The mission of every ethics and compliance (E&C) program is to help build a culture of compliance where leaders advocate company values and employees are supported and encouraged to do the right thing.

To foster a working environment where employees feel safe to Speak Up and where you can minimize risk and protect the brand’s reputation, it’s necessary to continuously assess and improve your E&C initiatives. If you don’t know where to start or are looking for some useful next steps to invigorate your E&C programs, this blog post is for you.

The Who, What, How, and Where of an Effective E&C Program

The U.S. Federal Sentencing Guidelines for Organizations (FSGO) provide a framework for an effective E&C program, and company programs built upon this framework share some key foundational principles. First, they address the ‘who’ and ‘where’ by reaching all employees regardless of who they are and where they are located. How employees connect with one another is also a consideration, especially in the post-pandemic workplace and given the multi-generational, multi-abled, and global nature of the modern workforce.

Effective programs also address the ‘with whom’. For example, having a kinship and shared commitment to E&C with other departments like HR and Communications can help to focus ideas and combine efforts into shaping culture. 

Health and safety matters are a big part of the ‘what’ of effective E&C programs, including making the commitment to and building the competencies for a robust speak-up, listen-up culture. As U.S. Assistant Attorney General, Kenneth Polite said: “We want to see examples of compliance success stories; disciplining poor behavior, rewarding positive behavior, and see partnerships developing between compliance officers and the wider business.”

An effective program also goes beyond employees and considers Leadership teams and Board members, third parties, investors, and the larger community in terms of rollout, education and training, communication, and more.

Another foundational principle of good E&C programs is the ‘how’. It’s important for E&C professionals to have a finger on the pulse of the state of compliance, the company’s risks, and to what extent employees trust the culture. Tools and technology can be used to help test corporate culture and provide data-driven insights that can be used to improve programs.

Fresh Ideas for the E&C Program                

E&C professionals are being challenged to harness their star power and bring new ideas to the table. According to the authors of Rethink compliance training, Part 2: The Entrepreneur Mindset, compliance, risk, and ethical leadership require creativity, ingenuity, passion, and optimism to continually innovate something new and exciting despite a shortage of time, money, and other resources. A recent Harvard Business Review article highlighted that the leaders who do magic with their teams are not only clear on their purpose, they are driven by values and are authentic.

Tone from the Top and the Middle

E&C leaders should be an authoritative voice when it comes to speaking to Leadership teams and the Board, providing them with effective training and insights that send a strong message about the connection between ethical culture and business success. 

Leaders should be encouraged to share stories of ethical dilemmas and decision-making at every opportunity, as they set the tone for the whole company. Managers, meanwhile, shape the everyday environment in which employees work and make decisions. Managers in the riskiest areas can be particularly instrumental by being close to the issues and communicating directly with employees.

The most effective way for employees to learn and understand the values and expectations is by hearing leaders, managers, and supervisors regularly talk about them in relevant and relatable terms and to see the values and expectations actually operate in practice.

The Code of Conduct 

Policies can help to instruct people on how to perform and positively influence a company’s culture, insulating it from risks. As the centerpiece of the E&C program, the Code of Conduct should be easily accessible, e.g. prominently placed on the company’s intranet, and available in all of the languages spoken by employees.

By digitizing this important legal document and making it easily accessible, you can transform it into a valuable employee resource to refer to at any time. By tracking click rates and other metrics, you can also gain insight into how, why, and when employees leverage the Code.

E&C Communications and Training

The E&C team should have a strong communication plan in place with regular touchpoints on E&C-related topics, such as the rollout of policies and training, current or emerging risks, E&C-related events, and very importantly, how to report concerns. Given the crucial role of managers, they should be equipped with communication toolkits and other resources to boost their communication channels with employees and help spread E&C messages.

Compliance training is a great way to raise awareness of key risk areas and impart important information that employees need to do their jobs and protect the company’s brand and reputation. Developing content with a creative mindset is important, as is leveraging the data derived from the training experience to identify where employees are struggling or how the training could be improved.

Risk and Culture Assessments

Proactive assessments throughout the year are essential to keep ahead of rapid change and emerging risks. By aggregating data from across the company with the help of technology and conducting root cause analyses, you can identify early warning signals of evolving threats and opportunities.

To assess culture, E&C teams typically utilize self-assessment tools like engagement surveys. These can be supplemented with objective assessments, as described in a recent FCPA Blog. The bottom-up approach assesses what employees are doing (i.e. expense reporting, attendance tracking, and conflict disclosure) versus what leaders think they are doing. The top-down approach looks at how HR decisions such as performance reviews, promotions, and compensation are made. Both activities in combination can help identify cultural red flags.

Conducting Internal Investigations

As part of fostering a speak-up, listen-up culture, the E&C team should clarify the investigations process so employees know how to report their concerns, document training plans for both investigators and employees so they understand, respect, and trust the process, and explain the disciplinary process so they understand the potential consequences of misconduct.

The E&C program can be instrumental in implementing a modern, AI-capable employee reporting trust platform that addresses employee concerns, including fear of being first to report, fear of inaction once reported, and fear of retaliation.

Rewards and Recognition

Many businesses also need to consider how they celebrate leaders, managers, and employees who do the right thing. By introducing programs to help the Leadership team publicly recognize the positive actions of employees, for example, you can easily send the message that the ‘how’ in employee conduct is as important as the ‘what’.

The workplace is not what it was two years ago, and E&C professionals and their programs must keep up with the changing times. By leveraging the foundational elements from the Federal Sentencing Guidelines, the Who, What & Where of E&C, and embracing innovations in E&C programs and solutions presented by the experts in technology, data science, behavioral science, health and wellness, and sustainability, E&C professionals can stay ahead of the curve and help to grow a culture of trust. 

Keen to build a world-class E&C program? Book a demo to discover how Vault can be the most important asset in your toolbelt.


Frequently Asked Questions

How can an organization create a speak-up culture?

To foster a working environment where employees feel safe to Speak Up and where you can minimize risk and protect the brand’s reputation, it’s necessary to continuously assess and improve your E&C initiatives.

What does E&C stand for?

E&C stands for ethics and compliance, and relates to policies, programs, training and activities that strengthen company culture and encourage employees and the business to do the right thing.

How do businesses measure culture?

To assess culture, businesses typically utilize self-assessment tools like engagement surveys to assess what employees are doing versus what leaders think they are doing, and also assess how performance is reviewed to identify any cultural red flags.

What does an effective E&C program look like?

An effective E&C program reaches all employees regardless of who they are and where they are located, commits to building the competencies for a robust speak-up, listen-up culture, goes beyond employees and considers Leadership teams and Board members, third parties, investors, and the larger community, and more.