Benchmarking Seasonal Risks in Global Ethics & Compliance Programs

In early October (2020), the SAI360 Learning team launched a short seasonal survey to benchmark bribery, corruption, gifts, culture, retaliation, and remote work. Our goal is to take the temperature of global ethics and compliance programs at this moment in time, as we head towards the conclusion of an extremely unusual and volatile year.

Between looming deadlines, the holiday season and a lack of visibility around employee behaviors in a remote environment, we’ve been curious to learn how organizations have changed their plans.

With over 100 responses so far, here are some early findings.

If you want access to the raw data for all six questions, all you have to do is complete the survey. It won’t take more than three minutes, and as soon as you submit your perspective, you’ll receive a link to view all of the anonymized responses. Bookmark the results page so you can revisit it in the future as we collect more data.

Are you revisiting your Code of Conduct?

Some of the findings have been surprising. For instance, 40% of E&C professionals surveyed admit that they have not made any significant changes to their ethics and compliance program as a result of the COVID-19 pandemic or shifting to remote work.

One of the early assumptions in April was that the events unfolding would drive E&C teams to re-evaluate their Code of Conduct – if not to adjust actual policies, values and risks to adjust for the changing landscape, at least to account for the fundamental changes in scenery taking place for employees.

Sure enough, 49% of programs rewrote, refreshed, or redesigned their Code of Conduct in 2020, but only 10% of those attributed the pandemic’s impact as the driver for change.

The other 39% were due for a refresh, which begs the question to pause and reflect on; when is the last time you reviewed your Code? 22% of participants had made changes in 2019, which means the majority (71%) of E&C programs surveyed have made significant changes to their Code of Conduct since last year. At the other end of the spectrum, 20% acknowledge they haven’t made changes since 2017 (or before then) and claim it’s on their to-do list.

Is doing the right thing a risk?

Here’s another surprising number; 42% of E&C professionals feel they’ve experienced retaliation for doing their job and what they perceived to be the right thing. Given the Department of Justice’s recent focus on autonomy and resources (Section B) in their June 2020 Evaluation of Corporate Compliance Programs, that type of behavior from senior management can potentially undermine the success of their organization’s E&C program internally and in the eyes of regulators.

Are you concerned about bribery, corruption and gifts and hospitality awareness?

Diving into the more seasonal risks in the survey, on a scale of 1–100, with one being “absolutely no risk” and one hundred being “an extremely serious risk,” our global participants ranked the risks of bribery, corruption and gifts and hospitality violations to be 43 out of 100.

While most respondents find themselves around the average, there are outliers on both ends of the spectrum. One interesting nugget buried within the responses exists in its correlation to our next question, focused on the last time each E&C program trained their organization on bribery, corruption, gifts, and hospitality.

80% of organizations trained employees on these topics in the last 365 days, with 14% falling during the previous 30 days and 32% in the last 90 days. When you compare the perceived risk and concern around these topics to the training behavior, every organization that has delivered training in the past year feels relatively the same – the range is 41 to 51 out of 100.

Where things get interesting is with the 20% of organizations that have not delivered training on bribery, corruption, gifts, and hospitality in the last 365 days. Of that group, 5% have it on their agenda for the next three months, and they ranked the perceived risk and concern to be 70/100.

For the 15% who have not delivered training for over a year and “don’t have any plans to revisit it in the next three months,” their perceived risk and concern was 25/100.

Do the organizations that haven’t conducted training in over a year, have no plans to, and rank their perceived risk of these topics lower than any of their peers have a more robust and confident risk assessment in place – or they are speeding down the highway with their headlights off?

Are you doing anything differently to mitigate current risks?

To dive deeper into this topic, we asked participants if they are doing anything differently to address, measure and mitigate these risks in our current environment, where employees are mainly working remotely and from home, as opposed to in the office or more formal workplace setting.

Only 42% of ethics and compliance programs have changed their approach in some way.

• 16% are delivering more training, but it’s the same training they would provide if things were normal. That means it hasn’t been customized or altered to reflect the current context and moment. Many E&C practitioners would argue that more training isn’t necessarily a good thing if the training doesn’t resonate and feels off-the-mark, which I’d personally agree with.
• 15% are delivering more training and have built or purchased new content and learning experiences to address these unique circumstances.
• 11% are increasing the frequency with which managers and leaders talk to their teams about these risks to raise awareness and build trust.

47% have made no changes to their ethics and compliance program regarding bribery, corruption, gifts, and hospitality. 16% of that group have chosen that path because they do not believe that their risks for gifts and hospitality policy violations, or bribery and corruption, are more significant than they were in 2019. Lastly, 20% of participants have not thought about the impact that remote work will have on end-of-year deadlines and seasonal events but admit they should start.

Changing program priorities

As we wrap up this initial analysis of our growing dataset, we’re sharing some responses we received when participants told us about the changes they’ve made to their program. The primary drivers for the changes are COVID-19, remote work and their 2021 risk forecast.

46% said they haven’t made changes, mostly because they were already conducting online learning or didn’t see a need to change what they’ve been doing. In contrast, 54% said they have, and their changes fall into four core categories:

• Code of conduct, culture, and policy-related changes
• Privacy, security, and infrastructure-related changes
• Resource, team, and technology-related changes
• Training, program, and strategy-related changed

Comments from survey contributors

Here’s a look at what your peers are doing, in their own words:

“We’ve implemented additional policies to address remote work.”

“We’ve written a new COVID Code of Conduct for employees returning to work. New facility-by-facility COVID return-to-office training materials.”

“We’ve increased communications regarding privacy issues when working from home (our Privacy Office is housed within Ethics & Compliance). We will continue to emphasize issues faced when working from home, which are different from working in the office. More technology controls are being added.”

“We are emphasizing our IT security and data privacy-related policies more frequently during our training programs.”

“We have completely revised and enhanced our cybersecurity risk training for those working remotely.”

“We’ve required the use of VPNs on remote workstations.”

“We’ve established a new team to focus on ethics.”

“We’ve reduced the headcount of our compliance team because the company sees it as a non-essential cost center.”

“Training scripts and video backgrounds were adjusted to reflect WFH ZOOM calls and social distancing guidelines.”

“We’ve done more focused training on specific risk topics, and we extended some training deadlines to accommodate work from home environment.”

“We’ve sent messages reminding employees about the importance of compliance even in times of disruption.” 

Final thoughts

Hopefully, this serves as reassurance or inspiration for your own program’s activities and approach to ethics and compliance in the coming months.

Learn more about our Ethics and Compliance Learning capabilities.

Or, contact us to see how SAI360 has helped organizations like yours.