Next, ensure technical functionality of your system. Can your hotline be reached from every country in which you do business?
Test Validity of Reports
Your team may be receiving reports, but are they accurate and comprehensive enough to prompt effective and efficient resolutions? Ensure your call specialists are equipped to gather as much necessary information as possible to thoroughly process each report. Likewise, managers need to be trained to handle open-door reports with confidence. Additionally, along with receiving each report, managers must enable and encourage anonymous whistleblowers to follow up on their reports.
Sit Back & Wait
Proper processing, user-friendly technical functionality, and both report comprehensiveness and accuracy are all key components to an effective incident management program. But before you can call it good, you have to test for timeliness. How long did it take for the report to get to you? How long before you were followed up with about the reported incident? Timely follow-ups to employee reports assure whistleblowers that their concerns are being taken seriously. This alone plays a major part to ensure incidents do not fester into bigger issues while reports are being processed. Timeliness is also essential to prevention. There is a finite window of time in which compliance responses can be proactive. When that window closes, you have to resort to containment.
As companies implement more robust risk management programs, we can expect to see more post hoc analyses and questioning of due diligence programs. How do companies design their systems in response to this rising expectation?
Companies cannot blindly conduct due diligence, document each step and avoid careful analysis of third-party risks. Last year’s Och-Ziff enforcement action underscored this point when Och-Ziff conducted due diligence of an Israeli businessman, DRC Partner, and raised serious questions about DRC Partner’s integrity. In fact, the DOJ cited the internal disagreement within Och-Ziff management over whether to engage DRC Partner or not in their action.
The government’s citation of internal debates or the manner and quality of resolution of red flags raises some interesting questions. If three officials argue to move forward with a third party and two disagree, can the company move forward or will DOJ/SEC cite the two opponents as evidence of an “unresolved” red flag?
How-to Avoid this Pitfall?
The company must fully document the debate and factors underlying the decision, including why any dissenting viewpoints were overruled.
Third-party risk management will continue to be the focus of DOJ and SEC FCPA enforcement actions. Companies have to design their programs in response to this increasing scrutiny of third-party due diligence reviews.
A company’s code of conduct should be a living document – one that is regularly updated and regularly visited by both leaders and employees to practice and embody the values of the organization. But at the end of the day, a code is just words. These words do not manifest into a strong corporate culture until senior leadership embeds its statutes into all their business practices. This modeled behavior is what influences the true culture of an organization. This is why we have the phrase “culture always wins.” If your code says one thing but your culture – driven by senior leaders – showcases another, it’s your culture that will define your organization for better or worse.
So let’s talk about a few ways actions speak louder than words when it comes to tone at the top.
1. There has to be accountability, and it has to be equal.
Rules that are not enforced hold no value. Even worse are rules that are enforced for most, while exceptions are made for others – such as high-performing employees. An effective tone from the top, ensures the entire organization knows that the company is committed to its values and policies, and that there will be consequences for one and all alike if those standards are sidestepped.
2. Your incident management process is key to driving a speak-up culture.
As a CEO, senior leader, manager or compliance professional, your tone from the top starts with listening. Encouraging employees to raise their voices to report wrongdoing only gets you halfway to a speak-up culture. Employees need to be convinced that their voices are being heard. That only happens when employee reports are efficiently processed and resolved. An effective incident management process makes it easy and comfortable for employees to report. It provides regular updates to employee reporter so that they are not left wondering what is going to happen next or, worse, fear retaliation. And lastly, effective processes communicate back to employees what has changed, or the reason things are not changing.
3. Tone at the top need to connect through the middle.
Individual contributors who excel in their jobs are often the ones who are made managers. But just because someone is good at their job, doesn’t mean they are good at managing. All managers, especially new managers, need to be trained on how to effectively support their ethics and compliance initiative. Middle managers are an organization’s cultural ambassadors. These are the people employees look to for answers every day, and they need to be equipped to provide those answers correctly and accurately day in and day out.
Give Your Policies a Process
Conflicts of interest have been a compliance concern for long enough that most organizations have the right policies in place. The processes that enforce those policies, however, need the same attention. Effective COI efforts include a process that identifies, manages and resolves conflicts. Employees need to be trained on what constitutes a conflict of interest; disclosure channels need to be promoted so employees know where to report potential conflicts; and management needs to understand the correct protocols to resolve potential conflicts before they become actual or perceived conflicts.
Be Transparent First and All at Once
One form of conflict is a perceived conflict of interest. This is where an actual conflict may not exist; however, there appears to be a conflict from the perspective of the public, internal staff or shareholders. When dealing with a perceived conflict of interest, the only way to completely resolve the issue is with full transparency. This requires putting everything that may be of interest onto the table for all to see. Efforts of transparency need to happen all at once. If there is a steady drip of additional information, it will further turn perception and opinion against the parties involved.
Get Familiar with Likely Conflicts
Conflicts of interest have certain characteristics and tendencies. Train yourself to identify the subtleties of the more frequent conflict types and you will be more attuned to their various nuances.
Consider the four below:
The majority of cyber security breaches are caused by human error. That’s why creating a culture of cyber security is one of the most effective steps to ensure your organization prevents attacks. It’s much better than having to pick up the pieces after an attack.
Use these five questions to get an idea of how your program will weather the storm in the current cyber climate.
1. Does my team use their own phones, tablets or other electronics for work purposes?
A better question might be: Does my organization have a BYOD (Bring Your Own Device) policy? If it does, you are one step closer. Next you have to make sure employees are aware of the policy and that its practices are enforced. One security breach on one device has the potential to affect your entire organization.
2. Do my employees know what to do if they encounter a suspicious email?
Phishing is getting more sophisticated every day. The rule of thumb is to think before you click. And when in doubt, ask. Ensure your employees know they are a critical link in your cyber attack prevention efforts and are ready to act if the time comes. Immediate internal reporting is an essential part of maintaining sound cyber security.
3. Does my team stay on top of required security updates from IT?
As we learned for the major WannaCry ransomware attack, a neglected patch update can cause disastrous effects to an organization. Putting off any type of security update request coming from your IT team puts devices and, therefore, your organization at risk. Reinforce with your team the need to act promptly when a security update is required.
4. How often do we use web apps?
There is an app for everything. Sometime the easy app choice is not the most secure choice. Get IT involved in your app decisions early on to verify the security of any application you plan to bring into your organization’s network.
5. When was the last time you talked with your team about taking laptops on the road?
Team members who travel or work offsite need extra reminders about keeping data safe and secure. Give periodic reminders about the need to be extra vigilant about preventing laptop theft, and using only secure Wi-Fi connections to access the network or confidential documents.
Awareness is key to creating a culture of cyber security. Employees need to know that their behavior has a major impact on the security of the organization. And make sure you are setting a good example.
All you have to do is scroll through your news feed to see a series of headlines reinforcing the need to protect your organization against cyber attacks. Cyber security can no longer be seen as just an issue that IT has to deal with, or just Compliance, Operations or Legal for that matter. Cyber security is an enterprise-wide risk involving all business units, all operational units, all your employees and all your key third parties. That being the case, it requires a cross-functional approach.
