Professional Documents
Culture Documents
Top 10 Ethics & Compliance Trends for 2019
Top 10 Ethics & Compliance Trends for 2019
Top 10 Ethics & Compliance Trends for 2019
I. Consumers, not Regulators, Are the New Enforcers of Global Business Practices 3
Author: Richard Young, Consulting Editor, Progressive Content
III. GDPR Enforcement and Regulation May Be Slow, But It’s Coming 11
Author: Shon Ramey, General Counsel, NAVEX Global
& Jessica Wilburn , Data Privacy Officer and Senior Counsel, NAVEX Global
VI. Incentivizing Ethics: What Does the Future Hold for Paying for Ethical Behavior? 21
Author: Ed Petry, Senior Advisor, NAVEX Global
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
Introduction
As we prepared for the publication of our 2019 Top 10 Ethics & Compliance
Trends, a common thread became evident: transparency. Whether it be a
company’s data use practices, its response to sexual harassment, or its efforts to
eliminate atrocities like human trafficking from supply chains – transparency will
define our industry’s challenges and opportunities in 2019.
Consider the “belief economy” businesses operate in today. More so than just product specs, consumers are buying
based on brand authenticity and ethical business practices. People want to work for, buy from, and support companies
that they believe will create ethical ripples beyond the transaction. This has positioned employees, consumers and the
public at large as the arbiters of business success. Even more than regulators, these groups disproportionately influence
brand reputations, and often have higher standards.
In this belief economy, employees want to believe in the mission of their employers, extending to not just what the
organization does, but also how it does it. Consumers are voting with their dollars to stand in support or opposition
of social movements, not just physical products. The public at large wants to be the force of corporate accountability.
And shareholders know all this and understand the bottom line depends on how we operate within these new norms.
This demand for transparency is a byproduct of the abuse of privacy on the behalf of corporations. Whether it is the
use of NDAs to suppress stories of harassment; cavalier processing of personal data; or blind eyes turned to fraudulent
business practices, corporate institutions face a wall of skepticism. This is not to say that all are at fault. But the reality
is that the few have changed the landscape for the rest, and all will be met with greater skepticism and pressure for
transparency as a prerequisite for future business.
We can also see this as a shift toward a culture of accountability. Here, protections like privacy and confidentiality that
previously insulated organizations are now inciting additional scrutiny. Concealing unsavory corporate circumstances
and ensuing disciplinary action (or inaction) is no longer always in a company’s best interest. Corporate observers see
unchecked privacy and confidentiality as the antithesis of transparency, and also a gateway to ethical complacency.
Often they are right. Whether by intent or neglect, lack of disclosure allows room for inaction. Transparency, on the
other hand, provides a powerful change agent in the form of employee, consumer and public accountability.
We cannot forget, however, that transparency is not the goal, but a means to an end – that end being trust.
In today’s climate of distrust (fake news, unmet promises, and corporate misdeeds), there is an opportunity for
corporations to take a leadership role and rebuild trust in their words and brands through action and commitment.
For that we need to be transparent in our business dealings, in our employee management, and our public relations.
That is how we will regain trust and remain successful in the modern belief economy.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
1
1. Consumers, not Regulators, Are the New
Enforcers of Global Business Practices
By: Richard Young slew of one-star reviews on Amazon? It’s not an either/or
question, of course. But the poor reviews will
Over the past decade, three factors have shifted the hit your business a lot quicker.
way organizations perceive consumers, decide their
own practices, frame the way they communicate – and
even determine what they believe. First, the socialized
Consumer Anarcho-Syndicalism
economy has created new ways of seeing and sharing Social media has also been a vector for rampant
corporate behavior. Second, consumers are feeling populism. This is most visible in politics. From Presidents
empowered as never before. And, lastly, they’re starting across the globe to Brexit and les Gilets Jaunes, people
to take the initiative on perceived transgressions. are voting for “shake-up” candidates and taking direct
action against “the establishment.” These movements
These forces are a huge challenge for compliance teams. are often barely organized – but their members want
Simply “checking the box” was never a great idea when it their opinions respected.
came to meeting regulatory demands. But it’s a hopeless
approach for dealing with consumer expectations around Corporate policies or statements at odds with any given
ethics and business practices. The right policies, training brand of identity politics can instigate public opposition
and values in your code of conduct are vital – alongside in new ways. For example, sporting goods stores that
visible commitment to those values in everything you do. took an ethical stance on the minimum age for gun
buyers after a school shooting in 2018 saw sales decline.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
3
them breaking the law. Customers now fill the gap
left by regulators hampered by jurisdictional or
procedural questions in a range of areas – ready to
flag up even suspected breaches with considerable
commercial consequences.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
4
Key Steps for Organizations to Take Be Clear & Calm
Consumers’ standards of evidence are far lower than
Aggressively Avoid Lip-Service regulators’. Transparent organizations can usually
Talking up your ethics code isn’t enough. You might need resolve allegations of unethical behavior faster than
to recalibrate your entire business model against an those whose systems hide the truth (even from their own
ethical yardstick. Internal and customer-facing processes management). That also means you panic less, get facts
should be transparent enough to win the trust of your more quickly, have well-defined processes to resolve
own people, regulators and your consumers. That also ethical breaches, and are seen as a company that acts.
