Tools & Resources

Ready-Made Memos

Ready-Made Memos are topical best practice messages that are ready to be shared with your team when you want them and when you need them. 

Choose from the topics below. Expand content using the arrows on the right. And copy and paste the messages into your internal newsletter and messaging to keep compliance top of mind with your managers and strengthen your organizational culture.

Copy-and-paste compliance communications for your company

  • Harassment Is a Human Issue

    How we view issues determines how we go about resolving them. Like many issues facing ethics and compliance professionals, sexual harassment is a compliance issue, but also more specifically a human issue. Human behavior is what is responsible for harassment and any response to eliminate harassment needs to account for a change in behavior.

    Harassment takes the human aspect a step further than many compliance issues. It is not only created by human behavior, but it can also be defined by how other humans interpret that behavior. What may not be considered derogatory or diminishing to one may be interpreted that way by another. And that matters.

    Furthermore, while all harassment may not result in liability for an organization or supervisor, it can affect employee performance and your organization’s ability to retain good people. This is usually seen in behavior that creates a hostile work environment and involves conduct toward an employee that is unwelcome. The behavior is considered hostile when it becomes so pervasive that it alters an employee’s working conditions.

    So when it comes to creating work environments that are free from harassment in all its forms, we need to focus on our people – harassers, victims and the larger employee population who are key to driving a culture of ethics and respect.

    Here are several steps you can take to focus on the human issue of harassment.

    Keep People Accountable

    Enforcement doesn’t have to mean dismissal or severe consequences, but it does have to mean consequences. People need to be held accountable for the way they act and the things they say. Behavior ranging from full-blown sexual harassment to creating or perpetuating hostility in the workplace need to be addressed with a similar range of responses. Allowing any instance of harassment to go unaddressed supports a permissive culture and undermines the effectiveness of your compliance policies, training and leadership.

    Never Blame the Victim

    When people come forward with a report of harassment, treat them with the respect warranted by such a courageous act. It is not easy to bring forth these reports. That’s why, according to the Equal Employment Opportunity Commission (EEOC), “Employees who experience harassment fail to report the harassing behavior or to file a complaint because they fear disbelief of the claim, inaction on their claim, blame, or social or professional retaliation.” We see here that victims are already fighting an uphill battle. They should not be met with judgement or second guessing when they take the necessary step of reporting their experiences.

    Make Everyone Aware of the Impact of Their Words

    Employees in the modern workplace should be taught to think before they speak. If a comment is diminishing, marginalizing or any other quality that may negatively affect fellow employees, the comment is best left unsaid. This ties into driving a larger culture of ethics and respect that does not rely on policies to eliminate bad behavior, but on culture to naturally enforce the sentiment of policies with a tone of: That’s just not how we do business.

    Create a Listen-Up Culture

    The common turn of phrase is “speak-up culture,” however that puts the onus of speaking up on the employee. Before a victim of harassment will speak up, they have to not fear, as quoted earlier from the EEOC, “disbelief of the claim, inaction on their claim, blame, or social or professional retaliation.” This means leadership and the compliance department need to ensure employees that their reports will be heard, taken seriously and resolved efficiently. After consistent proper handling of incident reports, employees will understand that the organization values their voice and is ready to listen.

  • How to Train the Millennial-type Learner

    Generation differences can play a big role in how employees engage with aspects of our business and compliance programs. What’s interesting is that this is becoming less true for how employees across all generations engage with ethics and compliance training. For instance, Millennials and Nexters (those born after 2000) are often referred to as digital natives. These are young folks who have grown up in the era of the internet, mobile devices, and social media who are steeped deeply in technology. One would think that these tech savvy individuals would have higher preferences for compliance training that is socialized, gamified, visually engaging and interactive. While Millennials do prefer this type of training content, so does everyone else.

    Millennials and Nexters, who together will make up 70 percent of our global workforce by 2020, are not only changing the way we have to offer training, but they are also changing the way the rest of us learn. This might be less about generational idiosyncrasies, and more about general advancements in technology. In any case, our compliance training must adapt to meet the needs of the modern learner.

    4 Ways to Engage the Millennial-type Learner


    Keep Training Formats Dynamic

    Mobile devices, live streaming, on-demand content and multiscreen media consumption have all contributed to the way we apply our attentions. Today everyone is a multitasker. This means that we need to use a blend of training styles so that no one format grows stale to the learning. According to NAVEX Global’s Definitive Guide to Ethics & Compliance Training the top programs use a mixture of “live and e-learning, short- and long-form courses and a variety of engaging formats, and a disciplined approach to reporting and measuring training effectiveness that focuses on training outcomes.”


    Make It Visually Engaging

    Think about the evolution of the cinematic experience. For instance, compare the special effects of a great, yet old movie like the Goonies, with something like Avatar, which itself is now a few years old. After being introduced to the whole new world of computer-generated imagery (CGI), some of our old movie favorites start to lose their appeal because we are more attuned to flaws in the set, unrealistic costume design and contrived special effects. Consider this when you deploy your training courses. Do those courses reflect the visual media that learners are now accustomed to? Do they offer the same seamless digital experience? It’s not just updating the clothing actors are wearing, but also the layout of the interface, good use of white space and packaging up complex concepts in easily consumable ways.


    Embody the Social Dialogue

    Social media has gotten everyone excited about building connections. This is great for peer-to-peer learning, which can help the adoption of training concepts through naturally occurring discussions among co-workers. Think about different offline ways to complement your online compliance training. Have manager-led discussions around case studies to help further educate employees on specific behaviors – these should be sanitized of course and respect confidentiality. Training concepts could also be woven into team and department meetings so employees are regularly connected with those concepts and have a chance to discuss them with others.


    Tell a Story that’s Hard to Put Down

    While younger generations are often labeled as having short attentions spans, they have also been responsible for a new phenomenon called “binge watching.” This is where people consume multiple episodes of a TV show in one sitting. Now that sounds like expanded attention. This seems to indicate selective attention. And that attention is reserved for highly engaging content that tells a story that you just have to see what’s coming next. So while your training program might not be able to rival the production value of a Game of Thrones or Netflix original series, you can still ensure that learners are engaged in a story. And this story should be relevant to employees and not just tell them about concepts but actually place them into scenarios where those concepts can be seen in their day-to-day jobs. 

  • 4 Steps to Elevate Your Personal Compliance Brand

    Ethics and compliance is a people business. Sometimes the person you have to focus on first is yourself. Take the necessary steps to create a daily, weekly or monthly professional development plan to grow a little more every day and create a personal compliance brand that transforms your program and your career.

    Use these four steps as general guides directing your efforts toward developing professional credibility and your personal brand.

    1. Know It All, or at Least as Much as You Can

    A lot of times the buck stops with Compliance. And that means we need to have the answers. Elevating your professional standing and personal brand as an integral part of the business requires an extensive knowledge of the compliance industry and its evolving landscape. Therefore, learn the business and learn everything you can that touches your work.

    You can start by selecting one of Compliance Next’s five learning tracks to take your ethics and compliance knowledge reserve to the next level.

    2. Hone Your Expertise with Experience & Community

    Becoming an expert requires more than just knowledge. The most effective compliance professionals have a deep understanding of their field, but also know how to navigate through unexpected situations, and handle issues that can’t always learned from a book. The best way to build your expertise is through experience – putting in the time. The next best thing is expanding and strengthening your professional peer network. A tight knit group of compliance professionals who actively share experiences and lessons learned can effectively contribute years of expertise to one another through knowledge sharing.

    Explore groups on Compliance Next to start building your peer-to-peer network.

    3. Make Respect a Part of How You Do Business

    Respect is key to relationship building. It’s key to gaining the loyalty of your peers, department and organizational decision makers. And it is also key to supporting the larger healthy workplace culture that compliance professionals are charged with cultivating. So, as a starting point, always speak and act with honesty and transparency. There are enough hidden agendas at play in workplace politics. Make it a point to develop trusting and honest relationships with all those you interact with, as well as be a champion who fuels that behavior throughout the organization.

    4. Don’t Avoid Accountability

    The higher you rise in your career, the more responsibility you acquire. Effective professionals in any function bolster this responsibility with accountability. Understand that your decisions and actions are just that, “yours,” for better or worse. Everyone makes mistakes; established compliance professionals own their mistakes and take the necessary steps to amend the wrong and improve for next time. It’s all part of the growing pains of a successful career.  

  • Does Your Incident Management Program Even Work?

    Your organization has an inherent information source ready to provide early warning signs of problems percolating within. This is your whistleblower hotline and incident management program.  Effective incident management programs nurture speak-up cultures, help programs focus on the most critical areas of behavior change, and provide a safe and confidential place for employees to clarify policy or discuss concerns.

    Each facet of an effective whistleblower hotline and incident management program enables compliance officers to respond swiftly to prevent, contain or resolve incidents before they become compliance disasters. That is, if your hotline and incident management program is factually effective. The only way to know this is to test.

    How to Test Your Program

    Call Your Hotline & Submit a Web Report

    Test your hotline by calling it directly with various compliance concerns, reports, questions and violations. The goal is to ensure that the system in place processes, triages and elevates reports properly. Track your reports all the way up your organizations to see if escalation kicks in properly to notify your compliance team and board when necessary.

    Make Sure Your Program Works for Everyone

    First off, is the call specialist answering your hotline able to speak the language of the caller? Same goes for your web intake platform – are necessary forms and communications translated to meet the language needs of all your employees and third parties? Next, ensure technical functionality of your system. Can your hotline be reached from every country in which you do business?

    Test Validity of Reports

    Your team may be receiving reports, but are they accurate and comprehensive enough to prompt effective and efficient resolutions? Ensure your call specialists are equipped to gather as much necessary information as possible to thoroughly process each report. Likewise, managers need to be trained to handle open-door reports with confidence. Additionally, along with receiving each report, managers must enable and encourage anonymous whistleblowers to follow up on their reports.

    Sit Back & Wait

    Proper processing, user-friendly technical functionality, and both report comprehensiveness and accuracy are all key components to an effective incident management program. But before you can call it good, you have to test for timeliness. How long did it take for the report to get to you? How long before you were followed up with about the reported incident? Timely follow-ups to employee reports assure whistleblowers that their concerns are being taken seriously. This alone plays a major part to ensure incidents do not fester into bigger issues while reports are being processed. Timeliness is also essential to prevention. There is a finite window of time in which compliance responses can be proactive. When that window closes, you have to resort to containment.


  • Know Why You Made Your Due Diligence Decisions, and Document It

    As companies implement more robust risk management programs, we can expect to see more post hoc analyses and questioning of due diligence programs. How do companies design their systems in response to this rising expectation?

    Companies cannot blindly conduct due diligence, document each step and avoid careful analysis of third-party risks. Last year’s Och-Ziff enforcement action underscored this point when Och-Ziff conducted due diligence of an Israeli businessman, DRC Partner, and raised serious questions about DRC Partner’s integrity. In fact, the DOJ cited the internal disagreement within Och-Ziff management over whether to engage DRC Partner or not in their action.

    The government’s citation of internal debates or the manner and quality of resolution of red flags raises some interesting questions. If three officials argue to move forward with a third party and two disagree, can the company move forward or will DOJ/SEC cite the two opponents as evidence of an “unresolved” red flag? 

    How-to Avoid this Pitfall? 

    The company must fully document the debate and factors underlying the decision, including why any dissenting viewpoints were overruled.

    Third-party risk management will continue to be the focus of DOJ and SEC FCPA enforcement actions. Companies have to design their programs in response to this increasing scrutiny of third-party due diligence reviews.

