Best practices (B.P.) guide

Constance E. Bagley, Bruno Cova, and Lee D. Augsburger
DECEMBER 21, 2017

One defining feature of 2017 has been seeing corporate directors and officers being held personally responsible for illegal behavior at their companies. For example, after Wells Fargo Bank paid more than $300 million in penalties for creating over 3 million sham customer accounts, Judge Jon Tigar of the U.S. District Court in San Francisco refused to dismiss claims against the fifteen members of the Wells Fargo board. And Oliver Schmidt, the highest ranking Volkswagen officer residing in the United States, was sentenced to seven years in prison and ordered to pay $400,000 for his role in the VW diesel emissions scandal.
As the ultimate guardians of the firm’s financial, human, and reputational capital, corporate boards need to set their bar higher, and replace reactive approaches to misbehavior with a proactive approach to winning with integrity. Instead of assuming everything is fine unless they hear otherwise, directors need to be more probing.
Based on decades of experience working with companies in multiple industries and studying hundreds of compliance failures, we’ve developed a comprehensive ten-step program to help boards reduce the risks of illegal behavior, reinforce ethical conduct as a core value, and enhance the company’s reputation—in the eyes of regulators and stakeholders—as a good corporate citizen.


Create an ethics committee of the board. Strategic compliance starts with the tone at the top. To avoid a diffusion of responsibility, the board of directors should designate a committee of nonexecutive directors with responsibility for the firm’s culture of integrity and for creating a robust program of controls and processes to promote ethical conduct and compliance. This could be the audit committee, an ethics and compliance committee, or an ad-hoc committee to address evolving risks and challenges.


Its charter should include appointment, with feedback from the other directors, of the chief ethics and compliance officer (CECO); and the committee should approve the company’s code of conduct, as well as revise it to meet changing conditions in the marketplace.


The committee should be charged with working with the top management team (including the CECO) and the other board members to ensure that the company’s approach to product quality, worker safety, environmental stewardship, sustainability, compliance, and corporate social responsibility is an integral part of its overall business strategy.


Committee members should be specially trained in measuring an ethical culture and have the demonstrated ability and moral courage to take responsibility for mistakes and to call out suspicious behavior.


Appoint a high-ranking chief ethics and compliance officer (CECO) to take day-to-day operational responsibility for the company’s global ethics and compliance program. The CECO should have knowledge of applicable law, ethical theory, and the science of unethical behavior—and should also possess active listening skills and demonstrated good judgment. This individual should report to the board’s ethics and compliance committee—and should feel secure reporting on the integrity program’s effectiveness without fear of retaliation.


The board committee with responsibility for ethics and compliance should meet with the CECO at least quarterly, oversee the evaluation of his or her performance, and set the officer’s compensation and other terms and conditions of employment, including possible termination (with input from the day-to-day supervisors such as the CEO or General Counsel). The CECO should meet with the full board at least once a year.


The CECO should chair a cross-functional, multi-disciplinary team of managers that reviews the company’s policies and procedures on a regular basis so they remain evergreen. The CECO should have authority over all the local compliance officers just as all in-house lawyers should report to the general counsel. The CECO should also have direct access to companywide information on disciplinary actions, so they can see where there are outliers or clusters of untoward behavior.


Establish and post online ethical and compliance standards and procedures to prevent, detect, and remedy illegal or unethical conduct. Well-crafted and company-specific mission statements and codes of conduct are critical to educating directors, officers, and employees about the company’s core values, standards, and procedures. The code of conduct should be simple, easy for employees to understand, refer to values that will resonate with employees, and contain straightforward, relatable, and authentic examples. (Good models include GE’s “The Spirit and the Letter” and Johnson & Johnson’s “Our Credo.”) The code needs to be continuously and creatively reiterated so that it becomes part of the fabric of the company. As seen with Enron’s exemplary policy statements, the only thing worse than having no code is having one the leadership ignores.