means analyzing activity data from more and more
reliable sources. Understand Algorithmic Oversight
A big ethical issue in 2019 is the fairness of algorithms
Align Leadership Realistically – the building blocks of AI that are increasingly shaping
Leadership must live and breathe the ethics interactions with consumers. Prescient companies
communicated to staff and customers – and ensure are getting ahead of the issue with policies beyond
processes and policies, especially around incentives, back regulatory need. Lawmakers and companies themselves
them up. Over-promise and under-deliver on ethics, and can’t be sure how algorithmic decision-making affects
the backlash from consumers will be severe. society; so consumers will set the benchmark.
Strong compliance means avoiding fines. But the Don’t be shy about showcasing how your leaders believe
stakeholders driving revenues (customers) and costs in your ethical approach and their commitment to
(suppliers) also make decisions on ethical grounds. And organization-wide policies to back it up. There’s more
they move faster than any regulator can. than just reputational value on offer. Publicly raising
ethical standards puts pressure on opaque business
practices in your industry. It’s a competitive advantage.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
5
2. The Cost of Incivility in
the Workplace
By: Carrie Penman The lack of personal ownership for integrity, civility
and general decency in the workplace puts more
The modern workplace may be finally undergoing responsibility on the organization to enforce those
a period of self-reflection as the demand for better behaviors. Organizational ownership of personal values,
and more civil working environments is moving to the however, is more expensive and less effective.
forefront. This demand is not new. Employees have
always framed the majority of reports made to ethics For instance, the EY report also found that the group that
and compliance hotlines as issues of respect and fair did not believe integrity was an individual’s responsibility
treatment. And too often these concerns are dismissed (i.e., 78 percent of the respondents) were “significantly
by leadership as whining or complaining – not related more likely to act inappropriately, including making
to the business and certainly not a “compliance issue.” cash payments to win or retain business. These same
Nothing could be further from the truth. respondents are also more likely to extend the monthly
reporting period or change assumptions that determine
The truth is that rude, abusive, harassing, and bullying valuations or reserves in order to meet financial targets.”
behavior has been costing organizations big-time for
decades. The cost is seen in decreased productivity, loss These are real compliance failures that can result
of top talent, stilted innovation, increased sick time, poor in very real regulatory enforcement. And while the
customer service and yes, serious compliance violations. compliance failure costs may be more easily quantified,
And when we include retaliatory behavior in this it is also critical to raise the flag on the interpersonal
definition, the legal costs and compliance risks go even consequences and the resulting non-regulatory cost
higher. Like harassment and retaliation, incivility in the of incivility.
workplace is often another form of abuse of power, and it
is important that we address all of these issues together
The Continuing Abundance of HR-
to truly change cultures.
related Hotline Reports
Let’s look at some numbers. In its 15th Global Fraud
If we turn to internal company hotlines and incident
Survey (2018), EY uncovered findings on a primary
management systems as our canary in the coal mine, we
indicator of corporate civility – integrity. When asked
see the magnitude of real, or at least perceived, incivility
who is responsible for integrity within the organization,
in our own organizations. Of all the cases reported
only 22 percent of respondents said that integrity is
to internal compliance hotlines in 2017, 72 percent
an individual’s responsibility. The other 78 percent
were HR-related reports. If you look specifically at the
of respondents said that corporate integrity is the
accommodation and food services industry, this
responsibility of either management, the board, HR or
number goes up to 85 percent.
the legal and compliance teams.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
7
are commanded by employees dissatisfied with their When employees do not see
experience with others in their workplace as shown by
themselves as personally accountable
the volume of harassment, discrimination, retaliation and
other interpersonal workplace issues. Many of the reports for corporate civility, it is easier
written off by leaders (and some compliance officers) as for them to see themselves in
nuisance reports or the “my boss is mean to me issues,”
opposition to the organization when
are often the early warning signs that something is
culturally “off” in a particular location or department. things go wrong. This creates an
Addressing the root cause of trends in this area can increased appetite for legal action
avoid other and more serious violations. Reducing the against the organization.
volume of these cases will also give these departments
meaningful time and resources back to focus
proactively on building and sustaining a culture
Define & Commit to Core Values
of integrity and respect.