Here are four things to know about the current issues of cyber security.
1. Cyber Security is a People, Process and Technology Issue
With the enterprise-wide risk that cyber security presents, it is essential that organizations develop cross-functional approaches. Key players such as IT, Security, Legal, Compliance, HR, Operations, Procurement or your supply chain need to be engaged. Also customer support is a function that many may not consider. However, if your network is compromised or customer data is compromised, you are going to need a way to communicate to your customers. Similarly, public relations and communications teams need to be able to articulate the company’s approach to cyber security and, should there be a breach, will be key in helping the company communicate what’s happening and what it is doing to respond to it.
2. There Is More Surface Area than ever before to Protect
The rise of mobile and other internet-connected devices is increasing the access points that organizations need to protect. Everything from checking our email to accessing our corporate networks to turning the lights on and off in our homes is being managed remotely and provides additional opportunities for bad actors to gain entry to corporate networks. With varying security controls on each access point and the increasing amount of sensitive information managed remotely, mobile habits are creating more surface area cyber security programs must protect.
3. Old Threats Are Manifesting Themselves in New Ways
Consider ransomware: Stealing information has always been a threat, but now bad actors are holding this information until receiving a ransom, or threatening to share the information publicly if a ransom is not received. In some cases, the biggest threat is the complete destruction of information, or just as threatening, the manipulation or corruption of that data.
4. Big Data Is a Big Responsibility
With modern technology and the decreasing cost of storage, we have the ability to maintain inordinate amounts of data easily. But just because we can doesn’t mean that we should. Companies are not differentiating between data that is critical, sensitive and confidential from all the data that is not. The reality of our risk environment is such that there is a good chance that our data is being compromised in some way. Whether it is from careless employees, malicious insiders or bad actors outside our organizations, chances of a data breach happening is high. The key is to differentiate between what is really critical and what is not.
We have to remain vigilant in our efforts against cyber risk. The protections that worked yesterday may not work today, and tomorrow might present an entirely new risk we never expected.
As former FBI Director James Comey stated, “There are only two types of companies when it comes to cyber security. Those that have been hacked and those that do not know they’ve been hacked.” With so many potential entry points to our company’s network (smart phones, tablets, laptops, etc.), the bottom line is that cyber security risks have increased for all organizations, including ours.
Understanding and Managing Our Cyber Security Risk
As a manager, you have a responsibility to help protect our organization’s sensitive information—including personnel, financial and strategic data—to thwart potential risks.
Consider taking the following steps to protect yourself, employees and our organization online:
Compliance with our technical guidelines does not automatically equate security. Even the most compliant organizations have or will experience a security breach at some point. But we should all be proactive about ways to deter, detect and remediate should a breach occur in our organization and your contributions are critical to that equation.
How confident are you that your team’s day-to-day business decisions will help us strengthen a culture of cyber security in our organization? If you’re not sure of the answer, read on!
The majority of cyber security breaches are caused by human error. We need your help to keep cyber security top of mind. Ask yourself the following questions to determine the degree to which your team is helping our organization stay secure:
As with all aspects of ethical and compliant behavior, your team looks to you to determine which behaviors are acceptable and which are not. Remind employees that their behavior can have a major impact—and make sure you’re setting a good example.
As a compliance professional, and especially as a manager in the field, there is no lack of items on your to-do list vying for time and attention. One of the many talents of effective compliance professionals is the ability to do more with less – to create a work environment where you spend the most time on the things that matter most. Consider the four steps below to increase the efficiency of your program.
1. Encourage Anonymous Reporters to follow up on Their Reports
Research has consistently shown that seven out of 10 anonymous reporters are not following-up to their reports. This low rate makes it difficult for investigators to truly investigate a case, thus affecting the overall perceived effectiveness of the hotline/helpline program. Following-up allows investigators to pose questions that will give them additional information to the reported incident and may mean the difference between resolving a case or not. Further, these reporters are not learning whether their concern has been addressed. Both of these outcomes lead to time loss and frustration – both for reporters and investigators.
Whether an anonymous report comes in through the web or hotline/helpline, the reporter is given a unique identification number as well as a PIN. It is important to remind the reporter to save these two numbers in a safe place. These unique identifiers will be the only way that they are able to follow-up on their report. Typically investigators will post any questions they have within ten days of opening their investigation. The responsibility then falls on the reporter to check in and respond to those questions. Encouraging your reporter to follow up, will help ensure the necessary information will be there when you need it.
2. Err on the Side of Millennial-Type Learning Preferences
The term “millennial” is the ubiquitous adjective describing anything from reading habits to the type of snacks stocked in the breakroom. And that’s for good reason. Millennials are a powerful force increasingly defining the modern workplace. However, when it comes to training, it is not about age, but about how individuals – regardless of their generation – engage with the content. Millennials are changing that too – for all of us. Growing up immersed in technology was once a defining trait of a learner; however, with the younger generation filling out more of the workforce, they are effectively influencing the way we all learn.
The youngest two generations will comprise 70 percent of the global employee base within the next four year, and influence the way the workforce as a whole learns. Erring of the side of millennial-type learning preferences will ensure you are providing training content in the most consumable way to the largest portion of your workforce.
3. Master the Executive Summary when It Come to Board Reporting
Your executive summary should be short, and provide a high-level glimpse of the following program focus areas:
Your executive summary should also highlight any resource challenges the compliance department may have which would need board support.
4. Prevent Code Creep (Just Say “No”…sometimes)
To remain effective, your Code of Conduct needs to function at a high level, be principle based and written in a way that is easy to read and use. This can be tough as your organization is full of subject matter experts, many of whom believe their material needs to be included in your organization’s Code. This is where a “no” to code creep, can be a “yes” to a more effective code (see what we did there?) Your Code of Conduct is your most important policy, but that doesn’t mean it needs to include all your policies. It shouldn’t really. Your code needs to be uniform and consistent so that employees can retain the most important information as well and search the document efficiently when necessary. The more detailed legal issues are best reserved for policies. Making the distinction between your communication tool, which is your Code, and the more in-depth policies which support it, will ultimately save you time. Employees will become more informed and the need for the compliance function to provide guidance will decrease as your Code becomes more effective.
Burnout. Fatigue. Stress. When we feel overwhelmed by issues at work, engagement can be the first casualty. Cynicism can start to seep into our conversations, actions and interactions. When this happens, ethics and compliance requirements or issues might feel like just another box to check. After managers and their teams reach a critical point of disengagement with E&C initiatives, you may start to hear things like…
While these kinds of reactions may sound somewhat innocuous, they’re actually the seeds that can grow team-wide dismissal of ethics and compliance efforts. And a dismissive attitude can breed misconduct, unethical actions and a highly-damaging culture of cynicism.
Our organization is fully committed to ensuring that every employee is empowered and equipped to make ethical decisions that are in line with our code of conduct and our core values. The only way to live out this commitment is to help individuals rethink what they say, what they do, and how they get things done through a lens of ethical decision-making.
