Forgot your password?
Please enter your email & we will send your password to you:
My Account:
Copyright © International Chamber of Commerce (ICC). All rights reserved. ( Source of the document: ICC Digital Library )
by Pedro Montoya*Group Chief Compliance Officer of EADS
The success of any corporate ethics and compliance policy will critically depend on the ‘Tone at the Top’ set by the company’s leadership. In this respect, your company’s Board of Directors has a crucial role to play in providing explicit support for the company’s ethics and compliance programme and in designing a governance system in which the ethics and compliance function can operate. In this Chapter, we explore some of the key duties and responsibilities of your company’s Board of Directors in these areas. In particular, we look at some of the concrete steps your Board of Directors can take to empower the ethics and compliance function and to create a genuine culture of integrity within the company.
-
Not so long ago, it was widely accepted that the only objective of any business was to reach adequate levels of profitability: the business of business was business. As long as a company was making money, and that it was doing it legally, everything was fine.
Things have changed dramatically in recent years. Your company is still expected to be profitable, but in addition it will have to take into account the broader expectations of society and the possible impact of its activities on the communities in which it operates. In other words, your company’s behaviour should meet the expectations of its stakeholders, while its corporate structure should ensure an appropriate degree of transparency and accountability.
This entails two basic consequences: first, the highest governance body in your company (for the sake of simplicity, the Board of Directors) and particularly its Audit Committee has a duty to define how the company will discharge its social responsibilities, and second, it has to set the standard for the company’s ethical behaviour.
[Page64:]
Pressure on the Board
“The board, and in particular the audit committee, has a key role to play in assisting the company to mitigate the risk of bribery and corruption. Regulators have made it clear that a top-level commitment to an anti-bribery and anti-corruption culture is required from the board. Key elements of an effective anti-bribery and anti-corruption compliance program require significant board input and sponsorship. The audit committee is, among other things, responsible for overseeing fraud, bribery and corruption risk assessments and the related controls and compliance programs”.
Source: Growing Beyond: a place for integrity, Ernst & Young, 12th Global Fraud Survey, 2012, p. 14.
New corporate governance theories, while redefining the distribution of roles and powers within companies, have imposed high standards of accountability on Board members and corporate executives in the discharge of their duties. Directors and executives have to attend to company business by adequately and efficiently performing their fiduciary duties with loyalty and care, and in the best interests of their company and its shareholders and stakeholders. They have to provide – in a spirit of transparency – timely, accurate, and relevant information on material matters concerning the company.
According to the OECD Principles of Corporate Governance (2004)10, “The Board has a key role in setting the ethical tone of a company, not only by its own actions, but also in appointing and overseeing key executives and consequently the management in general. High ethical standards are in the long-term interests of the company as a means to make it credible and trustworthy, not only in the day-to-day operations but also with respect to longer-term commitments”.
To start with, there should be a clear message from the Board of Directors and the Chief Executive Officer that fraudulent, corrupt, and anti-competitive practices are prohibited, and that preventive measures will be put in place to shield the company and its business partners from such practices. Such a clear and unequivocal message from the highest level in the corporation will be essential to lay the basis for a genuine ethics and compliance policy.
Boards of smaller companies should not shy away from their ethical responsibility as they are, even to a larger extent than their more sizeable counterparts, exposed to severe compliance risks. As suppliers or subcontractors of larger groups, smaller companies will sometimes receive the support of their lead contractors and corporate customers. However, to take ownership of their compliance efforts, smaller companies should also have a proactive attitude and decide for themselves how best to articulate their own set of values and ethical practices.
[Page65:]
‘Tone at the Top’ is critical for setting the ethical culture of a company
The survey commissioned by PricewaterhouseCoopers in April 2010 and mentioned earlier in Chapter 5 has shown “a resounding agreement from respondents that Tone from the Top is vital in developing and maintaining the ethical integrity of the business. Without it, the ability to mitigate the risk of something going wrong is significantly impaired”.
Source: Tone from the Top: Transforming words into action, PricewaterhouseCoopers, April 2010, p.4.
The affirmation of a basic set of values by the Board of Directors and the Chief Executive Officer will have a greater impact if it seeks to integrate the input and experience of the company’s managers and employees. In other words, the ‘Voice from the Bottom’ should also be heard. Hearing the ‘Voice from the Bottom’ will give additional credibility and reliability to the Board’s message as it will also be based on the positive and forward-looking contributions brought by the company’s employees, and in particular the younger ones.