Define the organization’s core values and then have
Second, interpersonal issues come with a significant unwavering commitment to those values. For these values
amount of emotional weight. How these cases are to have credibility, people at all levels of the organization
handled will create either positive or negative emotional need to be held accountable equally. This is the only
ripples through the organization. way it will work. Employees are always watching who is
rewarded and the behaviors these individuals exhibit. If
Third, just the processing of claims of harassment, the screaming jerks get the promotions and raises, then
discrimination and bullying come with a price tag for this is the type of behavior the organization embraces
the organization. As my colleague Scott Nelson stated and it will become the norm. Everybody knows who the
in his piece, The Era of the Jerk Manager Is Over, “Even offenders are and the level of organizational cynicism is
if the employee’s claim is legally baseless, it can be directly related to the accepted behaviors.
expensive for an organization to prove that. A defense
attorney might be confident in a win, but it can cost the In support of core values, I recently had the pleasure
organization a lot of money to get there.” of hearing Erica Javellana – Speaker of the House for
Zappos – discuss the company’s 10 core values at NAVEX
When employees do not see themselves as personally Global’s 2018 Ethics & Compliance Virtual Conference.
accountable for corporate civility, it is easier for them to Most interesting was the company’s specific commitment
see themselves in opposition to the organization when to hiring and firing on these values.
things go wrong. This creates an increased appetite for
legal action against the organization. For instance, if someone is flown into town for an
interview, meets performance expectation during the
interview, however is disrespectful to the driver taking
Key Steps for Organizations to Take
them back to the airport – that behavior is weighted
Management and leadership must set the expectations just as heavily as their work experience and professional
for acceptable behavior in the workplace and be qualifications. To be more accurate – respectful behavior
responsible for ensuring these traits are owned by each is a requisite professional qualification.
employee at every level of the organization. It is time
to raise the bar so that civil treatment in the workplace
becomes a non-negotiable for continued employment
in all organizations. Following are some key steps for
organizations to take.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
8
Provide Integrity & Civility Training for All Managers Be Present – Professionally, Personally, Emotionally,
& Supervisors Mentally, Physically
Managers – senior, mid-level and junior – are essential Finally, civility only exists in the interaction between two
to instilling these values into every faction of the or more people. These interactions are being threatened
organization. Managers need to be trained on how by the rampant dependency on nonessential tech in
to have hard and critical conversations in a respectful the workplace. Nonessential meaning, the checking
way with those they manage. The entire org chart of of phones at the beginning of meetings instead of
supervisors must also be well aware of not only their exchanging pleasantries with colleagues; the instant
personal ethics, but how those ethics are interpreted by messages instead of desk visits; the emails instead of
employees. Every corporate leader needs to talk the talk phone calls.
and walk the walk.
We all know that it is not respectful to multitask during
a conversation, yet this behavior is now commonly
360-Degree View of Managers
accepted. More and more, we – everyone from
We all know people who are very good at “managing up”
management to frontline employees – are seeing
but not so good when it comes to respectful interactions
coworkers as a part of the corporate architecture
with peers or subordinates. One of the most effective
rather than human beings that share a world outside
ways for an organization to learn about uncivil or bullying
the demands of the workplace. Successful leaders
behavior is to provide a safe environment for employees
recognize they are managing people and that respectful
at all levels of the manager’s orbit to provide feedback.
relationships between people are critical
This is best achieved through 360-degree reviews that
to organizational success.
showcase the full spectrum of behaviors. Incorporating
the ability for anonymous reviews from subordinates is If we can move toward re-humanizing business, people
key for honesty and accuracy of evaluations. will again begin to see themselves as responsible for
values like civility, integrity and respect and the cost of
incivility to the workplace will decline.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
9
3. GDPR Enforcement & Regulation
May Be Slow, But It’s Coming
By: Shon Ramey & Jessica Wilburn to be accessible to many staffers who did not need this
level of access to perform their role. More specifically –
Well into the first full year of the EU’s General Data almost 1,000 employees had the data access rights of
Protection Regulation and the global compliance medical doctors, while the hospital only had around 300
community is only just starting to see signs of doctors on staff. This was a clear flaw in privacy by design
enforcement. While May 25, 2018 represented a drop- and proves that violations of the principles relating to
dead date that organizations scrambled toward for processing of personal data will be taken seriously
GDPR compliance, it didn’t hold the same urgency by regulators.
for regulators. That is likely to change in 2019.