When E&C requirements are feeling burdensome, consider this: research shows that firms with excellent governance, risk and compliance practices generally have better:
So the next time you hear a team member express scorn for an ethics and compliance activity—or when you’re tempted to say something negative yourself—get back on the right track by reminding your team member and yourself of the benefits of fostering a culture of compliance, ethics and respect.
As always, we want to be a resource for you. Come to us with questions, ideas and issues you’re facing. If morale or engagement on your team is low, let us help you reduce compliance risks related to disengagement while we work together on strategies for addressing the root causes of the issues your team is facing. And remember, as a manager, you are in the very best position to set a tone for your team.
What example will you set today?
When’s the last time you took a few moments to do an ethics and compliance risk assessment on...yourself? Things in our organization can change quickly, including managers’ span of control, members of your team, which vendors we use and more. As your business partners, we in the ethics and compliance department want to be a resource for you when your exposure to ethics and compliance risk changes or expands.
So take a moment and review this list: do any of these sound familiar?
Any and all of these issues (and many more like them!) can create new ethics and compliance challenges for managers. We want to remind you that you are not on your own! If you have questions about ethics and compliance concerns, we want to connect you with help. From one-on-one consultations, training resources and advice to setting up mentoring relationships with other managers within our organization, we are committed to equipping you for success.
Raising your hand when issues come up is a major part of owning ethics and compliance. There is no question too small to ask. Set an example for your team: “speak up” when you face new ethics and compliance challenges. Together, we’ll continue to build an ethical and compliant organizational culture we can all be proud of.
As a manager, you are no stranger to generational diversity in the workplace. With the influx of millennial workers, you are now managing employees from up to three or even four different generations. And the millennials that everyone is talking about will make up 50% of the workforce by 2020.
So from an ethics and compliance perspective what does this mean for you as a manager? Here are three things to consider.
1) Don’t make the mistake of doing things just for millennials or using loaded language (rife with generational or age based stereotypes). That’s a sure-fire way to get your efforts to backfire, and possibly end up being the subject of an age discrimination lawsuit. What you need to focus on is improving the ethics and compliance conversation for every worker, regardless of age. The more we get our employees talking about doing the right thing, the better we will become at recognizing what that is, and executing against it.
2) Understand the needs of your evolving employee population. Research from the Ethics Resource Center concludes that workers between the ages of 19 and 29 are in a significant area of vulnerability in terms of unethical conduct. So the younger you are the more likely you may be to make an ethical mistake. Ensure that all employees (including new employees) have access to ethics and compliance training, that they get to know key internal resources, and that you personally support a speak up culture that allows them to raise concerns and ask questions.
3) Recognize and embrace the new more social and collaborative workplace. It’s not just about millennials; workplaces today are fast becoming a place where ideas can be openly discussed and challenged, information is more readily available to everyone and learning happens more organically and informally. And it’s not just millennials that will benefit from these changes—all employees will see the positive impact.
To support this trend consider your role in fostering that type of work environment for all your employees (regardless of generation) with these ideas:
If you need additional help addressing these issues on your team, please contact HR, the ethics and compliance team, or our legal team. They can help you get to the root causes of an issue and, if necessary, get your team back on the right track.
Maintaining policies is not the job of our ethics and compliance department alone. We all need to ensure that our policies are as effective as they can be—which requires that we work as a team. You are on the front lines with our employees and vendors every day, and may hear about issues with policies long before we do.
Policies that miss the mark—for whatever reason—leave our organization open to risk. Ensuring that our employees and vendors adhere to our policies helps us avoid compliance failures before they occur. We hope you will reach out when you encounter any of the following issues with policies, so we can work together to make the policy more effective.
Contact us when you encounter a policy that is…
1) Difficult to Understand. Our ethics and compliance team is committed to making our policies understandable. If employees are struggling to understand the wording or meaning of part or all of a policy, we want to know. Our goal is to make sure our policies are easy to understand and follow.
2) Outdated. Our goal is to review all of our policies on a regular basis to ensure that they are up-to-date. However, between reviews, your help is invaluable. If you or someone on your team encounters a policy that is out of date for any reason, get in touch.
3) Missing Information Related to New or Updated Laws and Regulations. Because of your area of expertise, you and your team may be the first to know about new laws or regulations that may impact our policies and procedures. If there is a new law or regulation your team knows of—or knows is coming—check with us to determine whether there needs to be a policy or procedure change made to address it.
4) Culturally Insensitive. We strive to ensure that our policies are culturally sensitive. If we miss the mark, we want to know and address is right away. If you or a team member sees something in a policy that is potentially offensive or otherwise needs to be addressed, be in touch right away.
5) Not Correct for (or Applicable to) a Particular Region or Location. Not every region or location is the same, and sometimes our policies must reflect those differences. If you notice something in a policy that doesn’t seem to apply to your location or your team members’ locations, let us know. We may have a specific version of a policy we can provide to you, or we may need to make a custom version of a policy to address the issue.
And finally, contact us if there is an issue you think we should have a policy on, but do not. Gaps in policies are as risky as policies that do not meet our standards.
Policies are the backbone of an organizational culture that supports a culture of ethics and respect. By working together, we can help ensure that our organization continues to be focused on fostering the kind of workplace we all want to be a part of.
Employees who work outside of our normal workplaces—including those working at home or in other countries—present special challenges for managers. For instance, because they are physically separate, it can be easy to pay less attention to them and to assume everything is going well. It also can be harder to ensure their actions are consistent with our code of conduct and policies.
However, nothing reinforces and nourishes our ethical culture more than the words and actions of the leader who employees interact with most often—you, their manager. As a manager of a remote employee or employees, you should make an extra effort to consistently:
Employees who work off-site can increase the risk of ethics and compliance violations. But that risk can be significantly mitigated by the tone you as a manager set—and your diligence in making meaningful connections with off-site employees can have a huge, positive impact on our corporate culture.
Change isn’t easy. And yet, organizations must make changes all the time to stay ahead of business, cultural, regulatory and economic trends.
As a best practice, organizational changes are usually well researched, timed effectively and communicated well in advance. Despite all the preparation that goes into planning and processing policy changes, a successful launch cannot take place without one key element—management’s support.
As a manager, you are the critical piece in helping employees understand and adapt to new processes. Here are three guidelines to keep in mind as you help your employees through change:
1) Address Uncertainty. It can often feel as though decisions that impact employees are being made at a distance. To help your employees better understand process changes, and provide as much background information around the process change as you can. As you talk through the changes, highlight process gaps and the impact those gaps presented for the business. Additionally, provide feedback to organizational stakeholders on your team’s reactions, both positive and negative, to better help management refine the process and make your employees feel heard.