  • Tone at the Top Is About Actions Not Words

    A company’s code of conduct should be a living document – one that is regularly updated and regularly visited by both leaders and employees to practice and embody the values of the organization. But at the end of the day, a code is just words. These words do not manifest into a strong corporate culture until senior leadership embeds its statutes into all their business practices. This modeled behavior is what influences the true culture of an organization. This is why we have the phrase “culture always wins.” If your code says one thing but your culture – driven by senior leaders – showcases another, it’s your culture that will define your organization for better or worse.

    So let’s talk about a few ways actions speak louder than words when it comes to tone at the top.

    1. There has to be accountability, and it has to be equal.

    Rules that are not enforced hold no value. Even worse are rules that are enforced for most, while exceptions are made for others – such as high-performing employees. An effective tone from the top, ensures the entire organization knows that the company is committed to its values and policies, and that there will be consequences for one and all alike if those standards are sidestepped.

    2. Your incident management process is key to driving a speak-up culture.

    As a CEO, senior leader, manager or compliance professional, your tone from the top starts with listening. Encouraging employees to raise their voices to report wrongdoing only gets you halfway to a speak-up culture. Employees need to be convinced that their voices are being heard. That only happens when employee reports are efficiently processed and resolved. An effective incident management process makes it easy and comfortable for employees to report. It provides regular updates to employee reporter so that they are not left wondering what is going to happen next or, worse, fear retaliation. And lastly, effective processes communicate back to employees what has changed, or the reason things are not changing. 

    3. Tone at the top need to connect through the middle.

    Individual contributors who excel in their jobs are often the ones who are made managers. But just because someone is good at their job, doesn’t mean they are good at managing. All managers, especially new managers, need to be trained on how to effectively support their ethics and compliance initiative. Middle managers are an organization’s cultural ambassadors. These are the people employees look to for answers every day, and they need to be equipped to provide those answers correctly and accurately day in and day out. 

  • 3 Ways to Get in Front of Conflicts of Interest

    Give Your Policies a Process

    Conflicts of interest have been a compliance concern for long enough that most organizations have the right policies in place. The processes that enforce those policies, however, need the same attention. Effective COI efforts include a process that identifies, manages and resolves conflicts.  Employees need to be trained on what constitutes a conflict of interest; disclosure channels need to be promoted so employees know where to report potential conflicts; and management needs to understand the correct protocols to resolve potential conflicts before they become actual or perceived conflicts.

    Be Transparent First and All at Once

    One form of conflict is a perceived conflict of interest. This is where an actual conflict may not exist; however, there appears to be a conflict from the perspective of the public, internal staff or shareholders. When dealing with a perceived conflict of interest, the only way to completely resolve the issue is with full transparency. This requires putting everything that may be of interest onto the table for all to see. Efforts of transparency need to happen all at once. If there is a steady drip of additional information, it will further turn perception and opinion against the parties involved.

    Get Familiar with Likely Conflicts

    Conflicts of interest have certain characteristics and tendencies. Train yourself to identify the subtleties of the more frequent conflict types and you will be more attuned to their various nuances.

    Consider the four below:

    1. Contracting with Former Employees

      Conflicts often surface when current business comes with a history. When that history includes a bias that may influence the current business, you may have a conflict. This often happens when third-party work is being performed by a former employee who previously managed the same third-party contract while at the organization.
    2. Related Party Business

      Relation between business parties sounds easy enough to identify, and it is when, say, an employee shares the same name as a business partner. There is a sharp increase in difficulty when this is not the case. So you must rely on disclosure. This means employees need to be made aware of the necessity of disclosure and the type of information that needs to be disclosed.
    3. Doing Business with Current Employees

      For most organizations, the rule is simple – don’t do outside business with internal employees. However that might not always have to be the rule. Employees may have outside business interests. It is not a conflict of interest to do outside business with a current employee simply because they are an employee. The conflict arises if the work is incompatible with the employee’s position within the company. You just must ensure there is fair competition when securing business, and that employee business interests are selected only if they are truly the best option.
    4. Qualifying Smaller Contracts

      Purchases with large price tags usually garner the type of oversight that eliminates any potential conflict. However, smaller contracts often require the discretion of fewer decision makers and therefore allow for more personal bias to creep in. Even though smaller purchases drive less financial exposure, poor oversight may still leave you vulnerable to risk. 
  • 5 Questions to Ask about Your Cyber Security

    The majority of cyber security breaches are caused by human error. That’s why creating a culture of cyber security is one of the most effective steps to ensure your organization prevents attacks. It’s much better than having to pick up the pieces after an attack.

    Use these five questions to get an idea of how your program will weather the storm in the current cyber climate.

    1. Does my team use their own phones, tablets or other electronics for work purposes?

    A better question might be: Does my organization have a BYOD (Bring Your Own Device) policy? If it does, you are one step closer. Next you have to make sure employees are aware of the policy and that its practices are enforced. One security breach on one device has the potential to affect your entire organization.

    2. Do my employees know what to do if they encounter a suspicious email?

    Phishing is getting more sophisticated every day. The rule of thumb is to think before you click. And when in doubt, ask. Ensure your employees know they are a critical link in your cyber attack prevention efforts and are ready to act if the time comes. Immediate internal reporting is an essential part of maintaining sound cyber security.

    3. Does my team stay on top of required security updates from IT?

    As we learned for the major WannaCry ransomware attack, a neglected patch update can cause disastrous effects to an organization. Putting off any type of security update request coming from your IT team puts devices and, therefore, your organization at risk. Reinforce with your team the need to act promptly when a security update is required.

    4. How often do we use web apps?

    There is an app for everything. Sometime the easy app choice is not the most secure choice. Get IT involved in your app decisions early on to verify the security of any application you plan to bring into your organization’s network.

    5. When was the last time you talked with your team about taking laptops on the road?

    Team members who travel or work offsite need extra reminders about keeping data safe and secure. Give periodic reminders about the need to be extra vigilant about preventing laptop theft, and using only secure Wi-Fi connections to access the network or confidential documents.

    Awareness is key to creating a culture of cyber security. Employees need to know that their behavior has a major impact on the security of the organization. And make sure you are setting a good example. 

  • Recognizing the New Face of Cyber Security

    All you have to do is scroll through your news feed to see a series of headlines reinforcing the need to protect your organization against cyber attacks. Cyber security can no longer be seen as just an issue that IT has to deal with, or just Compliance, Operations or Legal for that matter. Cyber security is an enterprise-wide risk involving all business units, all operational units, all your employees and all your key third parties. That being the case, it requires a cross-functional approach.

    Here are four things to know about the current issues of cyber security.

            1. Cyber Security is a People, Process and Technology Issue

    With the enterprise-wide risk that cyber security presents, it is essential that organizations develop cross-functional approaches. Key players such as IT, Security, Legal, Compliance, HR, Operations, Procurement or your supply chain need to be engaged. Also customer support is a function that many may not consider. However, if your network is compromised or customer data is compromised, you are going to need a way to communicate to your customers. Similarly, public relations and communications teams need to be able to articulate the company’s approach to cyber security and, should there be a breach, will be key in helping the company communicate what’s happening and what it is doing to respond to it.

           2. There Is More Surface Area than ever before to Protect

    The rise of mobile and other internet-connected devices is increasing the access points that organizations need to protect. Everything from checking our email to accessing our corporate networks to turning the lights on and off in our homes is being managed remotely and provides additional opportunities for bad actors to gain entry to corporate networks. With varying security controls on each access point and the increasing amount of sensitive information managed remotely, mobile habits are creating more surface area cyber security programs must protect. 

            3. Old Threats Are Manifesting Themselves in New Ways

    Consider ransomware: Stealing information has always been a threat, but now bad actors are holding this information until receiving a ransom, or threatening to share the information publicly if a ransom is not received. In some cases, the biggest threat is the complete destruction of information, or just as threatening, the manipulation or corruption of that data.

            4. Big Data Is a Big Responsibility

    With modern technology and the decreasing cost of storage, we have the ability to maintain inordinate amounts of data easily. But just because we can doesn’t mean that we should. Companies are not differentiating between data that is critical, sensitive and confidential from all the data that is not. The reality of our risk environment is such that there is a good chance that our data is being compromised in some way. Whether it is from careless employees, malicious insiders or bad actors outside our organizations, chances of a data breach happening is high. The key is to differentiate between what is really critical and what is not.

    We have to remain vigilant in our efforts against cyber risk. The protections that worked yesterday may not work today, and tomorrow might present an entirely new risk we never expected.  

  • Four Ways You Can Help Mitigate Rising Cyber Security Risks

    As former FBI Director James Comey stated, “There are only two types of companies when it comes to cyber security. Those that have been hacked and those that do not know they’ve been hacked.” With so many potential entry points to our company’s network (smart phones, tablets, laptops, etc.), the bottom line is that  cyber security risks have increased for all organizations, including ours.

    Understanding and Managing Our Cyber Security Risk

    As a manager, you have a responsibility to help protect our organization’s sensitive information—including personnel, financial and strategic data—to thwart potential risks.

    Consider taking the following steps to protect yourself, employees and our organization online:

    • Be sure your employees complete and understand the training provided by both our compliance department and IT/Information Security. Make sure your team is getting the information they need to effectively protect our organization from cyber security risks.
    • Teach employees how to spot phishing emails and report suspicious emails. When applicable, use case studies from real security breaches to highlight the importance of being vigilant when accessing websites, logging onto the network from other devices and clicking on links embedded in emails.
    • Understand your role in protecting your employees’ personal information. Do not work on compensation or other sensitive employee information on an unsecured network or on a device that does not have the appropriate encryption technology.
    • As always, be there to answer their questions. As is crucial for fostering a culture of compliance, support a speak-up culture by demonstrating that when your employees aren’t sure what to do, they know can talk to you. 

    Compliance with our technical guidelines does not automatically equate security. Even the most compliant organizations have or will experience a security breach at some point. But we should all be proactive about ways to deter, detect and remediate should a breach occur in our organization and your contributions are critical to that equation.

  • Are You Helping Create a Culture of Cyber Security?

    How confident are you that your team’s day-to-day business decisions will help us strengthen a culture of cyber security in our organization? If you’re not sure of the answer, read on!

    The majority of cyber security breaches are caused by human error. We need your help to keep cyber security top of mind. Ask yourself the following questions to determine the degree to which your team is helping our organization stay secure:  

    • Does my team using their own phones, tablets, flash drives, etc. at work? Reinforce the need to comply with our “bring your own device” policy—and the potential impact of even one security breach on our network.
    • Would my employees know what to do if they encountered something suspicious in their email in box? It only takes one click in a phishing email to create a system vulnerability or inadvertently download malware. The rule of thumb should be think before you click—and when in doubt, ask. Cyber criminals are using increasingly sophisticated methods to target employees and break in to system networks. Immediate internal reporting is an essential part of maintaining effective cyber security.
    • Does my team stay on top of required security updates from IT? Putting off security updates you’re requested to make by the IT team creates risk. Reinforce with your team the need to act promptly when a security update is required.  
    • How often do we use web apps? Using popular, online, web-based apps might seem like an easy choice—but they may not be the most secure choice. Check with IT before you say “yes” to a team member who wants to use a web app—or before using them yourself.
    • When is the last time I talked with my team about taking laptops on the road? Team members who travel or work off site need extra reminders about keeping data safe and secure. Give periodic reminders about the need to be extra vigilant about preventing laptop theft, and using only secure wi-fi connections to access the network or confidential documents.

    As with all aspects of ethical and compliant behavior, your team looks to you to determine which behaviors are acceptable and which are not. Remind employees that their behavior can have a major impact—and make sure you’re setting a good example.   