Many leading companies have launched their ethics and compliance policy only after having extensively tested its principles and implementation in the various business segments and geographical areas where they operate. Ultimately, the Board of Directors will have to take responsibility for formulating the company’s policy, but the ‘Tone at the Top’ will have a stronger repercussion if all in the company, or as many as possible, are given an opportunity to shape its content.
A practical example: how to deal with gifts, hospitality, and entertainment
A major French company wanted to set rules on the offering and receiving of gifts, hospitality, and entertainment. The top management started by establishing a general framework, which was made compulsory for the whole organization, but refrained from imposing uniform conditions on certain specific issues, such as the value of gifts, hospitality and entertainment under which it would not be required to have the prior approval of a principal. The company then asked its subsidiaries and affiliates ‘to fill in the blanks’ with what they considered the most compliant and appropriate practices in the light of their respective regulatory and business environments. By not imposing worldwide uniform standards, and by associating various parts of the group to the elaboration of the rules, the company was able to create a feeling of ownership and obtain the buy-in of employees for the implementation of these rules.
[Page66:]
The duty of Boards of Directors and Chief Executive Officer will be to provide, in words and deeds, an example of preferred ethical behaviour and to indicate what should be done at all levels of the company to address ethical lapses. In corporate messages from top management to co-workers, it will be important to set forth the values of the company, the prohibitions on unethical behaviour, and the recommended best practices.
In doing so, the Board and the company executives should not only express a normative view of what the company’s ethical model should be. They should also perform their day-to-day professional duties in an exemplary way, without seeking to benefit from elusive privileges, to enjoy far-fetched exemptions from corporate rules, or to grant themselves immunity for their mistakes.
Their behaviour, right or wrong, will be scrutinized and commented upon by everyone in the company. Co-workers will take the top management’s attitudes as a yardstick for determining what is permissible and what is prohibited. Why indeed would anyone care for the rules if they are bluntly ignored by those who issued them? On the contrary, if top management demonstrates that it intends to go by the book, corporate rules will permeate much more smoothly and permanently throughout the company.
The next step will be for your company’s Board of Directors to establish a system for prohibiting misbehaviour, preventing illegal and unethical conduct, and imposing sanctions in case of infringement of corporate standards. This prevention system should be incorporated into an efficient corporate ethics and compliance programme. Such programme should be fully endorsed by the Board of Directors and the Chief Executive Officer. Article 10 of the ICC Rules on Combating Corruption (2011) (reproduced in Chapter 8) provides an extensive list of processes and instruments which they may opt to include as part of the programme, based on what is most adapted to the company’s size and resources. The Board of smaller companies will probably select a limited number of such measures.
‘All hands on deck’
Nobody should remain idle when ethics and compliance are at stake. Corporate policies should indicate that all those working for your company – executives, officers, and employees alike – will have to act in compliance with the ethics and compliance programme. It should be made clear that compliance with corporate policies is the responsibility of all individuals at all levels of your company and that there is no place for exceptions or privileges.
[Page67:]
Control measures
Ethics and compliance cannot be decreed, it has to be organized. The mere promulgation of one or more documents full of good intentions will not suffice. Your company’s Board of Directors should select and endorse the proper control and compliance methods to make the rules a living part of your company’s daily activities.
In doing so, the Board will have to make a number of important choices. Your Board may either opt for a centralized and uniform compliance organization or it may prefer, based on the nature of the company’s business, to entrust the compliance function to its subsidiaries and affiliates. The Board can go for a full blown whistleblowing system or, on the contrary, it may rely on the company’s traditional means of communication. The Board may give priority to internal controls rather than to external controls. Furthermore, in case the Board would like to ensure that its compliance measures are in line with internationally recognized best practices, it may ask a specialized certification, verification, or assurance body for advice on how to possibly upgrade the company’s programme.
The company’s governing body has to demonstrate its commitment to the programme: it cannot establish a number of rules, and then appear uninterested in their effective application. If it were to do so, it could be criticized for using a corporate Code of Conduct and an ethics and compliance programme as mere public relations or marketing tools, or worse, as devices primarily designed to shield senior management from responsibility for the actions of subordinates.
In particular, a key responsibility of the Board of Directors will be to establish an ethics and compliance function and to design a governance system in which it can operate:
Appointment of a Chief Ethics and Compliance Officer
The appointment of the Chief Ethics and Compliance Officer (or any suitably senior individual in the organization with another title but a similar function) should be made by the Board of Directors, probably after having been debated in the Audit Committee (or, in certain companies, the Ethics Committee). The Chief Ethics and Compliance Officer should have a deep knowledge of the company’s business and governance structure, as well as an impeccable professional and ethical record. This person should enjoy the trust of all his or her co-workers.