2) Choose the Best Possible Timing & Communication Channel for Sharing Information Related to Change. Do your best to know when changes will be communicated, especially ones you know will impact your team. As much as possible, try to seed in advance that a change in procedure or policy may be coming. If the change must be communicated via email, be sure to cover it in your next staff meeting. If it’s through a Town Hall or other meeting, gather your team after and take questions for follow-up. If you’re responsible for communicating the change, consider the channel. Is this something better addressed in a broader meeting? One-on-one? Is a written communication truly most appropriate, or would it be better as a follow-up to a verbal explanation?
3) Keep the Lines of Communication Open. The more people know—about how change will be coming, and when and how it will impact them—the better it will be accepted when it arrives. Leadership plays a key role in managing employees' resistance to change, but you can help make the process easier for the people you manage. Communicating early and often about coming shifts can help impact how employees react and lessen the overall impact of the only real constant—change.
Many managers assume that harassment isn’t a big deal with their employees. But do you really know if harassment is an issue for your employees? Have you asked them? According to a 2015 survey, 48% of U.S. employees have either experienced or witnessed “abusive conduct” at work (27% have suffered abusive conduct at work; another 21% have witnessed it).
As a manager, we are looking to you to help watch for and prevent harassment before it starts. A powerful prevention tool every manager has is the ability to talk with and listen to his or her employees. Some simple ideas you can use include:
You’re probably reading that last suggestion with doubt. Instead of literally asking them, have a conversation with each employee every quarter (or so) about how things are going in general. Ask them:
You need to be genuinely interested in hearing your employees’ responses and willing to take action; if you aren’t, asking questions will backfire. Inaction in the face of problems can result in employee morale issues, resentment and – worse yet – potential legal liability.
Remember, your silence sends a strong message to your employees – “I don’t really want to hear about it.” Talking about your expectations makes the statement that harassment won’t be tolerated. So, as this year begins, take a different approach. Start a productive dialogue with your employees and aim to improve the culture where you work.
As a manager or supervisor you are the first line of defense in preventing retaliation. All too often, managers and supervisors at some companies get this wrong: we want to make sure we get it right.
Managers and Supervisors are Critical to Anti-Retaliation Efforts
Training and awareness of how to spot retaliation—as well as knowing how to prevent it—are crucial for all organizations. As a manager or supervisor you need to know how to receive and handle reports without retaliating, and how to spot and halt any retaliation you may observe.
Respondents to the Ethics Resource Center’s 2013 National Business Ethics Survey (“ERCBES”) indicated that employees initially report issues to their managers or supervisors over 60% of the time. However, if employees perceive that their “reward” for internal reporting of non-compliance will be retaliation, they are much less likely to report issues of concern to their manager. They may also potentially avoid internal reporting altogether and go directly to a regulator or to the media. In these cases the company is denied the first opportunity to fix the problem.
The ERCBES statistics also showed that 21% of respondents reported being retaliated against for reporting misconduct. We must strive to ensure that this statistic does not apply to the way our organization handles reports of compliance failure.
How can we significantly reduce the instances and perception of retaliation in our company?
Managers and supervisors have a crucial role to play in identifying and eliminating retaliation. Key steps to take include:
1. Understand What “Retaliation” Means
To get a full understanding of our company’s views on retaliation, be sure to read our Code of Conduct and policies on retaliation. In the past, retaliation generally took the form of a manager firing an employee for reporting them for a compliance failure. However, there are often many more subtle ways of retaliating such as:
These kinds of behaviors are considered retaliation, and are unacceptable.
2. Support our “Open Door” Policy
Communicate to your employees how important it is to you and to the company that they feel free to come to you and discuss any violations. Make sure they know that if they do report to you in good faith, the report will be properly handled and there will be no retaliation by you, even if you are named or involved in the alleged violation.
Make sure you say thank you to the employee for coming forward and reporting the issue, and assure them that retaliation is not acceptable and violates company policy.
Additionally, effectively using the “Open Door” policy is part of your higher fiduciary responsibility as a manager and supervisor.
3. Be on the Lookout for Peer-to-Peer Retaliation
In addition to retaliation by a manger or supervisor, the next most likely source of retaliation can be the reporter’s peers. Non-management employees may believe that a peer reporter “sold them out” or got their work group or favorite boss in trouble. This peer response can unleash the most subtle retaliation, often to devastating effect.
As a manager, you have a duty to be on the lookout for this peer-to-peer retaliation and put a stop to any action which might be perceived as retaliation.
4. Follow and Document Good Processes
To demonstrate fairness, make sure that any issue resolution follows a consistent and well-established process which includes:
We need to do everything possible to identify and eliminate all forms of retaliation so that our employees are comfortable knowing that they can and should report issues of noncompliance to our managers.
You may have heard the term “tone in the middle” and its importance in creating a culture of integrity. But why is it important? And what exactly does a middle manager, squeezed between the frontline and the top tier, need to do to create the right tone?
Why It’s Important
Employees take their cues from you. If something is a priority to you, it’s a priority to them. As their leader, employees look at your attitudes and actions to answer the questions, “What’s really important around here?” and “How do we really do things in this organization?” The way the workforce thinks, behaves and works is the very definition of corporate culture. And your behavior is a key factor in shaping the culture.
Intentionally building a culture that has a reputation for ethics and integrity is hugely important for many reasons. But one of the most compelling is that research has shown that ethical companies are more financially successful than others. In the recent Institute of Business Ethics report “Does Business Ethics Pay?” research revealed that ethical companies succeed due to higher productivity, more loyalty from customers and investors, the ability to attract and keep the best employees, and increased trust and improved collaboration with business partners.
What You Can Do to Create the Right Tone
While building an ethical organizational culture may feel like an enormous responsibility, it is a natural outcome of good management. It is also a primary goal of an effective ethics and compliance program, in which you already play a part. There are several things you can do to set the right tone and actively support the compliance program:
As a manager, you play a pivotal role in building and sustaining our culture of integrity. Part of that role is supporting our ethics and compliance program. The outcome of your efforts will be a happier and more productive workforce and the increased economic success of our organization.
The effects of harassment on employees and within an organization can be devastating. Unchecked harassment can erode trust, weaken goodwill and undermine productivity, as well as put our organization at legal and financial risk. The good news is that managers can help us maintain a positive workplace environment in which everyone has the opportunity to thrive. Here are four ways you can help prevent and stop harassing behavior in your organization:
1) Recognize Harassing Behavior When You See It
Harassment typically takes one of three forms:
Verbal Harassment: Sexually explicit or derogatory jokes, innuendo, name-calling, insults, comments or other verbal behavior based on a person’s race, gender, religion, national origin, or other characteristic protected by law or our policies.
Physical Harassment: Inappropriate physical conduct, including unwanted touching or gestures. While physical harassment most often is based on sex, it can relate to any protected characteristic, including religion and disability.
Visual Harassment: Any visual material, including posters, calendars, screen savers, web pages, comics, personal photos—even tattoos—that is sexually explicit or derogatory of a protected characteristic.
2) Address the Behavior Right Away
As an employer, we have a duty to protect all of our employees from harassment and discrimination. As part of that, you have a “duty to act” whenever you become aware of potential harassment—regardless of how you learn of it.