  • 4 Things You Wouldn’t Think Would Make Your Compliance Program More Efficient, But Actually Do

    As a compliance professional, and especially as a manager in the field, there is no lack of items on your to-do list vying for time and attention. One of the many talents of effective compliance professionals is the ability to do more with less – to create a work environment where you spend the most time on the things that matter most. Consider the four steps below to increase the efficiency of your program.

    1. Encourage Anonymous Reporters to follow up on Their Reports

    Research has consistently shown that seven out of 10 anonymous reporters are not following-up to their reports. This low rate makes it difficult for investigators to truly investigate a case, thus affecting the overall perceived effectiveness of the hotline/helpline program. Following-up allows investigators to pose questions that will give them additional information to the reported incident and may mean the difference between resolving a case or not. Further, these reporters are not learning whether their concern has been addressed. Both of these outcomes lead to time loss and frustration – both for reporters and investigators.

    Whether an anonymous report comes in through the web or hotline/helpline, the reporter is given a unique identification number as well as a PIN. It is important to remind the reporter to save these two numbers in a safe place. These unique identifiers will be the only way that they are able to follow-up on their report. Typically investigators will post any questions they have within ten days of opening their investigation. The responsibility then falls on the reporter to check in and respond to those questions. Encouraging your reporter to follow up, will help ensure the necessary information will be there when you need it.

    2. Err on the Side of Millennial-Type Learning Preferences

    The term “millennial” is the ubiquitous adjective describing anything from reading habits to the type of snacks stocked in the breakroom. And that’s for good reason. Millennials are a powerful force increasingly defining the modern workplace. However, when it comes to training, it is not about age, but about how individuals – regardless of their generation – engage with the content. Millennials are changing that too – for all of us. Growing up immersed in technology was once a defining trait of a learner; however, with the younger generation filling out more of the workforce, they are effectively influencing the way we all learn.

    The youngest two generations will comprise 70 percent of the global employee base within the next four year, and influence the way the workforce as a whole learns. Erring of the side of millennial-type learning preferences will ensure you are providing training content in the most consumable way to the largest portion of your workforce.

    3. Master the Executive Summary when It Come to Board Reporting

    Your executive summary should be short, and provide a high-level glimpse of the following program focus areas:

    • Communications
    • Training
    • Ethics Hotline/ Helpline Data
    • Investigations
    • Governance
    • Risk Assessment
    • Yearly Initiatives (for annual report only)

    Your executive summary should also highlight any resource challenges the compliance department may have which would need board support.

    4. Prevent Code Creep (Just Say “No”…sometimes)

    To remain effective, your Code of Conduct needs to function at a high level, be principle based and written in a way that is easy to read and use. This can be tough as your organization is full of subject matter experts, many of whom believe their material needs to be included in your organization’s Code. This is where a “no” to code creep, can be a “yes” to a more effective code (see what we did there?) Your Code of Conduct is your most important policy, but that doesn’t mean it needs to include all your policies. It shouldn’t really. Your code needs to be uniform and consistent so that employees can retain the most important information as well and search the document efficiently when necessary. The more detailed legal issues are best reserved for policies. Making the distinction between your communication tool, which is your Code, and the more in-depth policies which support it, will ultimately save you time. Employees will become more informed and the need for the compliance function to provide guidance will decrease as your Code becomes more effective.

  • Ethics & Compliance Engagement: Avoiding Cynicism and Staying Committed—Even When You’re Overwhelmed

    Burnout. Fatigue. Stress. When we feel overwhelmed by issues at work, engagement can be the first casualty. Cynicism can start to seep into our conversations, actions and interactions. When this happens, ethics and compliance requirements or issues might feel like just another box to check. After managers and their teams reach a critical point of disengagement with E&C initiatives, you may start to hear things like…

    • “Just take the online training as quickly as you can and get it over with. We’ve got more important things on our plate.”
    • “Don’t bother reporting that to HR—they’re not going to do anything anyway.”
    • “Right or wrong, that’s just the way things get done around here.”
    • “That policy is so unclear. Just do whatever you think is best.”
    • “We’ve always done it that way. I know it seems like a violation of procedure, but really it’s fine.”
    • “Running that through legal is going to be a nightmare. Just sign it. No one will care.”

    While these kinds of reactions may sound somewhat innocuous, they’re actually the seeds that can grow team-wide dismissal of ethics and compliance efforts. And a dismissive attitude can breed misconduct, unethical actions and a highly-damaging culture of cynicism.

    Our organization is fully committed to ensuring that every employee is empowered and equipped to make ethical decisions that are in line with our code of conduct and our core values. The only way to live out this commitment is to help individuals rethink what they say, what they do, and how they get things done through a lens of ethical decision-making.

    When E&C requirements are feeling burdensome, consider this: research shows that firms with excellent governance, risk and compliance practices generally have better:

    • Financial returns
    • Brand and reputation protection
    • Credit ratings and capital cost reduction
    • Advantages in mergers and acquisitions
    • Cultures, and employee retention and satisfaction

    So the next time you hear a team member express scorn for an ethics and compliance activity—or when you’re tempted to say something negative yourself—get back on the right track by reminding your team member and yourself of the benefits of fostering a culture of compliance, ethics and respect.  

    As always, we want to be a resource for you. Come to us with questions, ideas and issues you’re facing. If morale or engagement on your team is low, let us help you reduce compliance risks related to disengagement while we work together on strategies for addressing the root causes of the issues your team is facing. And remember, as a manager, you are in the very best position to set a tone for your team.

    What example will you set today? 

  • Has Your Compliance Risk Profile Changed?

    When’s the last time you took a few moments to do an ethics and compliance risk assessment on...yourself? Things in our organization can change quickly, including managers’ span of control, members of your team, which vendors we use and more. As your business partners, we in the ethics and compliance department want to be a resource for you when your exposure to ethics and compliance risk changes or expands.

    So take a moment and review this list: do any of these sound familiar?

    • Your span of control has increased, and you are now dealing with employees or third parties in countries you haven’t worked with before.
    • You’ve started working with a new internal team.
    • You’re dealing with fast-moving structural changes to your team or your department.
    • A new law or regulation has come into effect and you’re not sure what the implications might be for your team.
    • You have new team members from a generation or cultural heritage you’re not accustomed to working with.
    • You’ve recently been promoted to a management position, and wish you had a better grasp on ethics and compliance issues that might come up in your new role.
    • An employee brings a potential compliance violation to you and you aren’t sure how to respond.
    • You’re not entirely clear on how to apply one of our new or updated policies—or a longstanding policy that now applies to you more directly.

    Any and all of these issues (and many more like them!) can create new ethics and compliance challenges for managers. We want to remind you that you are not on your own! If you have questions about ethics and compliance concerns, we want to connect you with help. From one-on-one consultations, training resources and advice to setting up mentoring relationships with other managers within our organization, we are committed to equipping you for success. 

    Raising your hand when issues come up is a major part of owning ethics and compliance. There is no question too small to ask. Set an example for your team: “speak up” when you face new ethics and compliance challenges. Together, we’ll continue to build an ethical and compliant organizational culture we can all be proud of. 

  • Managing Generational Diversity in the Workforce—The Ethics and Compliance Perspective

    As a manager, you are no stranger to generational diversity in the workplace. With the influx of millennial workers, you are now managing employees from up to three or even four different generations. And the millennials that everyone is talking about will make up 50% of the workforce by 2020.

    So from an ethics and compliance perspective what does this mean for you as a manager? Here are three things to consider.

    1) Don’t make the mistake of doing things just for millennials or using loaded language (rife with generational or age based stereotypes). That’s a sure-fire way to get your efforts to backfire, and possibly end up being the subject of an age discrimination lawsuit. What you need to focus on is improving the ethics and compliance conversation for every worker, regardless of age. The more we get our employees talking about doing the right thing, the better we will become at recognizing what that is, and executing against it.

    2) Understand the needs of your evolving employee population. Research from the Ethics Resource Center concludes that workers between the ages of 19 and 29 are in a significant area of vulnerability in terms of unethical conduct.  So the younger you are the more likely you may be to make an ethical mistake. Ensure that all employees (including new employees) have access to ethics and compliance training, that they get to know key internal resources, and that you personally support a speak up culture that allows them to raise concerns and ask questions.

    3) Recognize and embrace the new more social and collaborative workplace. It’s not just about millennials; workplaces today are fast becoming a place where ideas can be openly discussed and challenged, information is more readily available to everyone and  learning happens more organically and informally. And it’s not just millennials that will benefit from these changes—all employees will see the positive impact.

    To support this trend consider your role in fostering that type of work environment for all your employees (regardless of generation) with these ideas:

    • Encourage peer-to-peer learning relating to ethics and compliance topics, creating opportunities for your team to maximize the benefit of each other’s’ experience and perspectives.
    • Invite the ethics and compliance department to come and talk with your department or team. The more familiar your team is with the organization’s values and objectives, the more aligned they are likely to become with them.
    • Identify ethics and compliance mentors on your team that can help employees work through challenging situations, and direct employees to the right internal resources if further guidance is needed.

    If you need additional help addressing these issues on your team, please contact HR, the ethics and compliance team, or our legal team. They can help you get to the root causes of an issue and, if necessary, get your team back on the right track.

  • Your Role in Ensuring Our Policies are Effective

    Maintaining policies is not the job of our ethics and compliance department alone. We all need to ensure that our policies are as effective as they can be—which requires that we work as a team. You are on the front lines with our employees and vendors every day, and may hear about issues with policies long before we do.

    Policies that miss the mark—for whatever reason—leave our organization open to risk. Ensuring that our employees and vendors adhere to our policies helps us avoid compliance failures before they occur. We hope you will reach out when you encounter any of the following issues with policies, so we can work together to make the policy more effective.

    Contact us when you encounter a policy that is…

    1) Difficult to Understand. Our ethics and compliance team is committed to making our policies understandable. If employees are struggling to understand the wording or meaning of part or all of a policy, we want to know. Our goal is to make sure our policies are easy to understand and follow. 

    2) Outdated. Our goal is to review all of our policies on a regular basis to ensure that they are up-to-date. However, between reviews, your help is invaluable. If you or someone on your team encounters a policy that is out of date for any reason, get in touch.

    3) Missing Information Related to New or Updated Laws and Regulations. Because of your area of expertise, you and your team may be the first to know about new laws or regulations that may impact our policies and procedures. If there is a new law or regulation your team knows of—or knows is coming—check with us to determine whether there needs to be a policy or procedure change made to address it.

    4) Culturally Insensitive. We strive to ensure that our policies are culturally sensitive. If we miss the mark, we want to know and address is right away. If you or a team member sees something in a policy that is potentially offensive or otherwise needs to be addressed, be in touch right away.

    5) Not Correct for (or Applicable to) a Particular Region or Location. Not every region or location is the same, and sometimes our policies must reflect those differences. If you notice something in a policy that doesn’t seem to apply to your location or your team members’ locations, let us know. We may have a specific version of a policy we can provide to you, or we may need to make a custom version of a policy to address the issue.

    And finally, contact us if there is an issue you think we should have a policy on, but do not. Gaps in policies are as risky as policies that do not meet our standards.

    Policies are the backbone of an organizational culture that supports a culture of ethics and respect. By working together, we can help ensure that our organization continues to be focused on fostering the kind of workplace we all want to be a part of.

  • Keeping Off-Site Employees Connected With Our Organization’s Mission and Values

    Employees who work outside of our normal workplaces—including those working at home or in other countries—present special challenges for managers. For instance, because they are physically separate, it can be easy to pay less attention to them and to assume everything is going well. It also can be harder to ensure their actions are consistent with our code of conduct and policies.