The amount of the fine (nominal for an organization of
Despite the two years leading up to GDPR’s go-live its size), and the lack of an external data breach, may
date, regulators in some jurisdictions just weren’t ready indicate that GDPR enforcement will be less reactively
when the time arrived. This has delayed the flood of punitive and more proactively preventive. We must
enforcement action we were all holding our collective remember that the regulation is ultimately committed
breath for. Things are just now starting to warm up with to protecting individuals – not necessarily data. Just
fines and cease-processing enforcements trickling in. because an organization may feel it has heightened
immunity against breaches, if its personally identifiable
We can’t let the lack of immediate enforcement lull us information (PII) hygiene is weak, it is still exposed.
into believing that this will be the norm. Instead, we
should look at the intensity of complaint reporting since If we could speculate a bit, we think all of the predictions
May 25. In just the first 26 days after GDPR went into GDPR forecasters made in early 2018 may still be accurate
effect, the United Kingdom alone received 1,124 GDPR – they will just begin to transpire in 2019. Consider this
violation complaints. In Ireland, there were 547 data from Christin McMeley, CIPP/US formerly of Davis Wright
breach notifications and 386 complaints in the first 32 Tremaine LLP:
days. France received 426 complaints in just 24 days.
When regulators get up to capacity, we may see this “GDPR enforcement will be similar to FTC enforcement
intensity mirrored in enforcement. in the U.S. in the sense that DPAs [Data Protection
Authorities] will go after companies with clear
Although we haven’t learned much from the volume of violations so they can (1) levy maximum fines that serve
enforcement, we are getting some insight from the nature as a deterrent and (2) build a body of case law that will
of enforcement. Take for example Portugal’s national serve as its own kind of guidance. I don’t think the first
privacy regulator’s, the Comissão Nacional de Protecção enforcement actions will involve big tech, because they
de Dados (CNPD), €400,000 fine of a major hospital for will fight back, prolonging resolution – plus a midsize
violating the GDPR. Interestingly, this fine didn’t even company reinforces the FTC approach that it could be
involve an external data breach. It was an infringement anyone at any time.”
of integrity and confidentiality demonstrated by allowing
excessive amounts of sensitive patient data
11
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
11
This is all still very prescient. In addition, we should
anticipate the heat to really turn up when EU
regulators bring a major enforcement action
against a U.S.-based company.
12
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
12
»» Which cloud systems are you using and what California in 2020. Smart companies will work to meet the
information is flowing to them? most stringent laws now. Building in privacy by design
standards from the start will be much easier and cheaper
»» How good are your data security measures? Do your
than retrofitting programs down the road.
vendors meet the same standards?
We have talked a lot about GDPR in 2018 and will
Implement Data Governance Now, Even if GDPR continue to do so in 2019. But it should be understood
Jessica Wilburn, Data Privacy Officer & Senior Counsel, CIPP/US, CIPP/E
As Data Privacy Officer & Senior Counsel, Jessica leads data privacy for NAVEX Global,
advising on compliance across all aspects of global privacy law and regulations. She has been
with the organization for over four years, initially focusing on the negotiation of Software-as-
a-Service (SaaS) agreements and data transfer and processing agreements. Jessica spent the
majority of 2017 in our London office, working with individuals from around the globe on the
impact of global data privacy laws.
13
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
13
4. Groundbreaking Evidence on the ROI of
Compliance Program Hotline Reporting
15
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
15
These findings about internal reporting have significant Those are, fundamentally, the same thing: the collection
implications for high-growth companies. Many of them of practices, customs, and attitudes at an organization
have no established culture beyond moving fast and that affect how employees behave. We all understand
disrupting things. They also often have underdeveloped those concepts at a gut level, and certainly know a good
internal reporting policies and procedures, if they have or bad corporate culture when we see it. But how do
any at all. How can organizations that fluid and dynamic you quantify that culture to validate your progress at
apply the lessons of this research in a useful way? improving it?
16
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
16
5. Blurred Lines Between Protected
Activity & Corporate Governance
18
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
18
Key Steps for Organizations to Take All whistleblower complaints are
best managed when organizations
Err on the Side of Complaints
have multiple channels in place for
If something sounds like a whistleblower compliant,
and smells like a whistleblower complaint, there is a
employees to report problems.
good chance it is, even if the reporter sits in your HR, Accessible and well-communicated
compliance, risk or legal department. Organizations internal reporting mechanisms help
should apply additional sensitivity to employees who are
all employees feel comfortable
tasked with remediating problems in the company and
repeatedly complain that a specific issue is not being bringing up issues.
resolved. Furthermore, employers should consult counsel
before administering any adverse action against such an
individual as this can engender a claim of retaliation. are receiving a formal complaint that needs to
be documented and investigated.
