Global Integrity Survey: Compliance Today

Ethics and compliance officers searching for some outside validation that they are managing their corporate integrity efforts wisely finally have some data for comparison purposes.

The 2009 Global Integrity Survey, a joint research project of Compliance Week and compliance service provider Integrity Interactive, polled more than 150 ethics and compliance executives at global companies worldwide. Questions ranged from how companies structure their ethics functions to how “integrity behavior” is factored into compensation decisions to what risks compliance executives worry about. (The complete survey is available for download in the box at right.)

Overall, the results show that corporations clearly understand the need for, and the importance of, an “integrity function” and compliance with the ethical standards that function dictates. That does not, however, mean many universal practices exist—and too often, companies seem afraid to do a hard analysis of their workforce’s ethical behavior, to translate that data into policies that would put real force into the drive for better ethical conduct.

Specific findings are largely in step with what many compliance executives have noticed anecdotally or suspected for years. For example, 80 percent of those polled say they back up their corporate integrity efforts by tying them into the company’s compliance program. A majority also have the ethics and compliance function report to the general counsel, the audit committee, or both.

Turan

COMPLIANCE TIES

The surveyed Chief Compliance Officers were asked to describe how their integrity function is tied to compliance:

Compliance Tie:

Percent of Respondents:

Connected to Compliance, with “compliance” and “integrity” ostensibly being a single function

80.0%

Separate From Compliance, with “compliance” having its own unique team and function

15.0%

Other

6.0%

Percentage totals may not equal 100%.

Source: 2009 Global Integrity Survey (Sept. 9, 2009).

Many respondents said they see ethics and compliance as so intertwined, treating them as one function is simply the wiser choice. K.C. Turan, chief compliance and privacy officer at Dun & Bradstreet, says it’s often most effective for ethics “to be strategically embedded” within the larger compliance organization, which is the case at his business.

“By its very nature, the compliance function normally houses the established skill sets and tools required for successful ethics functions,” he says, such as policies, training, communications, monitoring, reporting, and investigation. “Conducting ourselves with integrity and ‘living our values’ is a natural extension of complying with legal and regulatory require­ments, so our ethics function is naturally embedded within our corporate compliance organization.”

Only 15 percent of those polled said they keep the two functions separate, but most of those responses came from companies in highly regulated sectors—airlines, banking, defense contracting, and the like. In the financial services sector, for example, “compliance” has a specific mean­ing and an exacting set of rules to follow. As a result, financial companies’ broader efforts at ethics and integrity tend to be separate.

For instance, one former bank executive said the two functions were separate because his bank’s compli­ance department was “well established, due to regulatory requirements, before the other integrity functions were established.”

Berenbeim

A plurality of corporations (44 percent) organize their integrity function centrally, with a single global leader overseeing a staff that ensures ethical behavior. Ronald Berenbeim, a policy analyst at the Conference Board, says centralization should be the rule, “because a company’s ethics posture needs a core definition.”

But he also cautions that at least some flexibility may be needed, especially for companies that do business globally. For example, he says, “A company’s gift policy might be different in the Philippines than it is in Sweden, but the core ethics principles, code of conduct, or whatever they call it, is still global.”

REPORTING STRUCTURE

The Chief Compliance Officers who responded to the CW, Integrity Interactive 2009 Integrity Survey said their integrity function reports to:

Reports To:

Percent of Respondents:

Directly to the Audit Committee of the Board of Directors

19.7%

Directly to the General Counsel

19.1%

—GC and Dotted Line to Audit Committee

12.1%

Directly to the Chief Executive Officer

8.3%

—CEO and Dotted Line to Audit Committee

8.3%

Directly to Another Executive

17.8%

—Another Executive and Dotted Line to Audit Committee

8.9%

Other (includes three-way reporting relationships)

5.7%

Percentage totals may not equal 100%.

Source: 2009 Global Integrity Survey (Sept. 9, 2009).

Babson-Smith

One example of a centralized model is heavy-equipment maker Terex Corp. The company’s Chief Ethics and Compliance officer, Stacey Babson-Smith, says that model lets the company deliver a “One Terex” message about ethical conduct and expectations. Still, the company also appoints integrity advocates in its major lines of business to be the primary point-of-contact for Terex employees and serve as liaisons between the local busi­ness unit and Terex’s main compliance function and corporate headquarters.

Another 21 percent of CCOs said their organization employs a regional structure, with a single global leader plus numerous regional or functional leaders; another 20 percent say their organization uses a hybrid system with some centralized functions, regional leaders, or local champions.

Eight percent of respondents describe their integrity effort as “functional”—that is, the integrity function reports into a specific department, such as legal. Only a small fraction—about 4 percent—use a decentral­ized approach, where local business units “own” integrity without oversight from central management.

Chains of Command

The survey results also show that while companies take numerous approaches to achieve corporate integrity, no matter how they get there, the buck usually stops with the audit committee.

Almost 40 percent of respondents report that their integrity function reports to the audit committee, either directly (19.7 percent) or indirectly (20.4 percent). Experts say that’s in line with current best practice, since the audit committee is often perceived as the final line of defense against corporate wrongdoing and has the clout to make independent investigations happen.

BOARD INTERACTION

The surveyed Chief Compliance Officers were asked how much interaction the integrity function has with the board:

Interaction:

Percent of Respondents:

Quarterly Presence, meaning it presents to the board or a board committee at least once per quarter

47.4%

Persistent Presence, meaning it is present at all full board meetings and/or committee meetings

19.2%

Ad Hoc Presence, meaning it presents to the board or a board committee on an ad hoc basis

12.8%

Annual Presence, meaning it presents once annually to the board (but may be present more often)

10.3%

No Presence, meaning it does not typically present to the board of directors

10.3%

Percentage totals may not equal 100%.

Source: 2009 Global Integrity Survey (Sept. 9, 2009).

Of the remainder, roughly 20 percent of respondents cite a structure that reports directly to the general counsel, 8 percent report directly to the CEO, and more than a quarter report to some other executive (the CFO, for example) in some capacity.

Many experts view the wisest structure for an integrity function as one that reports to the audit committee regularly—at least annually, and ideally quarterly plus whenever else an urgent matter arises.

That’s the case at Royal Dutch Shell, where Richard Wiseman, the company’s chief ethics and compliance officer in London, reports to the group legal director functionally, with a dotted line to the audit committee. He reports annually in person to both the audit committee and the corporate and social responsibility committee, and more frequently in writing. Still, Wiseman says one pattern doesn’t necessarily suit all organizations.

“The important thing is that board members are involved in the supervision of high-risk issues that compliance and ethics officers are usually responsible for,” he tells Compliance Week.

Senhauser

Nearly 77 percent of respondents say they have regular contact with the board of some kind; the largest single group (47 percent) say they report to the board quarterly. “We’ve found a quarterly reporting cycle to be most effective as this frequency provides an adequate amount of information for board members without overwhelming them,” says Bill Senhauser, chief compliance officer at Fannie Mae.