Promote quality and safety with clear escalation policies. Ensuring product quality and workplace safety starts on the production floor and is defined by the leadership’s response to the problems brought to their attention. The board should make sure the firm has an escalation policy with clear guidance on what types of issues can be handled at the local plant level and which matters should be immediately surfaced to others higher in the organization.


Develop measurable integrity performance indicators, reward good behavior, and do not create misaligned incentives. Integrity performance indicators include customer and employee complaints; comments on help lines and during exit interviews; days without a workplace accident or environmental spill; absenteeism, including sick days; accuracy of expense reports; stolen company property or misuse of company assets; and lying, even on seemingly immaterial matters.


It is important to establish and enforce best practices and to benchmark the company’s program and results against those of relevant comparators.


Conversely, threatening to fire employees who did not meet unrealistic selling goals or rewarding managers for deceiving customers into buying unsafe or unsuitable products makes it clear that the codes and espoused values are just meaningless words.


Use due care in hiring C-suite executives. Directors should ensure that the officers they appoint to run the business are honorable and of high moral character. Four key character traits correlated with successful business leaders are integrity, responsibility, forgiveness, and compassion.


Because the best predictor of future behavior is past behavior, it is critical to talk with individuals who have worked with the candidate and perform thorough background, criminal history, and conflicts-of-interest checks. Executive search firms can also often obtain candid assessments from members of their networks.


Mandate interactive training to communicate the ethical and compliance standards to all employees and members of the board. Topics should include firm values, how the firm makes money, a discussion of the laws applicable to the business, and the science behind unethical behavior.


A well-designed training program will be varied, using video, gaming, and traditional face-to-face communication as well as on-line tools and a touch of humor. The CECO should be responsible for overseeing the training with the assistance of adult learning specialists and subject matter experts. Sometimes multiple sessions in a single week in three-minute spurts can be more effective that longer, less frequent programs.


Make sure employees aren’t retaliated against for speaking up. Whistleblowers are the “canaries in the mineshaft.” The board should ensure that the company has a well-publicized reporting system, so employees can report (anonymously or confidentially if they choose) ethical and compliance concerns.


Apply the rules evenly across entire organization. When misconduct is detected, the board must ensure that the company takes appropriate steps to respond—regardless of the offender’s rank, sales record, or economic performance.


The board needs to ensure that the company has contingency plans in place, including when to contact internal and external players, such as PR and social media experts and government relations personnel. After an offense has been detected, the board must take all reasonable steps to stop the misconduct and to prevent further offenses—including making any necessary modifications to its compliance and ethics program. As Mary Barra, CEO of GM, put it after GM agreed to pay $900 million in penalties arising out of its defective ignition switches: Apologies don’t amount to much if you don’t change your behavior.

Constance E. Bagley is a Senior Research Fellow at Yale School of Management and the CEO of the Bagley Strategic Consulting Group LLC. She has held previous positions of Professor in the Practice of Law and Management at Yale School of Management, Associate Professor of Business Administration at Harvard Business School, Senior Lecturer in Law and Management at Stanford Graduate School of Business, and partner at Bingham McCutchen LLP.

Bruno Cova chairs the Milan office of international law firm Paul Hastings. Prior to joining Paul Hastings he served as General Counsel of Eni E&P, Chief Compliance Officer of the EBRD, Group General Counsel at Fiat, and chief legal advisor to the administrator appointed by the Italian government to investigate the financial fraud at Parmalat and restructure the company. He is co-chair of the Anti-Corruption Committee of the International Bar Association and a member of the troika of specialists advising the Corporate Governance Committee of Borsa Italiana.

Lee D. Augsburger is Sr. Vice President, Chief Ethics & Compliance Officer for Prudential Financial, Inc. He has previously served as legal counsel both as in-house and outside counsel to leading financial services firms, in addition to having served as Board Chair of industry organizations such as the National Society of Compliance Professionals, the Ethics & Compliance Officer Association and the Ethics & Compliance Initiative.