What’s the Difference Between Compliance and Ethics?
Some might see it as an irrelevant exercise to dig into the nuances separating compliance and ethics, but there are differences. And it’s important to understand them, as a solid ethical compliance program can be highly advantageous to your organization.
What is compliance?
When it comes to corporate governance, compliance is defined as obeying the law. It is something that the government requires you to do, but often the laws can be confusing. An article in ethikos, the journal of business practice ethics, beautifully presents an example of this challenge:
“There will never be enough corporate resources to ensure each employee is following every law all of the time. What’s more: Not all laws have clearly delineated rules that can be followed easily. Under the Foreign Corrupt Practices Act (FCPA), for example, bribing a foreign official is a crime, but the FCPA does not provide a specific dollar amount for gifts and gratuities to foreign officials.”
In this case, your compliance organization would need to oversee and manage the employees’ opportunity to commit bribery. While it may not be illegal to provide some ‘generous gifts’, it would fall to your compliance organization to prevent misconduct.
What is ethics?
Ethics is doing what’s right – not just because of the wording of the government or law. Ethics is something you individually choose to consider before you take action; it’s the expressed intention to observe the law. A lack of ethics amongst employees and stakeholders can be disastrous to any organization.
Ethical compliance: What should it look like?
The trick to having effective compliance and ethics programs is balance. Your programs should be understood and supported by a strong leadership team. If your compliance rules, policies and processes are too complex, unwieldy or overbearing, guess what will happen? Your employees will stop following the rules and/or question which ones are worth adhering to. Next thing you know, they’re operating outside of your compliance controls.
Public companies and their C-suite team and board members could be held personally responsible for certain aspects of compliance and ethics. For best results, organizations should consider taking a value-based approach to ethical compliance. The executive team should thoroughly understand the culture and compliance controls that exist at any and all levels of their company.
You should try to position your ethical compliance programs as a part of the company culture – if it feels like the responsibility of every individual and a respected part of your organization, employees are far more likely to adhere to the rules. These policies should be applied fairly to all stakeholders, including the board members and senior executives.
The benefits of ethical compliance
It can be detrimental for your employees to ignore your ethical compliance programs; there may be personal penalties, from financial retribution to jail time. On the other hand, it can be hugely beneficial to implement strong compliance and ethics initiatives.
Some of the major advantages may include:
- Improvements to your brand equity
- Higher shareholder returns
- Increased customer loyalty
- Better brand reputation
- Happier customers – increased customer loyalty
- A more effective internal control environment
As you develop your program, it may be helpful to ask – can you have one without the other? The answer is yes.
Compliance without strong ethics
As outlined in an interview with Michael McMillan, director of ethics and professional standards at the CFA Institute by the Wall Street Journal, your organization can have a good compliance program without basing it on strong ethical values.
You can have the right rules and regulations in place to ensure your employees aren’t breaking the law – but just because they follow these policies doesn’t mean that they’re acting in the best interests of your customers.
Having a strong compliance program alone can still permit an unethical environment to exist.
Benefits of strong ethics
Ethics has to be a proactive process. If you invest as much time, effort and money into ethics training as you do compliance training, stakeholders throughout your company may choose to do what’s right naturally, which in turn means you will have stronger compliance throughout your organization.
Having a strong ethical culture means the need for compliance initiatives is automatically diminished. Your company values are already promoting doing the right thing, and this means your employees are acting with the best interests of your customers at heart.
Creating your ethical compliance program
As we mentioned earlier, company culture plays a huge role in how effective your ethical compliance program is. If your employees are afraid to raise issues with leadership, or hesitant to challenge management, your compliance program will be wasted.
A cultural assessment of your organization can help you determine where you stand currently and if you’re ready to build and implement a good ethical compliance initiative. Deloitte has some questions you can use to examine if you have the right company culture for an effective ethics and compliance program:
- Does your company culture encourage ethical behavior at all levels?
- Can all of your employees describe the company’s code of ethics?
- Do your employees understand the tone set by senior management?
- Do all of your employees feel free to ask questions and express concerns?
- Do your employees believe that the mechanisms are in place to allow them to voice opinions without fear of retribution?
The results from this assessment become the benchmarks that lay the foundation for an ethics and compliance program, as well as an effective control environment.
What does an effective ethics and compliance program look like?
There are a few key markers you can look for to evaluate if you have an effective ethical compliance program:
- A company culture that encourages ethics and compliance with the law.
- Clear responsibility on the part of senior management.
- Active and ongoing oversight by the board of directors.
- Day-to-day oversight by a high-level individual who has sufficient resources and authority. This could be, for instance, the Chief Ethics and Compliance Officer of your organization.
- Effective communication of standards and policies throughout the company.
- Periodic training for all stakeholders, including the board, management, and employees.
- Reasonable steps taken to achieve compliance and consultation, such as monitoring and reporting systems, or helplines.
- Incentives for compliance with the policies in place, appropriate response actions when offenses are detected, and consistent enforcement of disciplinary action towards all stakeholders.