    However, nothing reinforces and nourishes our ethical culture more than the words and actions of the leader who employees interact with most often—you, their manager. As a manager of a remote employee or employees, you should make an extra effort to consistently: 

    • Reach out to your remote and overseas employees on a regular schedule. Regular communication is essential—and not just via email. Remember, the goal is to build a personal connection. Call and have a one-on-one chat, just as you would with onsite employees. If reaching overseas employees means getting up early in the morning or staying up late at night, do it—it will be all the more meaningful to the employee.
    • Listen to your remote and global employees. That sounds obvious, but it can be easy to discount the ideas or concerns of someone when you lack the connection that comes from being face-to-face. If remote or global employees feel they are not heard or valued, they will tune out.  Also, clearly and consistently reiterate that you want to hear from remote and global employees—and they should feel free to call you anytime.
    • Find ways to build messages about our values into conference calls and other communications with remote and global team members. You don’t have to have long discussions—two to three minutes each week or so will often have more impact than half an hour per quarter. Think along the lines of a “safety minute,”  a way many manufacturing and industrial companies start each meeting. 
    • Urge all team members, including remote and global employees, to speak up when they believe our code of conduct or policies are being violated. Remember that in some cultures, speaking up is not the norm. Sincere, frequent encouragement will demonstrate that you truly want to hear about potential problems as soon as possible. 
    • Praise—as often as possible—employee actions that reflect our values. Nothing works like positive reinforcement. Highlight remote and global employees whenever possible.

    Employees who work off-site can increase the risk of ethics and compliance violations. But that risk can be significantly mitigated by the tone you as a manager set—and your diligence in making meaningful connections with off-site employees can have a huge, positive impact on our corporate culture.

  • Taking the Fear Out of Change: A Manager’s Unique Role

    Change isn’t easy.  And yet, organizations must make changes all the time to stay ahead of business, cultural, regulatory and economic trends.

    As a best practice, organizational changes are usually well researched, timed effectively and communicated well in advance. Despite all the preparation that goes into planning and processing policy changes, a successful launch cannot take place without one key element—management’s support. 

    As a manager, you are the critical piece in helping employees understand and adapt to new processes. Here are three guidelines to keep in mind as you help your employees through change:

    1) Address Uncertainty.  It can often feel as though decisions that impact employees are being made at a distance.  To help your employees better understand process changes, and provide as much background information around the process change as you can.  As you talk through the changes, highlight process gaps and the impact those gaps presented for the business.  Additionally, provide feedback to organizational stakeholders on your team’s reactions, both positive and negative, to better help management refine the process and make your employees feel heard. 

    2) Choose the Best Possible Timing & Communication Channel for Sharing Information Related to Change. Do your best to know when changes will be communicated, especially ones you know will impact your team. As much as possible, try to seed in advance that a change in procedure or policy may be coming.  If the change must be communicated via email, be sure to cover it in your next staff meeting.  If it’s through a Town Hall or other meeting, gather your team after and take questions for follow-up.  If you’re responsible for communicating the change, consider the channel.  Is this something better addressed in a broader meeting?  One-on-one?  Is a written communication truly most appropriate, or would it be better as a follow-up to a verbal explanation?

    3) Keep the Lines of Communication Open.  The more people know—about how change will be coming, and when and how it will impact them—the better it will be accepted when it arrives.  Leadership plays a key role in managing employees' resistance to change, but you can help make the process easier for the people you manage. Communicating early and often about coming shifts can help impact how employees react and lessen the overall impact of the only real constant—change.  

  • Harassment: Stop It Before It Starts

    Many managers assume that harassment isn’t a big deal with their employees. But do you really know if harassment is an issue for your employees? Have you asked them? According to a 2015 survey, 48% of U.S. employees have either experienced or witnessed “abusive conduct” at work (27% have suffered abusive conduct at work; another 21% have witnessed it).

    As a manager, we are looking to you to help watch for and prevent harassment before it starts. A powerful prevention tool every manager has is the ability to talk with and listen to his or her employees. Some simple ideas you can use include:

    • Talk about respect and fair treatment at team meetings – you don’t have to over do it, just weave a couple minutes into a team meeting once a month.
    • Reward/recognize employees who do the right thing by speaking up or who contribute to creating a respectful culture.
    • Let employees take the initiative and share thoughts about how to improve the workplace culture.
    • Talk with employees one-on-one and ask them whether they think harassment is an issue in the work group and the organization.

    You’re probably reading that last suggestion with doubt. Instead of literally asking them, have a conversation with each employee every quarter (or so) about how things are going in general. Ask them:

    • How are you doing?
    • Are you enjoying your work?
    • How are the team dynamics – and are there any issues or concerns?
    • Have you seen or experienced anything that goes against our value of treating others with respect?

    You need to be genuinely interested in hearing your employees’ responses and willing to take action; if you aren’t, asking questions will backfire.  Inaction in the face of problems can result in employee morale issues, resentment and – worse yet – potential legal liability.

    Remember, your silence sends a strong message to your employees – “I don’t really want to hear about it.” Talking about your expectations makes the statement that harassment won’t be tolerated. So, as this year begins, take a different approach. Start a productive dialogue with your employees and aim to improve the culture where you work.

  • Educated Managers and Supervisors are Our Best Defense Against Retaliation

    As a manager or supervisor you are the first line of defense in preventing retaliation. All too often, managers and supervisors at some companies get this wrong: we want to make sure we get it right.

    Managers and Supervisors are Critical to Anti-Retaliation Efforts

    Training and awareness of how to spot retaliation—as well as knowing how to prevent it—are crucial for all organizations. As a manager or supervisor you need to know how to receive and handle reports without retaliating, and how to spot and halt any retaliation you may observe.

    Respondents to the Ethics Resource Center’s 2013 National Business Ethics Survey (“ERCBES”) indicated that employees initially report issues to their managers or supervisors over 60% of the time. However, if employees perceive that their “reward” for internal reporting of non-compliance will be retaliation, they are much less likely to report issues of concern to their manager. They may also potentially avoid internal reporting altogether and go directly to a regulator or to the media. In these cases the company is denied the first opportunity to fix the problem.

    The ERCBES statistics also showed that 21% of respondents reported being retaliated against for reporting misconduct. We must strive to ensure that this statistic does not apply to the way our organization handles reports of compliance failure.

    How can we significantly reduce the instances and perception of retaliation in our company?

    Managers and supervisors have a crucial role to play in identifying and eliminating retaliation. Key steps to take include:

    1. Understand What “Retaliation” Means

    To get a full understanding of our company’s views on retaliation, be sure to read our Code of Conduct and policies on retaliation. In the past, retaliation generally took the form of a manager firing an employee for reporting them for a compliance failure. However, there are often many more subtle ways of retaliating such as:

    • Giving an unmerited negative performance review
    • Assigning the reporter a less attractive sales territory
    • Taking away the reporter’s overtime opportunities
    • “Disinviting” the reporter to routine meetings

    These kinds of behaviors are considered retaliation, and are unacceptable.

    2. Support our “Open Door” Policy

    Communicate to your employees how important it is to you and to the company that they feel free to come to you and discuss any violations. Make sure they know that if they do report to you in good faith, the report will be properly handled and there will be no retaliation by you, even if you are named or involved in the alleged violation.

    Make sure you say thank you to the employee for coming forward and reporting the issue, and assure them that retaliation is not acceptable and violates company policy.

    Additionally, effectively using the “Open Door” policy is part of your higher fiduciary responsibility as a manager and supervisor.

    3. Be on the Lookout for Peer-to-Peer Retaliation

    In addition to retaliation by a manger or supervisor, the next most likely source of retaliation can be the reporter’s peers. Non-management employees may believe that a peer reporter “sold them out” or got their work group or favorite boss in trouble. This peer response can unleash the most subtle retaliation, often to devastating effect.

    As a manager, you have a duty to be on the lookout for this peer-to-peer retaliation and put a stop to any action which might be perceived as retaliation.

    4. Follow and Document Good Processes

    To demonstrate fairness, make sure that any issue resolution follows a consistent and well-established process which includes:

    • Maintaining confidentiality
    • Promptly conducting an appropriately thorough investigation
    • Documenting the process
    • Involving legal and HR departments in the process early

    We need to do everything possible to identify and eliminate all forms of retaliation so that our employees are comfortable knowing that they can and should report issues of noncompliance to our managers.

  • Culture Building: Your Critical Role as a Manager

    You may have heard the term “tone in the middle” and its importance in creating a culture of integrity. But why is it important? And what exactly does a middle manager, squeezed between the frontline and the top tier, need to do to create the right tone?

    Why It’s Important

    Employees take their cues from you. If something is a priority to you, it’s a priority to them. As their leader, employees look at your attitudes and actions to answer the questions, “What’s really important around here?” and “How do we really do things in this organization?” The way the workforce thinks, behaves and works is the very definition of corporate culture. And your behavior is a key factor in shaping the culture.

    Intentionally building a culture that has a reputation for ethics and integrity is hugely important for many reasons. But one of the most compelling is that research has shown that ethical companies are more financially successful than others. In the recent Institute of Business Ethics report “Does Business Ethics Pay?” research revealed that ethical companies succeed due to higher productivity, more loyalty from customers and investors, the ability to attract and keep the best employees, and increased trust and improved collaboration with business partners.  

    What You Can Do to Create the Right Tone

    While building an ethical organizational culture may feel like an enormous responsibility, it is a natural outcome of good management. It is also a primary goal of an effective ethics and compliance program, in which you already play a part. There are several things you can do to set the right tone and actively support the compliance program:

    • Be intentional about the messages you send: Be aware of your words, your actions and your underlying attitudes. Saying or doing something that sends the wrong message, such as “Do whatever it takes to get that done,” or laughing at an off-color joke speaks volumes about the location of integrity on the priority list.
    • Play a role in education: When it comes to compliance training, what is your attitude? You can support the initiative by explaining to the staff why it is important and take the training yourself. Periodically, bring in a news clipping or pick a code of conduct topic to discuss in a group meeting that is relevant to the risks the employees face.  Model the use of the code and policies when helping an employee answer an ethics or compliance question. All of these actions set the tone about the importance of the ethics and compliance program.
    • Manage trust: This means addressing wrongdoing appropriately and with consistency. Protect confidential information and avoid favoritism. Keep your promises; tell the truth; be respectful. Cooperate fully with investigations. All these behaviors build trust in you and in the system. Employees view the organization’s commitment to integrity through the lens of how they are treated. Your trustworthiness tells employees if that commitment is real or not.
    • Respond to problems: Asking questions and raising concerns is an important compliance activity. As a supervisor, you are the top resource employees turn to with workplace questions and issues. Your key responsibilities in this role include being available to employees and listening objectively to their issues. Equally important is your duty to handle issues properly and promptly. Never forget to close the loop with the person who raised the concern. Your approach has the power to encourage employees to come to you with important issues or shut down the process.
    • Be vigilant: Monitor your work group for signs of potential problems, such as increased employee absenteeism and turnover, poor morale, a decrease in number of voiced questions and concerns and decreased productivity. You may need to ask for help to dive into the causes behind these changes in employee behavior.
    • Use your resources:  If you need any assistance to properly address an employee question or concern or in handling signs of misconduct, reach out to any of the resources provided by the organization—including legal, human resources or your own manager.


    As a manager, you play a pivotal role in building and sustaining our culture of integrity. Part of that role is supporting our ethics and compliance program. The outcome of your efforts will be a happier and more productive workforce and the increased economic success of our organization.