Take Every Concern Seriously
Any concern that arises through an investigation should Prioritize Awareness
be taken seriously. This should be standard even when Effective policies are essential to ensuring that all
the protected activity of the reporter is ambiguous. employees understand what is expected of them as
Ensure every investigation follows preplanned protocols well as their reporting options. Having the right policies
and is well documented. When an unexpected complaint is just the first step. Organizations need effective
occurs, following standardized procedures is best for communication campaigns that make all employees
swift internal resolution and strong external defensibility. aware of the policies, as well as the organization’s
commitment to supporting a speak-up culture.
Offer Strong Reporting Mechanisms
The characteristics of whistleblowing and whistleblowers
All whistleblower complaints are best managed when
are ever-changing, but the importance of cultivating
organizations have multiple channels in place for
a strong culture of speaking up as well as listening up
employees to report problems. Accessible and well-
will remain constant. That is how we create resilient
communicated internal reporting mechanisms help all
workplace cultures that protect your people, reputation
employees feel comfortable bringing up issues. Incident
and bottom line.
reporting channels also let organizations know when they
19
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
19
2019 will have its ups and downs.
We’re here to help smooth out the ride.
Whether you need to maximize compliance efforts with automated solutions or ensure core values are
embedded throughout your organization, NAVEX Global will help you achieve the full ROI of an ethical
workplace with a platform of purpose-built technology.
Contact us at www.navexglobal.com/contact
6. Incentivizing Ethics: What Does the Future
Hold for Paying for Ethical Behavior?
21
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
21
Measure Value, not Tasks
As you consider if/how you will incentivize ethics, there is
a key question to answer: Which standard will you use to
assess ethics?
As Tom Fox noted, “the simplest way to incentivize a way that is consistent with the company’s values, it
employees is to create metrics that they readily creates a subset of tasks that “count” and devalues
understand and are achievable in the context of the other actions that don’t.
compliance program,” such as completing training. Other »» Performance targets of any type – including ethics
similar goals include code certifications, engagement targets – can create pressures to cut corners and
survey results and cooperation with specific compliance aggressively pursue goals.
office requirements.
22
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
22
bonus in the hopes that it will improve their work program or it can identify consistent behavior over
environment. These actions not only undermine the time. Non-monetary recognition can take a variety of
effectiveness of the survey but also artificially inflate forms, including:
the apparent ethics performance of the manager or
employee group. »» Featuring employees or teams on the company
website or newsletter
Key Steps for Organizations to Take »» Acknowledgement from the CEO or other leaders
Review Existing Corporate Incentive Plans »» A company donation to a charity of the employee’s
choosing in the employee’s name
Before creating new ethics-based incentive programs,
an immediate impact can be made by reviewing existing »» Perks such as time off or a preferred parking space
incentive plans. Ethics officers should make it a priority
to critically examine the role incentives are currently
playing in driving unethical conduct throughout their Understand the Power of Promotions
organization. This may include incentives tied to sales
Whether or not you consider building an ethics incentive
and revenue targets. For example, are they structured to
plan in 2019, remember that by far the most important
promote excessively risky and aggressive sales methods?
and effective ethics incentives are promotions. Decisions
Do managers exert excessive performance pressure?
about promotions truly drive the culture. Employees
take note of who gets promoted. If your organization
Consider Alternatives to Monetary Incentives promotes top performers who are known to act contrary
There are many ways to incentivize performance, and to the company’s values, or otherwise undermine ethics
they should be considered in addition to (or instead and compliance, that message trumps all others. And
of) monetary performance awards. Recognition can be on the flip side, if it is clear that ethics and values are
based on courageous or exceptional behavior that aligns a key component of who advances, that too sends a
with the goals of the company’s ethics and compliance clear message.
23
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
23
7. Third-Party Risk is NOT Just
About FCPA Anymore
By: Kristy Grant-Hart Specially Designated Nationals and Blocked Persons List,
but instead because the company’s former subsidiary
Prior to 2019, the rules for dealing with third parties were allegedly sent goods to a blocked Russian entity. What
simple: perform due diligence, implement sanctions contributed to this failure? Cobham Holdings’ third-party
screening software, use reputable cloud providers, and search software failed to raise red flags that would have
ensure that everybody stays out of politics. But in 2019 caught the compliance issue before it was a problem.
and beyond, the risk of third-party relationships is no
longer limited to the wrath of the Department of Justice Regulatory agencies such as OFAC are upping their game
and Serious Fraud Office. Reputational risk has gone up when it comes to catching violators. Companies have
exponentially with respect to third-party behavior. long relied on automatic sanctions screening software.
In most cases, they have to. Multinationals may have tens
Aggressive new sanctions actions by the Office of of thousands of third parties, especially if they cater to
Foreign Assets Control (OFAC) have raised the bar, and members of the public that need to be screened before
the fallout from data breaches post-European General services can be provided. But the Cobham Holdings’
Data Protection Regulation (GDPR) means that third prosecution is a reminder that software alone cannot
parties holding customer data have more power than be the answer. Consistent review of protocol designed
ever to topple the public’s trust in a company. and implemented by humans is required to reduce
risk and to provide a barrier to what is often a strict
Third-party risk has broadened in three substantial ways: liability offense.
