by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Autumn 2012
31 one oF The challenges Facing compliance programs is that they are focused on legal and regulator y issues alone w ithout considering the broader ethical and integrity framework essential for ef fective complia nce. company officers say “We are fine because we are obeying the law.” The fact is that legal and regulatory compliance is not necessarily ethical compliance. companies that focus on the letter of the law and ignore the spirit of good behaviour do not have an effective compliance regime. people in the company look at this type of behaviour and the company’s response (eg “it is ok to cheat as long as you don’t get caught”) and either do it themselves or take the first chance to leave. When you are caught, the public will look at your company as ‘dodgy’ and may not deal with you. if management supports the idea that because someone is successful they are permitted to behave badly, you must do some thing. as the complia nce of ficer you have sever a l options. You should try to clearly define the problem, identify key stakeholders and influencers, identify the values of the busi ne ss, eva luate alter n ative behaviour s and how these might be achieved, and take action. You need to understand why management permits the conduct to continue. it is important that, despite the management view, the behaviour is reported and described as unethical or simply bad behaviour. There must be the capability for both active and passive repor ting systems. it is helpful to try to show the impact that similar conduct has had on other companies. But there is a good cha nce that these pe ople probably don’t ca re. The last part of the process is to ensure that there is training that shows that this conduct is high risk and establish accountability processes based on ethical and integrity standards, not just compliance with obligations and the law. if you try some or all of these things and still fail then my normal recommendation to compliance and risk staff is to leave. The ethical dilemma is whether you become the whistleblower to the reg ulator. institutionalised corruption and malfeasance of this type is really hard to change. in my experience, many major companies that have confronted this issue have had a senior executive or board member who will cha mpion complia nce a nd say this i s unacceptable. But if not – walk away. ••• neill BUck compliance, risk governance, strategy and integrity consultant
GRC Summer 2012
GRC Winter 2012