If you see or overhear behaviors that are potentially harassing, the best option is to address it right then, on the spot. You do not need to scold the person or be aggressive, but you do need to point out that their behavior is inappropriate and stop it. Then email HR to let them know what happened and how you dealt with it.
If an employee tells you about potentially harassing behavior, assure them that the matter will be taken seriously and will be kept as private as possible. Thank them for coming to you, then reach out to HR and share the employee’s concern.
If an employee asks you not to tell anyone, including HR, what they have told you, explain that you have a duty to alert HR. If they are suffering such behaviors, others might also. You can offer to keep their complaint as anonymous.
Remember, doing nothing is never an acceptable option. When in doubt, at a bare minimum, reach out to HR or the compliance team for guidance.
3) Know Where Our Policies Apply
Our anti-harassment policies apply in any work-related setting—not just at daily work sites.
Company picnics and holiday parties, client sites, conferences, and business meals all typically are “work-related settings,” so your duty to address harassing behaviors applies in those settings as well.
We are not responsible for our employees’ purely personal, non-job-related behavior (thank goodness!). However, if one employee complains that another employee has harassed him or her off the job, we should take steps to ensure that the behavior does not continue at work.
4) Lead by Example
Your behavior sets the tone for the workplace. Always be respectful and professional and your team is very likely to follow suit. If you have any doubt, before you act, ask yourself whether you would be comfortable if your behavior were recorded with a smartphone and then posted to the internet, with a link sent to our senior leadership. If not, the behavior does not belong in the workplace!
Most executives in management positions are problem solvers. Generally, this is a good thing! But when it comes to handling allegations of workplace misconduct, the urge to proactively “problem solve” can have extremely negative consequences.
When a manager acts independently to investigate alleged misconduct—that is, without first coordinating with legal, compliance and/or human resource departments—they may inadvertently be violating a variety of laws. And even if their informal investigation does not violate any laws, they could be undermining the success of any subsequent “official” investigation.
As a manager, you don’t need to know the details of case law or the names of the underlying statutes that protect employees. But you do need to know what to do—and not do— when you become aware of an allegation. Below are guidelines to follow when you receive an allegation:
Giving your employees confidence that workplace investigations will be handled well—and doing your best to follow the law, as well as your organization’s guidelines for investigations—is a critical part of helping your organization strengthen its culture of ethics and respect.
From time to time you’ve received announcements about upcoming ethics and compliance training. In the past, questions have been raised about what exactly managers are responsible for doing with their teams as training rolls out. Bottom line, you need to touch base with your employees to remind them of their obligation and ensure that time is scheduled so that everyone can complete the training on time. But there’s more. Besides making sure each person on your team completes the course by the deadline, here are some ways that you can help support these important initiatives:
Remember, employees want to know that you support the training before they embrace it. Every time you do or say something that supports the program, it opens their minds to it. Ultimately, what employees learn and internalize from the training helps protect our organization.
One of your subordinates comes to you to ask if she is permitted to keep a gift from a customer. How do you know you are giving her the right answer? You certified that you read our code of conduct and our gifts and entertainment policies but, with everything you are asked to keep track of, how accurate is your memory?
Our policies (including our code of conduct) are important tools for managing the business risks they address. They set the behavioral standards for all our staff members, but they are only good controls if employees consult the policies when faced with a pertinent issue, and act according to the guidance. As a manager, you have two important responsibilities related to our organization’s policies–ensuring access and use.
Does your staff know where to find our policies and how to use them? You and your staff are responsible for complying with all company policies, and being able to access them when necessary is the first step. Here are some tips to help:
One reason employees do the wrong thing is because of a lack of awareness and/or full understanding of our policy or procedure. As a manager, it falls to you to make sure they understand the types of risks and problems they may face in their jobs and how they are expected to behave. That means they need education on where to find the related policies, but also on how to apply the standards. Consider these ideas for educating your staff:
Employees generally want to do the right thing. It is part of your job to make sure they have access to and know how to use all the important tools that are available to support their efforts. Our organization’s policies and procedures are some of those tools and should be referenced and brought forward to encourage continued use. This helps to protect our stakeholders, our coworkers and our organization.
Like all great companies, we focus on ensuring that we have an effective compliance program. While our primary focus is on what we and our employees need to do to ensure compliance, we cannot stop there. Whether we like it or not, our employees are only one element of the compliance equation. We also have many critical partnerships with agents, contractors or other third parties. As a result, it is necessary for us to also focus on the qualifications and actions of our current and proposed third parties.
Use of Third Parties May Elevate Our Risks of Bribery and Corruption
The third parties we engage can have a significant impact on both our reputation and bottom line. While our supply chain has always focused on the qualifications and actions of our third parties with respect to quality and services, we also have to be sure that we focus on bribery and corruption risks.
In fact, in the U.S., over 90 percent of all FCPA bribery and corruption actions in the last few years have involved the actions of third parties. Among other issues, these cases have involved: use of illegal payments to obtain licenses or permits; bribes to ensure successful awarding of contracts; or payments, trips or scholarships to relatives of government officials to gain access to decision makers of state controlled companies.
What Steps Can We Take to Lower Our Third Party Risks?
If you work with or engage third parties:
Communicate our Compliance Policy and Expectations to Third Parties
We cannot just assume that third parties understand our expectations about what constitutes compliant behavior in accordance with our code of conduct or third party policy. Best practices require us to take steps to communicate these to our third parties and confirm that we are comfortable they have had training on the risks.
What Are the Third Party Red Flags We Need to Watch Out For?
Some third party relationships may send up obvious—or more subtle—indicators that the organization is not being engaged for legitimate business purposes. Some of the red flags may relate to commercial bribes and others may be more related to the bribery of government officials. Both elements of bribery violate our code and must be prevented. Look for things such as:
Trust but Verify
Third parties are critical partners of ours and this communication is not meant to suggest that third parties are not trust worthy or are all willing to pay bribes. Their role in the success of our company’s strategic goals cannot be denied. Nevertheless, we must continue to exercise reasonable due diligence, oversight, training, monitoring and auditing of our third parties to ensure that they do nothing to harm our company’s reputation. “Trust but verify” perfectly sums up our relationship with third parties. Third parties with nothing to hide should not fear a strong, effective compliance program like ours.
Our company offers employees a number of avenues to raise questions or concerns. You, as a manager, are a primary resource for your team members. An alternate resource is our company’s hotline/helpline that employees can use to report either anonymously or offer their name and contact information. We do not discourage anonymous reporting and, as managers, it is important to respect this option. We do ask, however, that those who report anonymously remain engaged in the process by following up on their reports.
The Majority of Anonymous Reporters Don't Follow Up on Their Reports
Research has consistently shown that seven out of ten anonymous reporters are not following-up to their reports. This low rate makes it difficult for investigators to truly investigate a case, thus affecting the overall perceived effectiveness of the hotline/helpline program. Following-up allows investigators to pose questions that will give them additional information to the reported incident and may mean the difference between resolving a case or not. Further, these reporters are not learning whether their concern has been addressed. Both of these outcomes lead to frustration – both for reporters and investigators.