25
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
25
Florida school. These days, companies are taking a Key Steps for an Organization to Take
public stance on controversial issues – and that creates
a whole new kind of reputational risk for the entities Implement a Sanction Screening Protocol that
working with them. Involves People
While your sanctions screening software is a critical
Publicly announced decisions that are made in response
safeguard tool, a system needs to be in place to further
to controversy will frequently create passionate,
review problematic or potentially problematic third
polarized responses. Statements of internal policy,
parties. Check the settings on your software. Is it set
such as companies announcing they will no longer
to allow you to review fuzzy matches? Do you have an
reimburse meat-based meal expenses, has created
escalation protocol that allows the compliance team to
media storms with unpredictable outcomes. Even our
review potential matches? Does the compliance team
blue-chip companies are not immune to the reputational
perform a regular spot check to ensure the software is
dismantling that results from catastrophic culture failures.
working as it should? Have you separated third parties
or customers from high-risk countries (those currently
When it comes to reputational risk from third parties,
under sanctions) for deeper-dive screening than those
not all relationships are created equal. For instance, if
in lower-risk countries?
a company uses a bank that incurs a billion-dollar fine,
the controversy at the bank will likely have no effect on
Review your protocol to ensure you’ve got a system in
the company whatsoever. However, if a company has a
place that works. A good system will utilize software
joint venture with a third party that makes an unpopular
and humans to ensure compliance.
proclamation or has a CEO scandal, the negative halo
effect can be extremely destructive.
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
26
Third-party risk must be managed. Check Your Contracts with Companies that Have
Personal Data
By expanding your viewpoint from
If you target or sell to Europeans, or if you have a
“bribery risk” to a holistic review of
European presence, you probably prepared for GDPR.
each third party, you’ll be able to Now is the time to make sure those third-party processor
protect your company in all of the contracts have the required terms from Article 28.
Perform a risk assessment to determine which of your key the company notifies you without delay if a data breach
suppliers, joint venture partners, and other high-profile occurs. Put in safeguards requiring minimum levels of
relationships are most exposed to reputational risk. For data security. Add in the requirement to delete or amend
business-critical third parties, try to find a back-up that data that is no longer active or accurate.
27
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
27
8. Moving from Speculative to Realistic
Conversations on Artificial Intelligence
By: David Banks Instead of planning for the entirety of the singularity,
reframing the conversation around AI can help
Many conferences, white papers and webinars in 2018 compliance professionals stay focused on the things
was dedicated to artificial intelligence (AI). Futurists, they can control.
technologists, and innovators on the bleeding edge
of technology have shared the seismic changes to the
workplace the compliance industry should expect.
Identify the Compliance Problems AI
The shift from linear growth to exponential growth Can Solve
and the elimination of administration has been on the
When considering AI solutions, we first must understand
tip of every tongue.
the key characteristics of AI and then match those with
existing programmatic problems. Displaced efficiencies
At first blush, it was exciting, it was educating. Now,
just create more work. This begins with understanding
however, the lack of clear steps for implementation has
the tasks AI and similar cognitive computing technologies
created a bit of anxiety, resulting in a state of analysis
like machine learning are really good at, including:
paralysis around AI adoption. We all know we need to
get up to speed, but we don’t want to run the risk of
»» Automating manual data entry
outpacing ourselves or missing the mark on true ROI.
»» Filtering for errors or patterns
To calm any unnecessary anxieties around AI, it is
important to understand that compliance professionals »» Continual monitoring of regularly updated lists
do not need to become AI experts. We are not
»» Predictive analytics
technologists, and we shouldn’t be. Compliance
professionals are experts on corporate culture, risk
These trailheads point us down the path to several key
mitigation, and change management. It is that expertise
considerations. First, regulatory changes are always in
that we need to apply to the adoption of AI solutions.
flux. AI that can keep us informed of real-time updates
is key here. Furthermore, many changes required
by regulatory updates often require a prescribed
modification to a strand of text, policy or training
When considering AI solutions, across the organization. Automating regulatory update
we first must understand the key notifications and the necessary actions in response is
characteristics of AI and then match administrative overhead AI could effectively streamline.
those with existing programmatic Similar to the moving target of regulatory compliance,
problems. Displaced efficiencies third-party risk requires continuous monitoring of third-
just create more work. party partners as well as sanctions screenings. The
ultimate strategy behind engaging new partners will
29
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
29
always be up to third-party risk management leaders, but
automated screening and due diligence can be effective
information catalysts for enhancing or revising strategies
as needed.