  • Recognizing & Curbing Workplace Harassment: What it is, Where it Happens, and What to Do

    The effects of harassment on employees and within an organization can be devastating. Unchecked harassment can erode trust, weaken goodwill and undermine productivity, as well as put our organization at legal and financial risk. The good news is that managers can help us maintain a positive workplace environment in which everyone has the opportunity to thrive. Here are four ways you can help prevent and stop harassing behavior in your organization:

    1) Recognize Harassing Behavior When You See It
    Harassment typically takes one of three forms:

    Verbal Harassment: Sexually explicit or derogatory jokes, innuendo, name-calling, insults, comments or other verbal behavior based on a person’s race, gender, religion, national origin, or other characteristic protected by law or our policies.

    Physical Harassment: Inappropriate physical conduct, including unwanted touching or gestures. While physical harassment most often is based on sex, it can relate to any protected characteristic, including religion and disability.

    Visual Harassment: Any visual material, including posters, calendars, screen savers, web pages, comics, personal photos—even tattoos—that is sexually explicit or derogatory of a protected characteristic.

    2) Address the Behavior Right Away

    As an employer, we have a duty to protect all of our employees from harassment and discrimination. As part of that, you have a “duty to act” whenever you become aware of potential harassment—regardless of how you learn of it.

    If you see or overhear behaviors that are potentially harassing, the best option is to address it right then, on the spot. You do not need to scold the person or be aggressive, but you do need to point out that their behavior is inappropriate and stop it. Then email HR to let them know what happened and how you dealt with it.

    If an employee tells you about potentially harassing behavior, assure them that the matter will be taken seriously and will be kept as private as possible. Thank them for coming to you, then reach out to HR and share the employee’s concern.

    If an employee asks you not to tell anyone, including HR, what they have told you, explain that you have a duty to alert HR. If they are suffering such behaviors, others might also. You can offer to keep their complaint as anonymous.

    Remember, doing nothing is never an acceptable option. When in doubt, at a bare minimum, reach out to HR or the compliance team for guidance.

    3) Know Where Our Policies Apply

    Our anti-harassment policies apply in any work-related setting—not just at daily work sites.

    Company picnics and holiday parties, client sites, conferences, and business meals all typically are “work-related settings,” so your duty to address harassing behaviors applies in those settings as well.

    We are not responsible for our employees’ purely personal, non-job-related behavior (thank goodness!). However, if one employee complains that another employee has harassed him or her off the job, we should take steps to ensure that the behavior does not continue at work.

    4) Lead by Example

    Your behavior sets the tone for the workplace. Always be respectful and professional and your team is very likely to follow suit.  If you have any doubt, before you act, ask yourself whether you would be comfortable if your behavior were recorded with a smartphone and then posted to the internet, with a link sent to our senior leadership. If not, the behavior does not belong in the workplace!

  • You’ve Received an Allegation of Misconduct—Now What?

    Most executives in management positions are problem solvers. Generally, this is a good thing! But when it comes to handling allegations of workplace misconduct, the urge to proactively “problem solve” can have extremely negative consequences.  

    When a manager acts independently to investigate alleged misconduct—that is, without first coordinating with legal, compliance and/or human resource departments—they may inadvertently be violating a variety of laws. And even if their informal investigation does not violate any laws, they could be undermining the success of any subsequent “official” investigation.

    As a manager, you don’t need to know the details of case law or the names of the underlying statutes that protect employees. But you do need to know what to do—and not do— when you become aware of an allegation. Below are guidelines to follow when you receive an allegation:


    • Don’t promise complete confidentiality to an employee who reports a concern to you. There may well be a need—either under the law or your organization’s policies and procedures—to alert others within the organization to the concern. Many times, this is not only to protect the employee raising the concern but also to protect others in the workplace. Failure to tell HR, legal, or compliance teams about it might result in further harm to the reporter and/or to others. At most, tell the reporting employee that you will keep the matter as private as possible, but may need to alert others in the organization.
    • Don’t start your own investigation, including interviewing witnesses, checking email, or searching the workplace. Interviews and electronic or physical searches may well violate an employee’s right to privacy. The laws relating to privacy are complicated and sometimes counterintuitive. Never conduct a workplace search without prior approval from your legal team.
    • Don’t assume you know what’s really going on. It’s all too easy for managers to assume, based on prior experience, that they know whether or not an allegation is true. Sometimes we think we’ve “seen it all before” view a person as a “complainer” who is simply seeking attention. Assumptions like these are big mistakes. Treat every allegation impartially and with an open mind.
    • Don’t share the details of an allegation with anyone unless they have a legitimate need to know. This can be difficult—it can be hard not to share “juicy” information.  But don’t do it.


    • Do secure evidence that might be destroyed before an investigator can get ahold of it. While it may not be appropriate to review documents or images stored on an employee’s work laptop, you generally will be able to retrieve the laptop and give it to your legal or security team.
    • Do check with your compliance, HR or legal teams if you have any doubts about what you should or should not do. Let them make the hard decisions. You can then help follow through as needed.

    Giving your employees confidence that workplace investigations will be handled well—and doing your best to follow the law, as well as your organization’s guidelines for investigations—is a critical part of helping your organization strengthen its culture of ethics and respect.  

  • Compliance Training: Your Managerial Responsibilities

    From time to time you’ve received announcements about upcoming ethics and compliance training. In the past, questions have been raised about what exactly managers are responsible for doing with their teams as training rolls out. Bottom line, you need to touch base with your employees to remind them of their obligation and ensure that time is scheduled so that everyone can complete the training on time. But there’s more. Besides making sure each person on your team completes the course by the deadline, here are some ways that you can help support these important initiatives:

    • Make the time to attend training sessions yourself. Attend live training sessions; not as a moderator or an observer, but as a participant. Nothing says “we’re all in this together” more than actually being there. If training is online, be the first to complete it and talk about the topics relevant to your work group.
    • Create your talk track. All managers should have thirty second responses that are ready-to-go when an employee asks why they need to attend the training or why the company is putting such effort into ethics and compliance.
    • Watch the non-verbal (and verbal) cues you send. Sometimes an eye roll or a shrug from you, or saying “I guess we have to do training again,” is all that’s needed to undermine an ethics & compliance initiative. You are likely more powerful and influential than you know.
    • Be selective and act as an advocate for your employees. You know your employees and the issues they face better than anyone. Work with your compliance officer to ensure that the most relevant training is available. And don’t be shy about pushing back if you feel a training requirement is out-of-sync with employee needs. Though there may be a good reason why it’s required, it’s important that the compliance officer understands your concerns.
    • Take it seriously and get with the program. Capitalize on communications from the compliance department. You have the responsibility to make those messages real and relevant for your staff. Your employees can tell a phony from a mile away. If your heart’s not in it, they’ll know.
    • Seal the deal. After the training is over, a follow-up question or comment from you can help seal the deal and reinforce the training. A simple comment can make all the difference: “You know I wasn’t sure what to expect from the training, but it raised some interesting questions. Don’t you think?” Then take a few minutes in a staff meeting to review one or two of the topics and discuss how they apply in your work group.
    • Try quick reinforcement.  Some organizations have “safety moments” where every meeting begins with a sentence or two about safety. Consider starting staff meetings with a similar “ethics moment” addressing a topic in the code of conduct.
    • Don’t be a stranger. Compliance officers too often become isolated in organizations. Having a compliance officer who knows you, your business and your concerns can be a real asset. Make the first move. Why not offer to take your compliance officer out to lunch? How about inviting a member of the ethics and compliance staff to talk about a compliance topic important in your work area? Let your staff know the topic in advance and ask them to be ready with questions. It could pay dividends in next years’ training.

    Remember, employees want to know that you support the training before they embrace it. Every time you do or say something that supports the program, it opens their minds to it. Ultimately, what employees learn and internalize from the training helps protect our organization.

  • Let’s Talk Policies: Access and Education Make the Difference

    One of your subordinates comes to you to ask if she is permitted to keep a gift from a customer. How do you know you are giving her the right answer? You certified that you read  our code of conduct and our gifts and entertainment policies but, with everything you are asked to keep track of, how accurate is your memory? 

    Our policies (including our code of conduct) are important tools for managing the business risks they address. They set the behavioral standards for all our staff members, but they are only good controls if employees consult the policies when faced with a pertinent issue, and act according to the guidance. As a manager, you have two important responsibilities related to our organization’s policies–ensuring access and use.


    Does your staff know where to find our policies and how to use them? You and your staff are responsible for complying with all company policies, and being able to access them when necessary is the first step. Here are some tips to help:

    • Make sure employees know where our policies are stored and how to access them. And don’t just tell them. You need to show them.
    • If you see that a policy is dated three or more years ago, tell the person responsible for maintaining it (or ask your boss or the compliance department, if you do not know who is responsible). Ask your employees to do the same. Outdated policies can get us into trouble just as fast as no policy at all.
    • If you think our policies should be organized in a better way to enable access and use, let the compliance department know, because poor accessibility is an organizational risk.  Controls do no good if you cannot get to  them when needed.


    One reason employees do the wrong thing is because of a lack of awareness and/or full understanding of our policy or procedure. As a manager, it falls to you to make sure they understand the types of risks and problems they may face in their jobs and how they are expected to behave.  That means they need education on  where to find the related policies, but also on how to apply the standards. Consider these ideas for educating your staff:

    • When employees bring issues or concerns to your attention, first consult all the relevant policies and/or procedures together with the employee so that your staff gets used to consulting policies first for guidance.
    • If you have an electronic policy management system, demonstrate its features to your staff. You may be able to link to training, the code of conduct and other supporting documents straight from the policies.
    • During staff meetings, bring up a business risk your employees are likely to encounter. Give them a potential scenario and ask how they would handle it. This is a perfect time to show them the related policy and explain the parts that apply to the scenario.

    Employees generally want to do the right thing. It is part of your job to make sure they have access to and know how to use all  the important tools that are available to support their efforts. Our organization’s policies and procedures are some of those tools and should be referenced and brought forward to encourage continued use. This helps to protect our stakeholders, our coworkers and our organization.

  • The Third Party Link with Our Compliance Program

    Like all great companies, we focus on ensuring that we have an effective compliance program. While our primary focus is on what we and our employees need to do to ensure compliance, we cannot stop there. Whether we like it or not, our employees are only one element of the compliance equation. We also have many critical partnerships with agents, contractors or other third parties. As a result, it is necessary for us to also focus on the qualifications and actions of our current and proposed third parties.

    Use of Third Parties May Elevate Our Risks of Bribery and Corruption

    The third parties we engage can have a significant impact on both our reputation and bottom line. While our supply chain has always focused on the qualifications and actions of our third parties with respect to quality and services, we also have to be sure that we focus on bribery and corruption risks. 

    In fact, in the U.S., over 90 percent of all FCPA bribery and corruption actions in the last few years have involved the actions of third parties. Among other issues, these cases have involved: use of illegal payments to obtain licenses or permits; bribes to ensure successful awarding of contracts; or payments, trips or scholarships to relatives of government officials to gain access to decision makers of state controlled companies.

    What Steps Can We Take to Lower Our Third Party Risks?

    If you work with or engage third parties:

    • Make sure you know and follow our policy about the engagement and use of third parties
      • Do not engage any third party without a reasonable business rationale
      • Ensure that no third party is engaged outside of our policy guidelines
    • Complete due diligence on every third party
      • Complete the appropriate level of due diligence for the third party’s risk
        • Does not have to be the same for every third party
        • However, within the same risk level is must be consistently applied
      • Complete the activity before any contract (afterward, it may be too late)
      • Regularly update the due diligence and monitor or audit compliance
      • Follow our record retention policy about documenting the due diligence and the results

    Communicate our Compliance Policy and Expectations to Third Parties

    We cannot just assume that third parties understand our expectations about what constitutes compliant behavior in accordance with our code of conduct or third party policy. Best practices require us to take steps to communicate these to our third parties and confirm that we are comfortable they have had training on the risks.