Explaining the Process to Your Team
Whether an anonymous report comes in through the web or hotline/helpline, the reporter is given a unique identification number as well as a PIN. It is important that the reporter save these two numbers in a safe place. These unique identifiers will be the only way that they are able to follow-up to their report. Typically investigators will post any questions they have within ten days of opening their investigation. The responsibility then falls on the reporter to check in and respond to those questions.
Periodically Remind Your Team of the Importance of Reporting All Misconduct
The company has incorporated processes during the initial intake of a report designed to increase awareness of the importance of following-up. However, we need your support in reminding and encouraging all employees who report to you to stay engaged in the process and see it through. You can do this in a group or staff meeting as part of a discussion of the overall hotline/helpline process. If you need additional information about our processes you can contact the ethics office and we will be happy to assist.
We encourage all managers to embrace their role in developing the culture surrounding the use of a hotline/helpline and all of our reporting options. Consistent and positive encouragement can increase the effectiveness of these processes and help us all benefit by creating a stronger organizational culture.
As you know, the company has a number of ethics and compliance resources in place to ensure that everyone understands our expectations and standards. These resources include training modules, our hotline and our Code of Conduct.
The code of ethics may be the most underutilized resource that we have. It is an excellent summary of our ethics and compliance standards, and it includes information about what we need to do to report problems and ask questions. And yet, for the most part, employees only refer to the code once a year during the annual certification process.
Everyone is busy, but if we aren’t proactive about ethics it can fall between the cracks. As a manager, you have a critical role to play in ensuring that employees and our business partners are clear on what they need to know and do when it comes to ethics and compliance. The more we discuss ethics and compliance, the more we make it clear that it is a priority for us, and that can go a long way to protect our company’s reputation and good name.
With this in mind, here are some tips for how you can make the most of our code to help deliver important messages about our commitment to ethics.
And finally, we are continually gathering information about how to improve all of our ethics and compliance resources, including our code. We count on you to provide us with suggestions for how the code can be improved. What comments, praises or concerns are you hearing? Are there topics or risk areas that should be included or expanded in the next revision of the code? Have you seen other companies’ codes that you feel are more effective or user-friendly than ours?
As a manager, you may have questions about the role you should play when there has been an allegation that our policies or our Code has been violated. The answer falls into three main buckets:
1) When you are the person accused :
It is natural for managers accused of wrongdoing to be angry and frustrated. However, whatever the underlying facts may be, it’s important to realize that being accused “comes with the territory” of being a manager. Sometimes employees think a manager has done something wrong when, in fact, they have not. Other times various workplace dynamics may be in play. We understand that this is often the situation. To help us resolve the issue, here are some suggestions:
2) When you are not the person accused:
Managers who learn that an investigation is being conducted in their business unit often worry that the outcome may reflect poorly on them. Other times, the manager may want to try to “solve the problem,” and address the underlying behavior themselves. While these are common reactions, it’s imperative that you let the investigation run its course:
3) If you learn of a potential violation of our policies or Code:
Sometimes you may be the person that has alerted us of a potential problem. Remember, we need to know about all potential violations as soon as possible. Alert us to any potential violations, even if:
Our goal is to surface problems and resolve them as quickly and fairly as possible. This can’t be done without your support and cooperation.
Most hiring managers understand that they should avoid questions related to a candidate’s national origin, citizenship, age, marital status, disabilities, other protected characteristics, as well as arrest record, during the interview process. But is it okay to research a candidate’s social media profiles? What seemingly harmless conversation topics might create legal or ethical issues or risk?
Follow these four guidelines to make sure your hiring processes are legal, fair and responsible—and help you identify the best candidates.
1) Be Prepared
The importance of being prepared would seem obvious, but many managers enter interviews without sufficient preparation. Plan your interviews ahead of time. When you’re equipped with questions that focus on the knowledge, skills and abilities needed for success, you’ll be more likely to identify great candidates—and less likely to veer into risky territory. Uncertain about whether a question is acceptable? Check with our HR or compliance department in advance.
2) Don’t Conduct Your Own Internet Research on Candidates
Researching a candidate online is not unlawful. Indeed, many companies do credit checks, criminal background checks and social media research during the hiring process. But looking up this kind of information on your own can create risk.
First, you might come across information, such as photos that you feel indicate “poor judgment,” that leads you to reject a candidate. Likewise, you might find a reason to prefer a candidate, such a political causes or affiliations. The risk is that in such situations, you may substitute your personal biases for the values of our organization. It also could lead you to select someone who is not, in fact, the strongest candidate for the role. And, of course, if the reason you select or reject a candidate is based on a protected characteristic, you may be violating the law and our non-discrimination policy—clearly, a bad thing.
Second, depending on how you conduct your research and what you find, you might be violating the law. For instance, some states prohibit an employer from asking for a candidate’s username and passwords for social media accounts. Gaining access to restricted (private) pages through “pretext”—for example, by asking a candidate to “friend” you, by posing as someone you are not, or by asking someone else to do so—also can raise legal and ethical issues.
As a result, the best course of action is to:
If the organization will be using background checks or social media research in the hiring process, inform each candidate so that she/he can plan accordingly.
3) Don’t Make Promises About Jobs, Visas or Sponsorships
Candidates will view you as speaking on behalf of the organization. As a result, any inaccurate statement you make to a candidate—even if you thought it was true—can be problematic, and, depending on what you say, might even create a legal problem. When it comes to questions about relocation payments, visa sponsorships, benefits information, etc., suggest that the candidate follow up with HR who are the resident experts and will be able to give the best answer.
4) Follow Our Standard Processes for Recruiting and Hiring
There’s a good reason we have these policies and procedures in place. If you aren’t familiar with our hiring policies, or if anyone in your department needs a refresher, talk to the compliance, HR, or recruiting team. Seeking help from experts is a sign of intelligence, not weakness!
Eye rolls. Chuckles. Silence.
It’s easy to recognize signs of employee cynicism when it comes to ethics and compliance (E&C) activities. What’s harder to accept is that employee cynicism signals disbelief that the organization is seriously committed to a culture of integrity. Unchecked, cynicism can lead to higher risk of misconduct—ultimately the company’s reputation and bottom line.
1. Role Model Appropriately
Often, leaders don’t realize the impact their behavior can have on shaping organizational culture. An offhand remark or a dismissive attitude can speak volumes. Be personally committed to modeling behavior that supports an ethical culture, even when you think no one will know.
2. Hold Yourself and Others Accountable
Demonstrate consistent accountability. If top producers and leaders experience the same types of corrective action for misconduct as everyone else, word will get around.
3. Make E&C Real for Your Employees
Nothing frustrates employees more than training, emails, surveys and meetings that are not relevant to their work or are perceived to be unnecessary. Discuss E&C situations that your employees can relate to.