30
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
30
Key Steps for Organizations to Take Strive for Digital Harmony
New technology is rarely successful when bolted on
Create a Framework for Evaluating the ROI of to existing tech stacks. Instead, AI solutions should
Your Solution integrate fully into existing compliance and enterprise-
The price tags for AI solutions are at a premium. Before wide solutions. This creates ROI that extends further
making your purchase, you must be certain the cost than just the compliance department. You especially do
savings will ultimately outweigh the investment. Cost not want your new technology to create challenges or
is currently high because many artificial intelligence inefficiencies for other teams.
solutions need to be customized for each company. This
comes with pilot, implementation and improvement Make Sure “Garbage” Cannot Describe Any of
phrases, each requiring significant time and budget to Your Data
accomplish. To confirm you are purchasing the right
“Garbage in, garbage out,” is the pivotal phrase when
solution, and to have a clear roadmap for measuring
it comes to AI. For artificial intelligence to truly act
success, develop an evaluation framework. In the
intelligently and for machine learning to actually learn,
simplest of frameworks, AI solutions should check three
it needs the most accurate raw data. When implementing
boxes: it’s reliable; it’s real-time; and it creates a single
a new AI solution, do extensive due diligence on the
source of truth. Ask your potential vendors how they can
data being processed as well as monitor the results
deliver on these requirements.
to ensure inaccuracies are in no way driving your
business decisions.
31
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
31
9. #MeToo: From Hashtag to
Movement to New Normal
Employers who are serious about addressing harassment What lessons should we learn from the reactions of our
in 2019 will need to dig deep, and work on two employees? Our workplace cultures need more care
fundamental flaws that exist in current harassment and attention. Fear (of retribution, retaliation, damage
prevention programs: lack of understanding and to career, etc.) still drive behavior and silence victims.
empathy, and a lack of transparency. These two issues Employers need to build emotional and interpersonal
form the foundation of trust in employer efforts, and human intelligence, and find ways to cultivate empathy
recent events have made clear that the foundation is to combat these fears. Absent action in 2019, fear will
shaky at best. continue to fuel culture damaging behaviors.
33
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
33
Transparency Is Necessary to Restore With social media, digital technology, and empowered
citizen reporting, transparency is no longer a choice, it’s
Trust in a Broken System
a necessity when managing a corporate culture. Today’s
In 2018, employees sent their employers a clear message employers have two options in a social media savvy
– that trust is broken. According to the 2018 Edelman world: Be part of the solution, or be part of the story.
Trust Barometer, trust in business to do the right thing When companies choose not to take the lead, the
took a major hit. Recent events have demonstrated to us public is now equipped to compel transparency.
that employees don’t believe that their employers will
respond properly if they bring a complaint, or that they
Key Steps for Organizations to Take
will be treated fairly if there is a complaint made against
them. This is likely the sentiment even if your organization
Be Prepared to Act, but not Overreact
is doing everything right because your process has, until
now, been shrouded in secrecy. Don’t let the demand for action result in kneejerk
reactions. Organizations must be prepared to react,
Compliant handling and remedial measures are under investigate, and respond properly, in ways that are
increased scrutiny. It used to be that an internal fair and just. Firing someone is not always the right
investigation was generally just that – an isolated answer, and when it is, it should be after a conclusive
investigation of a report that involved a small handful investigation. Don’t create a situation where you need to
of people, and a victim who had no idea what other backtrack because you made a hasty or unfair decision.
employees had complained about or experienced. Show those who complain and those who are accused
There was very little transparency or even expectation that the process is fair and trustworthy.
of transparency – victims were expected to trust their
employer to do what is right. NDAs previously ensured Check Your Bias at the Door
that victims did not speak about their experiences.
Ensure that your process for vetting complaints is fair
Recent events have surfaced a general public conclusion
and thorough and treats victims and those accused
that more harm than benefit has been done by the
with respect and dignity. Ask yourself if you or your
current, trust-based system. Employers have abused
investigators have a bias against victims or perpetrators
employee trust by not holding powerful perpetrators
that influences how you investigate claims. Train your
accountable for their actions and distrusting those who
investigators and managers to recognize any conscious
spoke up. Employers (who collectively did not respond
and unconscious biases they may have, and how to
adequately to the need for a change in approach) now
ensure these biases do not influence the incident
find themselves facing new legislation prohibiting the
management process.
use of NDAs at the state level and a constant stream of
very public scrutiny and coverage of their process for
Reinforce Your Culture Even if It Requires
addressing harassment allegations.