Empowerment of the ethics and compliance function
As explained in Chapter 1 of the Handbook, the newly appointed holder of the compliance function should be given a clear mandate and mission statement. The mandate given by the Board of Directors will be the cornerstone of the Chief Ethics and Compliance Officer’s empowerment. It should be followed up by a roadmap to be approved by the Board. The Chief Ethics and Compliance Officer’s position on the organizational chart should enable him or her to report directly either to the Board of Directors (or to its Chairman) or to the Audit Committee (or to its Chairman) or alternatively to the Chief Executive Officer.
[Page68:]
Setting objectives and defining responsibilities
The mission of the ethics and compliance function will take the form of an operational programme contained in a roadmap. The roadmap should start with a risk assessment, which will be constantly updated and adapted to the company’s changing circumstances. The mission of the new ethics and compliance function should be easily traceable with a set of quantitative and qualitative objectives that can be measured through performance indicators. The ethics and compliance function will be accountable for these objectives.
Resources allocated to ethics and compliance
To fulfil these objectives, the Board of Directors should ensure that the ethics and compliance function enjoys the necessary support from the company’s management. In particular, the Chief Ethics and Compliance Officer should receive assurance that the ethics and compliance function will receive the financial and human means required to fulfil its task. This starts with a team of skilful and trained professionals with access to company resources, such as corporate training facilities and internal communication tools.
Monitoring the ethics and compliance programme
The Chief Ethics and Compliance officer will have to report to the Board of Directors or the Audit Committee on a regular basis (and possibly every time the need arises). Such reporting should include a presentation and discussion of a dashboard describing the objectives of the ethics and compliance programme and highlighting the most significant developments relating to the implementation of different compliance policies and the management of misconduct (enquiries, investigations, and sanctions). Thanks to these periodic reviews, top management and the compliance function will be able to share views about the evolution of the programme and propose improvements when needed.
When designating the departments or individuals who can best ensure effective day-to-day control of the implementation of the ethics and monitoring programme, the Board of Directors should take into consideration the nature and structure of the organization.
No two companies are alike. Some may have stronger controlling bodies than others, for instance external and internal auditors, corporate or outside lawyers, and human resources departments, which in each company have their strengths and weaknesses. On this basis, the Board will have to determine whom to entrust with which control function. In general, control over accounting and financial recording will be entrusted to financial managers and auditors, while behaviour, as it relates to compliance with ethical standards, is more likely to be the province of management or corporate lawyers.
[Page69:]
Having designated the specific departments and individuals, the Board will have to determine – and its Audit Committee will have to oversee – the systems or procedures for control and decide how, and with what frequency, the controls will be exercised. Such procedures should be devised with the aim of preventing violations of the company’s Code of Conduct and of its ethics and compliance programme. The greater the risk of violation, the more stringent the procedures should be. As always in business, the means to be used should be adjusted to the specific circumstances the company is facing.
Beyond its function of conducting periodic reviews of the ethics and compliance programme, the Board of Directors will be called upon to make major decisions which will define the contours of the programme and its practical implementation. In particular, it may be involved in making the following determinations:
The Board of Directors should not devote attention only to what happens within the parent corporation. The ethical policies put in place by the parent company’s Board should be applied in the economic group in its entirety, at home as well as abroad, in all of the group’s divisions, branches, wholly-owned subsidiaries, and majority-held joint ventures, as well as in affiliates in which the group exercises de facto control or a large influence. Moreover, as far as feasible, they should be applied in all non-controlled entities working closely with the corporation. A special effort will be required to make subcontractors, outsourcing partners, and intermediaries aware of, and compliant with, company standards. Worldwide policies will be applied uniformly but some room should be left for differences between national jurisdictions, whenever the laws and regulations of certain countries require a specific approach (as for instance on private data protection).
[Page70:]
About the author
Pedro Montoya was appointed Group Chief Compliance Officer by the Board of Directors of EADS in October 2008. Under the authority of the Board’s Audit Committee, he designed and set up the newly created Corporate Compliance Office. Reporting to the Group CEO, he leads the EADS Ethics and Compliance Programme with 190 full time employees. Mr. Montoya graduated from the Universidad Complutense of Madrid and obtained his Master in Laws by the Instituto de Empresa. He started his career in 1986 in Procter & Gamble and four years later joined the Spanish Aerospace Group CASA where he became General Counsel and Company Secretary. Before his appointment as Group Chief Compliance Officer of EADS, he served three years as General Counsel of EADS International.
* The author was assisted by François Vincke, co-editor of the Handbook,for the preparation of this Chapter.
10 http://www.oecd.org/daf/ca/corporategovernanceprinciples/31557724.pdf