4. Bring E&C Topics into Everyday Communication
Your E&C program is not an add-on to the business—it defines how employees should work every day. Make a habit of talking about E&C as a regular part of work discussion. For example, introduce brief “safety moments” in staff meetings to discuss what employees should know about working safely. Or try an “ethics moment” to discuss doing the right things in situations that can really occur in their jobs.
5. Regularly Communicate Expected Standards and Conduct
E&C tools help us do what is expected and appropriate at work. We may think we know it all, but we need reminders. Repetition of E&C concepts is important so that we can recall the information we need at the moment we need it.
6. Emphasize the Importance of Speaking Up
Employees speak up when there’s something broken in the workplace. Why not speak up if there’s a question about conduct that could derail the organization? Employees protect their own company—and jobs—by reporting concerns.
7. Demystify the Reporting Process
Let employees know the different methods they can use to ask a question or report a concern. It’s especially important to explain what to expect after making a report.
8. Address Concerns about Reporting
Fear of retaliation can prevent people from speaking up. Help employees understand that retaliation won’t be tolerated. Explain what they can do in case they feel they are experiencing retaliation. Another inhibitor can be the belief that nothing will be done with their report. Here it is critical to model your own commitment to action and to closing the loop with the reporting employee once action is taken.
9. Be Available
As a manager, be available to your employees and third-parties in case they want to report or have questions. And don’t just say it. Do it.
In a recent Harvard Business Review article, “Can Your Employees Really Speak Freely,” two business professors shared their research findings related to the gaps between managers’ perceptions of their approachableness, and the reality.
As a manager, being approachable is critical, because most employees prefer to speak to their managers about ethics and compliance issues before going to HR, ethics or a hotline/helpline.
Based on the article, here are five questions you can ask yourself about your approachability:
1) Do you issue general rather than specific invitations to check in with employees? “Come and see me any time” is not as effective as sending a meeting request or scheduling a specific time to check in with members of your team. Also, consider whether it is easy or hard for your team to find your office and visit. Can they come by casually, or does it feel like a big deal to stop by?
2) What messages are you sending with your body language? The authors warn against “conveying your power through subtle cues” that indicate dominance. If you’re sitting behind a huge desk, crossing your arms, or frequently checking your phone during meetings and conversations, you could be sending a message you don’t intend.
3) Do you follow up with employees’ questions and suggestions? If a team member comes to you with a question, suggestion or concern and you listen but take no action, your trust with that employee erodes. Commit to following up, and let them know what action, if any was taken—and if not, why not.
4) Are most of your conversations with your team fairly formal? If you rarely have casual conversations with your employees—or if every conversation feels “high stakes”—employees will be much less comfortable sharing information with you.
5) How do you handle brainstorming sessions? Your approachability can be significantly impacted by how you treat team members during those moments where they’re out on a limb—including sharing new or off-the-cuff ideas in front of other team members. This frequently happens in brainstorming or planning sessions. When team members feel safe and protected there, they’re more likely to find you approachable and trustworthy.
The more your team members feel comfortable with you, the more likely they are to speak up when they have a question or an issue. And that helps us better protect our company, our reputation and our bottom line.
When it comes to pay, employers want to get it right. But before you can get it right you have to first know what “right” is – that means understanding your organization’s policies and ensuring that you consistently follow the guidance provided. Staying informed is one of the simplest ways to prevent rule violation.
Although the rules can be complex, these 3 steps will help you and your employees stay informed:
1.Don’t Assume, Check Your Policy
Rules are different depending on whether employees are “exempt” or “non-exempt” from overtime. Know the status of each member of your team and if you manage non-exempt employees, be sure that you know the specific policies set by our organization. In general, employers must pay non-exempt employees at least a minimum wage for all hours worked and overtime as required by the law. But, there may be additional rules that dictate things such as timing of meal periods and/or breaks during an employee’s shift. Overtime rules may also vary by state. For example, is it after 40 hours during the week or after a certain amount of time each day?
2.Inform and Educate
Ensure that employees also know the rules about their own work hours and reinforce the importance that they adhere to them. It is easier to hold employees accountable to policy when they know exactly what is expected of them. This goes double for managers. See next step.
3.Cultivate a “Speak Up” Culture
Create an environment where employees feel respected enough to speak up and approach managers with questions regarding policy. In a “speak up” culture there is a comfortable dialogue in which employees trust managers to be knowledgeable and forthright about external work-hour regulations and internal policy guidelines.
Innocent mistakes and ignorance of the rules do not protect us from liability when errors in pay happen – so it is important that you understand what is expected, ask questions and get issues resolved properly. You don’t have go it alone. Employees and managers need to work together to ensure both understand and follow an organization’s policies. Managers should not be shy when it comes time to raise questions or concerns about pay or hours.
Managers who create positive, respectful team cultures are not only a tremendous asset to our organization, they help protect it from the legal, financial and reputation risk that can be caused by misconduct.
As we end this year and look ahead to next year, we want to encourage you to reflect on steps you can take to make your team culture even stronger. Consider the ideas below—and remember that the ethics and compliance team is here as a resource for you. We would love to help you brainstorm additional ways to help employees embrace our values and mission.
An organizational culture is only as healthy as its teams. Thank you for all you’ve done this year, and all you’ll do in the coming year to help us maintain a culture of ethics, integrity and respect.
Do the right thing. Uphold our values. Always act with integrity. These are the kind of messages you’ll typically find in our code of conduct and compliance training. But what about those grey areas? Our training tells employees to ask for help anytime they encounter an issue they’re unsure about. However, before they ask, most people try to find the right path on their own. This is often where poor decision making can get organizations and individuals into trouble.
The good news is this: as a manager, you can help your employees avoid unethical business practices. And in fact, our training messages come to life when you reiterate them. Research has shown that people typically make poor decisions for one of four reasons: lack of understanding, pressure, lack of accountability and self-interest. Here are ways you can support your team in ethical decision making around each of these issues:
Lack of Understanding: Employees may not recognize when they are dealing with an ethics or risk issue, or they may lack understanding of the rules and standards that apply. Sometimes, it can be simply not realizing their responsibilities in a sticky situation.
Remedy: Watch the news, check out blogs and talk to your team about the types of risks and ethical challenges that may occur in your organization. Pick one or two issues that are particularly relevant to your staff and the work they do. Work through the “what if” situation using our code and policies as guidance. This helps them walk through the process of ethical decision making in advance of a problem while demonstrating your willingness to help with a tough issue.
Pressure: Time and performance pressure are part of today’s business world. However, pressure applied by management or peers to achieve an impossible deadline, or to do something that violates values or rules, can push good people to cross the line. Inappropriate incentives can do the same thing.
Remedy: Keep an eye on the pressure meter in your work group and any extraordinary incentives to “get the numbers” or “have zero safety incidents.” Verbalize to your staff, often, that there is no justification for misconduct.
Not Enough Accountability: Inconsistent discipline for misconduct sends the message that our organization is not serious about doing the right thing. Discounting future consequences in favor of immediate gain is a risk when there does not seem to be accountability for making ethical decisions.