Tough Decisions
The Edelman Trust Barometer also indicates that “Respect” as a value alone does not mean anything,
employees are looking to their own organizations, and unless employees at all levels are held to a high standard
in particular their CEOs, to rebuild trust. And greater of behavior. This can require very tough decisions about
transparency will be critical. In 2019, it will be important to good employees who are nonetheless disrespectful
find the right balance between total confidentiality (often to others. It may even require terminating employees
a legal recommendation) and the need for transparency who do great things for your business, but just don’t
to build trust in your organization, your leaders, and your understand how to treat others with respect.
internal processes. Standing behind your words is what helps build a
culture of respect.
34
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
34
Embed the Sentiment of Your Policies through Be More Transparent
Effective Training Consider ways that your organization can share
Updating policies and procedures with language that information about your process, your efforts, and the
accurately and appropriately elevates expectations actions you have taken to address harassment. The
for employees in regard to sexual harassment is key. information you share may be a quarterly summary and
But to truly embed these values into the organization, an annual report – but at a minimum what you decide
employees, managers and leadership all need to be to share must communicate to your employees that you
properly trained. This requires anti-sexual harassment are actually taking action, and that you stand behind
training that resonates with employees, and clearly your commitment. Find that balance between too
identifies right, wrong and the gray areas in between. much detail and enough to help rebuild trust in your
values and leaders.
35
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
35
36
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
36
10. Old Compliance Lessons Apply
to New Compliance Trends
37
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
37
but local teams were responsible for creating training all about shaping human behavior – encouraging good
and awareness that would work best for them. Ideas were choices while keeping bad behavior in check. Behavioral
then shared corporate-wide and each year the initiatives economists, psychologists, sociologists and philosophers
becme more effective and increasingly creative. have researched and published extensively on this very
topic, and yet for years, their findings have rarely been
The Friedken Group’s approach worked because it tapped by us to improve our programs.
recognized the critical importance of tailoring content
and format to align with diverse subcultures within The earliest business ethics conferences organized by
any organization – what works in R&D may fall flat in W. Michael Hoffman at Bentley University successfully
Accounting. The approach also recognized that insights connected academics with executives, and the
and talent were not confined to the corporate staff. interaction was a major source of insight and innovation.
And, perhaps most importantly, by encouraging local Fortunately, this broad and deep approach to business
initiatives, training and awareness were far more effective ethics is now making a comeback. The Ethics and
because each local group had a stake in its development. Compliance Institute (ECI) and The Society for Ethics and
Compliance (SCCE) have recently addressed this topic
Back in the 1990s, enabling and coordinating diverse at its conferences, and the SCCE’s Adam Turteltaub has
initiatives was a daunting task. But today, the logistical often spoken on the importance of studying and applying
difficulties can be largely eliminated by using instant the work of researchers and behavioral economists
messaging and networking tools like Slack, Kapost, and including Daniel Kahneman, Dan Ariely, Max Bazerman
Trello that make it easy for employee teams to work and Ann Tenbrunsel.
together and share ideas.
The key steps to take in response to any trend in any
year should begin with a realignment with fundamental
The Fundamentals Never Go out of Style
compliance concepts. We should always remember that
Keeping up with the complexity of today’s ethics we operate in an exciting industry, doing important work;
and compliance programs and the daily demands for the work we do needs to resonate with real people; and
documentation and metrics can be all consuming for there is rarely a one-size-fits-all solution to anything.
ethics and compliance officers. But beyond checking
the boxes, it’s important to remember that when all is With those guide posts, the work we do will continue to
said and done, business ethics and compliance are really be rewarding for ourselves as well as for the organizations
and people we are charged with protecting.
38
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
38
About this Resource
The issues, concerns and opportunities found in NAVEX Global’s annual Top 10 Ethics & Compliance Trends are
generated by thought leaders who work in, report on, and develop solutions for the compliance industry. The eBook
was compiled by the editors and contributors of NAVEX Global’s blog, Ethics & Compliance Matters™, and each article
was authored by a current contributor to the blog. You can keep up with the evolution of these trends and others
throughout the year when you subscribe to the Ethics & Compliance Matters Blog.
39
Top 10 Ethics & Compliance Trends for 2019 | +1 866 297 0224 | info@navexglobal.com | www.navexglobal.com
39
NAVEX Global provides a comprehensive suite of ethics and
compliance software, content and services that help organizations
protect their people, reputation and bottom line. Trusted by
more than 13,000 customers, our solutions are informed by the
largest ethics and compliance community in the world. For more
information, visit www.navexglobal.com.
Americas EMEA + APAC
5500 Meadows Road, Suite 4th Floor, Vantage London
500 Lake Oswego, OR 97035 Great West Road
United States of America Brentford, TW8 9AG
info@navexglobal.com United Kingdom
www.navexglobal.com info@navexglobal.com
+1 (866) 297 0224 www.navexglobal.com/uk
+44 (0) 20 8939 1650