    What Are the Third Party Red Flags We Need to Watch Out For?

    Some third party relationships may send up obvious—or more subtle—indicators that the organization is not being engaged for legitimate business purposes. Some of the red flags may relate to commercial bribes and others may be more related to the bribery of government officials. Both elements of bribery violate our code and must be prevented. Look for things such as:

    • Third parties conducting business in a country with a poor corruption index or history of corruption
    • Guarantees of close personal relationships between third parties and government officials
    • Conducting business in countries with high levels of state ownership or control of businesses
    • Unusually high levels of cash or miscellaneous payments
    • Payments made to third parties which are unusually large and not properly or well documented
    • Poor reputation or credentials of any agents or third parties and any unwillingness to provide anti-bribery certifications or audit rights
    • Elaborate gifts, travel  and entertainment expected as part of doing business

    Trust but Verify

    Third parties are critical partners of ours and this communication is not meant to suggest that third parties are not trust worthy or are all willing to pay bribes. Their role in the success of our company’s strategic goals cannot be denied. Nevertheless, we must continue to exercise reasonable due diligence, oversight, training, monitoring and auditing of our third parties to ensure that they do nothing to harm our company’s reputation. “Trust but verify” perfectly sums up our relationship with third parties. Third parties with nothing to hide should not fear a strong, effective compliance program like ours.

  • Encouraging the Anonymous Reporter to Follow-up

    Our company offers employees a number of avenues to raise questions or concerns. You, as a manager, are a primary resource for your team members. An alternate resource is our company’s hotline/helpline that employees can use to report either anonymously or offer their name and contact information. We do not discourage anonymous reporting and, as managers, it is important to respect this option. We do ask, however, that those who report anonymously remain engaged in the process by following up on their reports.

    The Majority of Anonymous Reporters Don't Follow Up on Their Reports

    Research has consistently shown that seven out of ten anonymous reporters are not following-up to their reports.  This low rate makes it difficult for investigators to truly investigate a case, thus affecting the overall perceived effectiveness of the hotline/helpline program. Following-up allows investigators to pose questions that will give them additional information to the reported incident and may mean the difference between resolving a case or not. Further, these reporters are not learning whether their concern has been addressed. Both of these outcomes lead to frustration – both for reporters and investigators.

    Explaining the Process to Your Team

    Whether an anonymous report comes in through the web or hotline/helpline, the reporter is given a unique identification number as well as a PIN.  It is important that the reporter save these two numbers in a safe place. These unique identifiers will be the only way that they are able to follow-up to their report. Typically investigators will post any questions they have within ten days of opening their investigation. The responsibility then falls on the reporter to check in and respond to those questions. 

    Periodically Remind Your Team of the Importance of Reporting All Misconduct

    The company has incorporated processes during the initial intake of a report designed to increase awareness of the importance of following-up. However, we need your support in reminding and encouraging all employees who report to you to stay engaged in the process and see it through. You can do this in a group or staff meeting as part of a discussion of the overall hotline/helpline process. If you need additional information about our processes you can contact the ethics office and we will be happy to assist.

    We encourage all managers to embrace their role in developing the culture surrounding the use of a hotline/helpline and all of our reporting options. Consistent and positive encouragement can increase the effectiveness of these processes and help us all benefit by creating a stronger organizational culture.

  • Making the Most of Our Code of Conduct

    As you know, the company has a number of ethics and compliance resources in place to ensure that everyone understands our expectations and standards. These resources include training modules, our hotline and our Code of Conduct.

    The code of ethics may be the most underutilized resource that we have. It is an excellent summary of our ethics and compliance standards, and it includes information about what we need to do to report problems and ask questions. And yet, for the most part, employees only refer to the code once a year during the annual certification process.

    Everyone is busy, but if we aren’t proactive about ethics it can fall between the cracks. As a manager, you have a critical role to play in ensuring that employees and our business partners are clear on what they need to know and do when it comes to ethics and compliance. The more we discuss ethics and compliance, the more we make it clear that it is a priority for us, and that can go a long way to protect our company’s reputation and good name.

    With this in mind, here are some tips for how you can make the most of our code to help deliver important messages about our commitment to ethics. 

    • Leave a copy of the code in a prominent, visible place in your own work area. This is easy to do and can be a good first step to raising awareness about the code. Also, arrange to have printed copies of the code available in common areas and restock when necessary. Though many of our resources are online, don’t underestimate the value of physical printed copies.
    • Whenever you can, in team meetings and discussions with employees, refer to the code of ethics - especially to specific content. The more you’re seen using it, the more others will understand that it is a tool for them to use as well.
    • Employees know that you understand their working conditions and the problems they face. They’ll trust you to help them apply our code and policies and focus on what’s important to them. Be selective. Draw their attention to topics in the code that apply to their work.
    • When an employee comes to you with a concern, use the code. The code can help focus the discussion by helping to identify the specific concern and possible next steps. With the help of the code, you may be able to help turn a general question about fairness to a more specific and actionable concern. For instance, it may be that what the employee really has in mind is time charging: “I am concerned that others aren’t being held accountable and if we record time in this way, it won’t be in accordance with company policy.” Once the specific concern is identified, if necessary use the code to determine how best to escalate the issue as needed.
    • Remember: our code of ethics is not just a resource for employees; it also is intended for our business partners and even the public. We want others to know about our commitment to ethics and compliance. Refer to the code and our standards when meeting with contractors and suppliers. If you meet with prospective employees or do public presentations representing the company explore how you might be able to leverage the code in your presentations.

    And finally, we are continually gathering information about how to improve all of our ethics and compliance resources, including our code. We count on you to provide us with suggestions for how the code can be improved. What comments, praises or concerns are you hearing? Are there topics or risk areas that should be included or expanded in the next revision of the code? Have you seen other companies’ codes that you feel are more effective or user-friendly than ours?  

  • Ethics and Compliance Investigations

    As a manager, you may have questions about the role you should play when there has been an allegation that our policies or our Code has been violated.  The answer falls into three main buckets:

    1)      When you are the person accused :

    It is natural for managers accused of wrongdoing to be angry and frustrated. However, whatever the underlying facts may be, it’s important to realize that being accused “comes with the territory” of being a manager.  Sometimes employees think a manager has done something wrong when, in fact, they have not. Other times various workplace dynamics may be in play.  We understand that this is often the situation. To help us resolve the issue, here are some suggestions:

    • Don’t let your anger lead you to retaliate. While you may feel wronged and personally hurt, don’t take any negative action toward the person who raised the issue—or anyone you simply suspect of doing so. Retaliation is itself a serious violation of our policies, and will lead to discipline, even if the underlying accusation turns out to be unfounded.
    • Don’t try to give “input” or share your “viewpoint” with potential witnesses in the investigation. Even innocent inquiries can seem like pressure when they come from a manager. The best course of action is to avoid discussing the matter with anyone other than the investigator and anyone else with a legitimate “need to know.”
    • Do cooperate fully in the investigation. Share what you know. Be open and provide information requested by the investigator, even if you’re not sure why it could be important.
    • Do trust the process. The investigator’s job is to determine what happened, not to pursue an agenda against you or anyone else.

    2)      When you are not the person accused:

    Managers who learn that an investigation is being conducted in their business unit often worry that the outcome may reflect poorly on them. Other times, the manager may want to try to “solve the problem,” and address the underlying behavior themselves. While these are common reactions, it’s imperative that you let the investigation run its course:

    • Avoid the temptation to look into the matter yourself. While you may see your efforts as helping, they can undermine the investigation by alerting witnesses to what is coming or by tainting evidence. 
    • Maintain confidentiality. The investigator may need to share certain information with you. It may be tempting to share such information, but you must not. 
    • Assist the investigator if requested. The investigator may request your insight, your help setting up interviews or for you to monitor a given person or situation. Help as asked — and don’t be afraid to ask for clarification if the request is unclear.

    3)      If you learn of a potential violation of our policies or Code:

    Sometimes you may be the person that has alerted us of a potential problem. Remember, we need to know about all potential violations as soon as possible. Alert us to any potential violations, even if:

    • You do not supervise the person or people involved.
    • You did not receive a complaint, but simply learned of the potential problem indirectly, such as by overhearing others talking about it.
    • You are not sure whether the conduct does, in fact, amount to a violation. It’s far better to raise it than keep it to yourself.

    Our goal is to surface problems and resolve them as quickly and fairly as possible. This can’t be done without your support and cooperation.   

  • 4 Common Mistakes in the Hiring Process and How to Avoid Them

    Most hiring managers understand that they should avoid questions related to a candidate’s national origin, citizenship, age, marital status, disabilities, other protected characteristics, as well as arrest record, during the interview process. But is it okay to research a candidate’s social media profiles? What seemingly harmless conversation topics might create legal or ethical issues or risk?

    Follow these four guidelines to make sure your hiring processes are legal, fair and responsible—and help you identify the best candidates.

    1) Be Prepared

    The importance of being prepared would seem obvious, but many managers enter interviews without sufficient preparation. Plan your interviews ahead of time. When you’re equipped with questions that focus on the knowledge, skills and abilities needed for success, you’ll be more likely to identify great candidates—and less likely to veer into risky territory. Uncertain about whether a question is acceptable? Check with our HR or compliance department in advance.

    2) Don’t Conduct Your Own Internet Research on Candidates

    Researching a candidate online is not unlawful. Indeed, many companies do credit checks, criminal background checks and social media research during the hiring process. But looking up this kind of information on your own can create risk.

    First, you might come across information, such as photos that you feel indicate “poor judgment,” that leads you to reject a candidate. Likewise, you might find a reason to prefer a candidate, such a political causes or affiliations. The risk is that in such situations, you may substitute your personal biases for the values of our organization. It also could lead you to select someone who is not, in fact, the strongest candidate for the role. And, of course, if the reason you select or reject a candidate is based on a protected characteristic, you may be violating the law and our non-discrimination policy—clearly, a bad thing.

    Second, depending on how you conduct your research and what you find, you might be violating the law. For instance, some states prohibit an employer from asking for a candidate’s username and passwords for social media accounts. Gaining access to restricted (private) pages through “pretext”—for example, by asking a candidate to “friend” you, by posing as someone you are not, or by asking someone else to do so—also can raise legal and ethical issues.

    As a result, the best course of action is to:

    • Avoid doing background research on candidates—leave that up to the HR department.
    • If you believe researching a candidate would be helpful, reach out to HR or Compliance first.
      • Work with HR or Compliance to identify exactly what you will look for, how the search will be conducted, and who will do it.
      • Perform the same searches for each candidate. Singling certain candidates out can appear to be discriminatory.
      • Share the information uncovered by the searches with those involved in the selection process, and let the organization make the decision of how to use it.

    If the organization will be using background checks or social media research in the hiring process, inform each candidate so that she/he can plan accordingly.

    3) Don’t Make Promises About Jobs, Visas or Sponsorships

    Candidates will view you as speaking on behalf of the organization. As a result, any inaccurate statement you make to a candidate—even if you thought it was true—can be problematic, and, depending on what you say, might even create a legal problem. When it comes to questions about relocation payments, visa sponsorships, benefits information, etc., suggest that the candidate follow up with HR who are the resident experts and will be able to give the best answer.