Remedy: Make sure to take corrective action consistently when needed. And when you educate your team on the issues they may encounter, be sure to emphasize the consequences of bad behavior—both short and long term.
Self Interest: It is, unfortunately, human nature to believe that we are smarter, more deserving and better than we really are. In the workplace, this can lead to a “slippery slope” situation where someone rationalizes doing just one small bad thing, which makes the next bad decision easier, and so on. By his own admission, this type of thinking landed Andrew Fastow of Enron fame in jail for many years.
Remedy: Talk with your staff about the human frailties we all share, and do it often. Awareness of a temptation can be built through periodic repetition of the potential risk.
Celebrate Good Decision Making
It’s easy to overlook the good decisions being made in your work group. Make a point of looking for these and mentioning them in staff meetings. Such decisions make good instructional moments—and the person who did the right thing will appreciate the kudos.
It’s one of the parts of your job you like the least: you receive a complaint about a team member, and an internal investigation is underway.
As a manager, your participation in workplace investigations is critical in creating optimal outcomes. You also have the very important role of maintaining confidentiality and coaching all of the team members who may be involved to do “the right things right,” both during and after the investigation.
Here are some do’s and don’ts to keep in mind:
Workplace investigations can be difficult for everyone involved. But ultimately, going through the process of an investigation is essential in helping correct issues that can undermine a healthy corporate culture.
Everyone has heard the old adage, “the cover-up is worse than the crime.” So why do we continue to read news stories about organizations that knew—or should have known—about problems that could endanger public safety and ultimately damage their company’s reputation?
A Rash of Recalls
A rash of recent recalls among auto-makers has brought this issue to the forefront once again. Over the past few months, several manufacturers have been forced to recall thousands of vehicles, pay millions in fines and admit that they have endangered the lives of their customers.
In one of the cases, it is documented that the issue was discovered numerous times and either ignored or buried. As with most organizations in this situation, the company is already facing serious reputational damage and heightened legal risk due to an issue that was known and left unaddressed.
Could it Happen Here?
Research shows that there are two reasons why people don’t speak up or report issues: the belief that nothing will be done, and fear of retaliation. If employees at our company have these concerns then some version of the scenario described above could happen here.
So how do we prevent this and protect our good name and reputation?
Don’t ignore or cover up a problem. As this case demonstrates, it rarely turns out well. If you become aware of a problem or concern that is not addressed or appropriately resolved, it is important that you speak up. And, as a manager in our organization, you have a responsibility to take action to ensure that the right people are involved to properly investigate the situation.
Doing Your Part
To help protect our organization, our employees and our reputation, let’s all help each other to be sure to:
Our company offers a number of avenues for employees to raise questions or concerns but you, as a manager, are always our first line of defense for your team members. An alternate resource is our company’s ethics helpline which employees can use to report either anonymously or offer their name and contact information. We support and protect anonymous reporting and, as managers, it is important for all of us to align on this point and to respect this option. Anonymous reports allow our employees to make reports that they simply may not be comfortable making in person.
We also recognize that having an anonymous report lead to an investigation in our own organization can be uncomfortable. Here are some factors and guidance for you to consider should you find yourself in this situation:
One critical aspect of these reports – that will assist in the substantiation of anonymous reports – is advising all reporters follow-up with their report. The company has made it part of our intake process to highlight the importance of following-up, but needs your support in reminding and encouraging employees who may report anonymously to stay engaged in the process and see it through. You can do this in a group or staff meeting as part of a discussion of the overall helpline process. If you need additional information about our processes, contact the ethics office and we will be happy to assist.
We encourage all managers to embrace their role in developing the culture surrounding the use of the helpline and all of our reporting options. Consistent and positive encouragement can increase the effectiveness of these processes, and continue to make our workplace one where we are all invested in our culture.
Workplace harassment and discrimination, in any form, can damage company culture, stifle innovation and depress morale. But the harmful effects can go much further, creating “career limiting” outcomes for managers and leaders and resulting in serious financial penalties for companies who allow discrimination issues to fester.
During fiscal 2014, the U.S. Equal Employment Opportunity Commission (EEOC) fielded 88,778 charges of workplace discrimination. The top five discrimination charges were retaliation, race, sex (including pregnancy and sexual harassment), disability and age.
As managers, you are in a unique position to help prevent, identify and address potential issues. To help our organization ensure that we’re fostering a culture of fairness, ethics and respect, while avoiding the risks of legal action, managers need to:
Ensuring our workplace is free of all forms of harassment and discrimination can challenge even the best managers and leaders. If you need additional help with addressing potential discrimination issues, please contact HR, the ethics and compliance team, or legal. They can help you get to the root causes of an issue and, if necessary, get your team back on the right track.
Many supervisors feel uncomfortable giving their employees feedback. Many even avoid giving feedback altogether because they fear a negative reaction or are nervous about saying or doing something that could be seen by an employee as harassment or discrimination. Some just don’t like being critical of others.
But giving frequent, accurate employee feedback—both positive and negative—is one of the best ways to create an engaged and motivated workforce, and is critical for the success of our organization. Here are five tips on giving feedback —while staying within the bounds of ethics and compliance best practices—for high-impact results.
1) Set the Right Foundation
Early on, communicate your performance expectations for each of your employees. Define the goals you want to achieve and set clear targets for each employee. Explain that you’ll check in periodically on progress towards those goals. Setting the stage for honest and frequent feedback early on will make it easier and more natural to communicate constructive feedback when it’s needed.
2) Highlight Employee Achievements
Employees are more motivated when their contributions are recognized. Hearing positive feedback, especially when it is timely and specific, helps employees maintain their confidence. Reinforcing and recognizing positive behaviors also helps set a strong, supportive tone for the team.
3) Promptly Communicate Concerns
Feedback needs to happen in real time. Without feedback, employees will naturally believe that their performance is acceptable. So, the longer you wait, the longer the problem will persist. Delaying constructive criticism also can negatively impact your team culture if other employees feel that nothing is being done about an issue that affects everyone. Giving prompt feedback sends a message that you care about your team’s success, and that you actively support improvement and growth
4) Motivate Change
When preparing to give feedback, especially if it includes criticism, consider these principles for the best outcome:
5) Document the Conversation
Once you’ve provided feedback, make a record of the conversation using specific, factual descriptions. A good tool can be an email to the employee recapping your conversation. Document:
Employee feedback doesn’t have to be an uncomfortable or defensive process. It is a valuable tool for growth and should be done frequently. Use these tips to provide feedback that motivates change and helps build empowered, resilient, and skilled teams.
Despite our best efforts, ethics and compliance training and requirements can seem like distractions to front-line employees. Managers who bring E&C principles to life for their teams can have a major, positive impact–not only on their teams, but also on their organization’s efforts to mitigate compliance risk.
So how can you help your team see the value in compliance—and make E&C real for your team? Here are five ways managers can have a true impact:
Ensuring employees see E&C as a vital component of their personal success—and the company’s long-term health—is one of the key contributions managers can make to the success of our organizations.