    4) Follow Our Standard Processes for Recruiting and Hiring

    There’s a good reason we have these policies and procedures in place. If you aren’t familiar with our hiring policies, or if anyone in your department needs a refresher, talk to the compliance, HR, or recruiting team. Seeking help from experts is a sign of intelligence, not weakness!

  • 9 Tips for Addressing Employee Cynicism about Ethics & Compliance Head On

    Eye rolls. Chuckles. Silence.

    It’s easy to recognize signs of employee cynicism when it comes to ethics and compliance (E&C) activities. What’s harder to accept is that employee cynicism signals disbelief that the organization is seriously committed to a culture of integrity. Unchecked, cynicism can lead to higher risk of misconduct—ultimately the company’s reputation and bottom line.

    What Should You Do about It? 

    1. Role Model Appropriately
    Often, leaders don’t realize the impact their behavior can have on shaping organizational culture. An offhand remark or a dismissive attitude can speak volumes. Be personally committed to modeling behavior that supports an ethical culture, even when you think no one will know.

    2. Hold Yourself and Others Accountable
    Demonstrate consistent accountability. If top producers and leaders experience the same types of corrective action for misconduct as everyone else, word will get around.

    3. Make E&C Real for Your Employees
    Nothing frustrates employees more than training, emails, surveys and meetings that are not relevant to their work or are perceived to be unnecessary. Discuss E&C situations that your employees can relate to.

    4. Bring E&C Topics into Everyday Communication
    Your E&C program is not an add-on to the business—it defines how employees should work every day. Make a habit of talking about E&C as a regular part of work discussion. For example, introduce brief “safety moments” in staff meetings to discuss what employees should know about working safely. Or try an “ethics moment” to discuss doing the right things in situations that can really occur in their jobs.

    5. Regularly Communicate Expected Standards and Conduct
    E&C tools help us do what is expected and appropriate at work. We may think we know it all, but we need reminders. Repetition of E&C concepts is important so that we can recall the information we need at the moment we need it.

    6. Emphasize the Importance of Speaking Up
    Employees speak up when there’s something broken in the workplace. Why not speak up if there’s a question about conduct that could derail the organization? Employees protect their own company—and jobs—by reporting concerns.

    7. Demystify the Reporting Process
    Let employees know the different methods they can use to ask a question or report a concern. It’s especially important to explain what to expect after making a report. 

    8. Address Concerns about Reporting
    Fear of retaliation can prevent people from speaking up. Help employees understand that retaliation won’t be tolerated. Explain what they can do in case they feel they are experiencing retaliation. Another inhibitor can be the belief that nothing will be done with their report. Here it is critical to model your own commitment to action and to closing the loop with the reporting employee once action is taken.

    9. Be Available
    As a manager, be available to your employees and third-parties in case they want to report or have questions. And don’t just say it. Do it. 

  • Are You Approachable? Are You Sure?

    In a recent Harvard Business Review article, “Can Your Employees Really Speak Freely,” two business professors shared their research findings related to the gaps between managers’ perceptions of their approachableness, and the reality.

    As a manager, being approachable is critical, because most employees prefer to speak to their managers about ethics and compliance issues before going to HR, ethics or a hotline/helpline. 

    Based on the article, here are five questions you can ask yourself about your approachability:

    1) Do you issue general rather than specific invitations to check in with employees? “Come and see me any time” is not as effective as sending a meeting request or scheduling a specific time to check in with members of your team. Also, consider whether it is easy or hard for your team to find your office and visit. Can they come by casually, or does it feel like a big deal to stop by?

    2) What messages are you sending with your body language? The authors warn against “conveying your power through subtle cues” that indicate dominance. If you’re sitting behind a huge desk, crossing your arms, or frequently checking your phone during meetings and conversations, you could be sending a message you don’t intend.

    3) Do you follow up with employees’ questions and suggestions? If a team member comes to you with a question, suggestion or concern and you listen but take no action, your trust with that employee erodes. Commit to following up, and let them know what action, if any was taken—and if not, why not.

    4) Are most of your conversations with your team fairly formal? If you rarely have casual conversations with your employees—or if every conversation feels “high stakes”—employees will be much less comfortable sharing information with you.

    5) How do you handle brainstorming sessions? Your approachability can be significantly impacted by how you treat team members during those moments where they’re out on a limb—including sharing new or off-the-cuff ideas in front of other team members. This frequently happens in brainstorming or planning sessions. When team members feel safe and protected there, they’re more likely to find you approachable and trustworthy. 

    The more your team members feel comfortable with you, the more likely they are to speak up when they have a question or an issue. And that helps us better protect our company, our reputation and our bottom line. 

  • Ignorance Is Not Bliss When It Comes to Pay

    When it comes to pay, employers want to get it right. But before you can get it right you have to first know what “right” is – that means understanding your organization’s policies and ensuring that you consistently follow the guidance provided. Staying informed is one of the simplest ways to prevent rule violation.

    Although the rules can be complex, these 3 steps will help you and your employees stay informed:

    1.Don’t Assume, Check Your Policy
    Rules are different depending on whether employees are “exempt” or “non-exempt” from overtime. Know the status of each member of your team and if you manage non-exempt employees, be sure that you know the specific policies set by our organization. In general, employers must pay non-exempt employees at least a minimum wage for all hours worked and overtime as required by the law. But, there may be additional rules that dictate things such as timing of meal periods and/or breaks during an employee’s shift. Overtime rules may also vary by state.  For example, is it after 40 hours during the week or after a certain amount of time each day?

    2.Inform and Educate
    Ensure that employees also know the rules about their own work hours and reinforce the importance that they adhere to them. It is easier to hold employees accountable to policy when they know exactly what is expected of them. This goes double for managers. See next step.

    3.Cultivate a “Speak Up” Culture
    Create an environment where employees feel respected enough to speak up and approach managers with questions regarding policy. In a “speak up” culture there is a comfortable dialogue in which employees trust managers to be knowledgeable and forthright about external work-hour regulations and internal policy guidelines.

    Innocent mistakes and ignorance of the rules do not protect us from liability when errors in pay happen – so it is important that you understand what is expected, ask questions and get issues resolved properly. You don’t have go it alone. Employees and managers need to work together to ensure both understand and follow an organization’s policies. Managers should not be shy when it comes time to raise questions or concerns about pay or hours. 

  • 5 Ideas for Improving Your Team Culture

    Managers who create positive, respectful team cultures are not only a tremendous asset to our organization, they help protect it from the legal, financial and reputation risk that can be caused by misconduct. 

    As we end this year and look ahead to next year, we want to encourage you to reflect on steps you can take to make your team culture even stronger. Consider the ideas below—and remember that the ethics and compliance team is here as a resource for you. We would love to help you brainstorm additional ways to help employees embrace our values and mission. 

    1. Brainstorm Potential Risks: You are on the frontlines of behavior risk issues. What new issues do you see emerging—or potentially emerging—that we should stay ahead of? What existing risks might be greater in the coming year? For example, current world events and 2016 politics are almost guaranteed to increase discussions of race, religion and national origin in the coming year—and if those discussions turn derogatory, they could contribute to the creation of hostile environments and claims of discrimination. Are you ready to address such conversations in the workplace?
    2. Talk With Your Peers: Make time to talk with other managers, many of whom may be experiencing similar E&C challenges as you are. Find out what strategies they’ve tried in communicating with their teams, and what’s working—and not working—to really make a difference.
    3. Think About Incentives and Processes: Are there incentives, structures or processes that create pressure to bend the rules? For example, could financial rewards or job security concerns tempt employees to fudge data, use questionable methods to win sales, or hide failures to meet goals? Can you—or others— address these pressures and reduce the chance of misconduct?
    4. Consider Potential “Rewards”: Are there ways to applaud and acknowledge ethical behaviors on your team? Whether it’s just a verbal acknowledgement during a team meeting or a quick email—or something more formal like a certificate or mention in a newsletter—a little bit of recognition goes a long way in demonstrating your deep commitment to a culture of ethics and respect.
    5. Meet With Us: The ethics and compliance team wants to be a resource for you.  If you have any concerns about managing your team, answering tough questions or want some ideas, perspectives, or coaching on maintaining a healthy team culture, please contact us at any time.

    An organizational culture is only as healthy as its teams. Thank you for all you’ve done this year, and all you’ll do in the coming year to help us maintain a culture of ethics, integrity and respect.

  • Ethics in the Workplace: Helping Your Staff Make Good Decisions

    Do the right thing. Uphold our values. Always act with integrity. These are the kind of messages you’ll typically find in our code of conduct and compliance training. But what about those grey areas? Our training tells employees to ask for help anytime they encounter an issue they’re unsure about. However, before they ask, most people try to find the right path on their own. This is often where poor decision making can get organizations and individuals into trouble.

    The good news is this: as a manager, you can help your employees avoid unethical business practices. And in fact, our training messages come to life when you reiterate them. Research has shown that people typically make poor decisions for one of four reasons: lack of understanding, pressure, lack of accountability and self-interest. Here are ways you can support your team in ethical decision making around each of these issues:

    Lack of Understanding: Employees may not recognize when they are dealing with an ethics or risk issue, or they may lack understanding of the rules and standards that apply. Sometimes, it can be simply not realizing their responsibilities in a sticky situation.

    Remedy: Watch the news, check out blogs and talk to your team about the types of risks and ethical challenges that may occur in your organization. Pick one or two issues that are particularly relevant to your staff and the work they do. Work through the “what if” situation using our code and policies as guidance. This helps them walk through the process of ethical decision making in advance of a problem while demonstrating your willingness to help with a tough issue.

    Pressure: Time and performance pressure are part of today’s business world. However, pressure applied by management or peers to achieve an impossible deadline, or to do something that violates values or rules, can push good people to cross the line. Inappropriate incentives can do the same thing.

    Remedy: Keep an eye on the pressure meter in your work group and any extraordinary incentives to “get the numbers” or “have zero safety incidents.” Verbalize to your staff, often, that there is no justification for misconduct.

    Not Enough Accountability: Inconsistent discipline for misconduct sends the message that our organization is not serious about doing the right thing. Discounting future consequences in favor of immediate gain is a risk when there does not seem to be accountability for making ethical decisions.

    Remedy: Make sure to take corrective action consistently when needed. And when you educate your team on the issues they may encounter, be sure to emphasize the consequences of bad behavior—both short and long term.

    Self Interest: It is, unfortunately, human nature to believe that we are smarter, more deserving and better than we really are. In the workplace, this can lead to a “slippery slope” situation where someone rationalizes doing just one small bad thing, which makes the next bad decision easier, and so on. By his own admission, this type of thinking landed Andrew Fastow of Enron fame in jail for many years.

    Remedy: Talk with your staff about the human frailties we all share, and do it often. Awareness of a temptation can be built through periodic repetition of the potential risk.

    Celebrate Good Decision Making

    It’s easy to overlook the good decisions being made in your work group. Make a point of looking for these and mentioning them in staff meetings. Such decisions make good instructional moments—and the person who did the right thing will appreciate the kudos.

  • E&C Investigations: Do’s and Don’ts for Managers

    It’s one of the parts of your job you like the least: you receive a complaint about a team member, and an internal investigation is underway.

    As a manager, your participation in workplace investigations is critical in creating optimal outcomes. You also have the very important role of maintaining confidentiality and coaching all of the team members who may be involved to do “the right things right,” both during and after the investigation.

    Here are some do’s and don’ts to keep in mind:

    • Do: Be open and honest with investigators. Now is not the time to shade the facts to steer the outcome of the investigation. We need to know what actually happened, good or bad.
    • Don’t: Discuss details of the investigation with other members of your team.  If other team members become aware of an investigation, a good talking point to use is, “For a variety of important reasons, details of the investigation are confidential, and that means I can’t discuss this issue with you. I hope you understand.”
    • Do: Ask questions about the role (if any) you are expected to play in the investigation – the compliance, HR, and legal teams want to be a resource to you.
    • Don’t:  Take any steps to investigate the issue yourself unless the steps have been approved.  Often, actions that seem like they would be helpful (questioning a member of the team or going through emails or files) can compromise an investigation.
    • Do: Be objective.  Stay neutral during an investigation: the outcome may surprise you.
    • Don’t: Retaliate. It can be difficult to keep personal feelings out of an investigation. But no matter your perspective, no retaliation is acceptable—whether against the subject of the investigation, the person who brought forward the complaint, or a witness who participates in the investigation.
    • Do: Think about what, if anything, you can do as a manager to change your team culture or processes to address the root cause of a complaint.

    Workplace investigations can be difficult for everyone involved. But ultimately, going through the process of an investigation is essential in helping correct issues that can undermine a healthy corporate culture.

  • Could it Happen Here? Supporting a Culture of Compliance

    Keeping Off-Site Employees Connected With Our Organization’s Mission and Values

    Everyone has heard the old adage, “the cover-up is worse than the crime.” So why do we continue to read news stories about organizations that knew—or should have known—about problems that could endanger public safety and ultimately damage their company’s reputation?  

    A Rash of Recalls

    A rash of recent recalls among auto-makers has brought this issue to the forefront once again. Over the past few months, several manufacturers have been forced to recall thousands of vehicles, pay millions in fines and admit that they have endangered the lives of their customers.

    In one of the cases, it is documented that the issue was discovered numerous times and either ignored or buried.  As with most organizations in this situation, the company is already facing serious reputational damage and heightened legal risk due to an issue that was known and left unaddressed.

    Could it Happen Here?

    Research shows that there are two reasons why people don’t speak up or report issues: the belief that nothing will be done, and fear of retaliation. If employees at our company have these concerns then some version of the scenario described above could happen here.

    So how do we prevent this and protect our good name and reputation?

    Don’t ignore or cover up a problem. As this case demonstrates, it rarely turns out well. If you become aware of a problem or concern that is not addressed or appropriately resolved, it is important that you speak up. And, as a manager in our organization, you have a responsibility to take action to ensure that the right people are involved to properly investigate the situation.

    Doing Your Part

    To help protect our organization, our employees and our reputation, let’s all help each other to be sure to:

    • Work issues to a satisfactory outcome
    • Recognize inappropriate pressure and be aware of the messages you send
    • Provide clear direction and make good and timely decisions
    • Watch for red flags
    • Hold others accountable to the same high standards, while showing respect
    • Cultivate and practice good communication skills and establish an open environment where retaliation is not tolerated
    • If you don’t believe the issue has been satisfactorily resolved, use another of the multiple available resources to report your concern, including the ethics hotline/helpline
    • Be a great role model—do what’s right, even when it is difficult
  • Anonymous Reports Are a Good Thing

    Our company offers a number of avenues for employees to raise questions or concerns but you, as a manager, are always our first line of defense for your team members. An alternate resource is our company’s ethics helpline which employees can use to report either anonymously or offer their name and contact information. We support and protect anonymous reporting and, as managers, it is important for all of us to align on this point and to respect this option. Anonymous reports allow our employees to make reports that they simply may not be comfortable making in person.

    We also recognize that having an anonymous report lead to an investigation in our own organization can be uncomfortable. Here are some factors and guidance for you to consider should you find yourself in this situation:

    1. Do not feel as though employees are going above you to report anonymously. Research has shown that historically 6 out of 10 reports coming in through the hotline and web reporting channels are made anonymously so this is not unique to you or your department.
    2. Supporting (and not demeaning) anonymous reports or reporters shows that you want the reporting experience to remain a safe and confidential way to make a report.
    3. When an anonymous report comes in through the hotline, it is imperative that you do not seek out the identity of the reporter. Maintaining the integrity of anonymous reports will allow the company to continue to receive actionable reports from all across the company.

    One critical aspect of these reports – that will assist in the substantiation of anonymous reports – is advising all reporters follow-up with their report. The company has made it part of our intake process to highlight the importance of following-up, but needs your support in reminding and encouraging employees who may report anonymously to stay engaged in the process and see it through. You can do this in a group or staff meeting as part of a discussion of the overall helpline process. If you need additional information about our processes, contact the ethics office and we will be happy to assist.

    We encourage all managers to embrace their role in developing the culture surrounding the use of the helpline and all of our reporting options. Consistent and positive encouragement can increase the effectiveness of these processes, and continue to make our workplace one where we are all invested in our culture.

  • Managers Have Major Impact on Preventing Workplace Harassment and Discrimination

    Workplace harassment and discrimination, in any form, can damage company culture, stifle innovation and depress morale. But the harmful effects can go much further, creating “career limiting” outcomes for managers and leaders and resulting in serious financial penalties for companies who allow discrimination issues to fester.  

    During fiscal 2014, the U.S. Equal Employment Opportunity Commission (EEOC) fielded 88,778 charges of workplace discrimination. The top five discrimination charges were retaliation, race, sex (including pregnancy and sexual harassment), disability and age.

    As managers, you are in a unique position to help prevent, identify and address potential issues. To help our organization ensure that we’re fostering a culture of fairness, ethics and respect, while avoiding the risks of legal action, managers need to: 

    • Spot and address potential issues before they grow:Keep your radar attuned to team dynamics and conversations.  If you learn of potential harassment or discrimination, you must address it. Ignoring it is not an option, even if the issue seems small or questionable. It does not matter how you learn of the issue or whether you manage the individuals involved. When in doubt, reach out to compliance, HR or legal teams.
    • Take every report seriously: Avoid bias in receiving reports; treat each report with gravity. Know that the organization does not expect you to investigate or handle every report directly, but we do expect you to notify human resources, legal, or the ethics and compliance team who have been trained to appropriately investigate these types of reports.
    • Proactively manage controversial workplace conversations and interactions: While it’s hard to avoid talking about controversial issues of the day, create an expectation and understanding that inappropriate comments and conduct will not be tolerated. If conversations become heated, take quick action to shut down the conversation and address the issue.
    • Don’t assume that your employees know the rules or know when their conduct crosses the line: Be ready to provide additional coaching or training to employees who may not be aware that their behavior is inappropriate or potentially offensive.
    • Lead by example: Your team looks to you to set the tone. Your actions and your words speak loudly: demonstrate that you will have no tolerance for harassing or discriminatory behavior by setting the standard. 

    Ensuring our workplace is free of all forms of harassment and discrimination can challenge even the best managers and leaders. If you need additional help with addressing potential discrimination issues, please contact HR, the ethics and compliance team, or legal. They can help you get to the root causes of an issue and, if necessary, get your team back on the right track.

  • Five Essentials for Providing Employee Performance Feedback

    Many supervisors feel uncomfortable giving their employees feedback. Many even avoid giving feedback altogether because they fear a negative reaction or are nervous about saying or doing something that could be seen by an employee as harassment or discrimination. Some just don’t like being critical of others.

    But giving frequent, accurate employee feedback—both positive and negative—is one of the best ways to create an engaged and motivated workforce, and is critical for the success of our organization. Here are five tips on giving feedback —while staying within the bounds of ethics and compliance best practices—for high-impact results.

    1) Set the Right Foundation

    Early on, communicate your performance expectations for each of your employees. Define the goals you want to achieve and set clear targets for each employee. Explain that you’ll check in periodically on progress towards those goals. Setting the stage for honest and frequent feedback early on will make it easier and more natural to communicate constructive feedback when it’s needed.

    2) Highlight Employee Achievements

    Employees are more motivated when their contributions are recognized. Hearing positive feedback, especially when it is timely and specific, helps employees maintain their confidence. Reinforcing and recognizing positive behaviors also helps set a strong, supportive tone for the team.

    3) Promptly Communicate Concerns

    Feedback needs to happen in real time. Without feedback, employees will naturally believe that their performance is acceptable. So, the longer you wait, the longer the problem will persist. Delaying constructive criticism also can negatively impact your team culture if other employees feel that nothing is being done about an issue that affects everyone. Giving prompt feedback sends a message that you care about your team’s success, and that you actively support improvement and growth

    4) Motivate Change

    When preparing to give feedback, especially if it includes criticism, consider these principles for the best outcome:

    • It sounds silly, but think of yourself as a superhero—today, you are going to help your employee save his or her job. If you view providing criticism as a good thing, your tone, word choice, and demeanor all will change, and the employee will be more likely to respond positively. If you start off feeling uncomfortable and defensive, however, your employee will pick up on it and the conversation will be more negative or even confrontational.
    • Be specific, both about how the employee is falling short of expectations and—most importantly—what the employee needs to do in order to succeed. Without a specific “target” to aim for, it will be difficult for the employee make the changes you need. Agree on a time frame for improvement.
    • Determine whether the employee will need support such as training, how-to guides, mentoring, etc.—and then provide it.
    • Let the employee respond to the feedback. She may feel caught off-guard in the moment, so allow some time for processing and response if necessary.

    5) Document the Conversation

    Once you’ve provided feedback, make a record of the conversation using specific, factual descriptions. A good tool can be an email to the employee recapping your conversation. Document:

    • How the employee is falling short of, meeting, or exceeding expectations. Be specific.
    • Your expectations for performance going forward.
    • Employee’s responses and agreement to make any required changes.
    • Specific details of what the employee needs to do differently, and the agreed timeline for success (action plan).

    Employee feedback doesn’t have to be an uncomfortable or defensive process. It is a valuable tool for growth and should be done frequently. Use these tips to provide feedback that motivates change and helps build empowered, resilient, and skilled teams.

  • 5 Ways Managers Can Help Make Ethics & Compliance Real for Their Teams

    Despite our best efforts, ethics and compliance training and requirements can seem like distractions to front-line employees. Managers who bring E&C principles to life for their teams can have a major, positive impact–not only on their teams, but also on their organization’s efforts to mitigate compliance risk.

    So how can you help your team see the value in compliance—and make E&C real for your team? Here are five ways managers can have a true impact:

    1. Help them filter the noise and get to what matters most. While our code of conduct is broad and applies to all employees, there will be some aspects of the code or specific policies that are particularly applicable.  Make sure your team keeps the most relevant polices, laws and regulations top of mind. When they have a robust understanding of the policies, they will naturally learn how to comply. Offer additional training when and where appropriate.
    2. Share your approach to E&C. Share (appropriate) examples of your decision-making process with your team—particularly when there are grey areas to be navigated. Demonstrate your willingness to go to the E&C or HR team for advice and guidance. Modeling willingness to collaborate and seek guidance will give them permission to do the same.
    3. Set aside (even a little) time for team discussions about E&C. Ask your team to share examples—from their work experience or from current events—for discussion with the team. Even taking five minutes in your next team meeting to have someone present a brief situation that involved a difficult ethical choice that’s pertinent to their role or your business—and the outcome of that choice—can have a major impact.
    4. Showcase senior executive commitment. Share examples of top-level executive team decisions that your team might not otherwise know about. Employees who understand that there is a deep commitment to E&C at the highest levels of the organization are more likely to commit themselves.
    5. Reiterate available resources for E&C help. Make sure your employees know you are always willing to help them work through tough decisions and unclear situations. Remind them of their allies in HR, Legal and E&C who are ready and willing to help.

    Ensuring employees see E&C as a vital component of their personal success—and the company’s long-term health—is one of the key contributions managers can make to the success of our organizations.