In The Matrix films, characters face a choice. Take a blue pill and continue living a comfortable fantasy, or take a red pill and face reality. In the matrix of Ethics & Compliance, which pill does a code of conduct represent?
Where Codes Of Conduct Go Wrong
Codes of conduct constitute more than ethics and compliance best practices.
A Code of Conduct As A Lifeline
In evaluating corporate ethics and compliance programs, the U.S. Department of Justice Criminal Division makes examination of a company’s code of conduct a “threshold matter.” Does the code express the company’s commitment to full compliance with relevant Federal laws? Is the code accessible and applicable to all company employees?
From these questions spring other areas for investigation. For example, does the company run a hotline allowing anonymous or confidential reporting of alleged breaches of the code of conduct?
The Feds mean business. And companies’ existences hang in the balance. So do executives’ careers and personal freedom. Codes of conduct therefore represent a lifeline, which companies must deploy and cling to.
For example, as a prior column noted, Boeing received a relative slap on the wrist even after misleading regulators about the safety of the 737 Max.
Design flaws had resulted in two crashes and several hundred deaths. Investigators concluded that Boeing’s code and compliance programs had been generally sound and that company had cooperated with the investigations and taken remedial action. As a result, prosecutors imposed a modest fine on Boeing and trained their guns on two mid-level Boeing employees.
Your Papers, Please
The DOJ’s Guidance decries “paper programs.” At the same time, the Guidance demands that companies generate vast amounts of paper (electronic or tangible) so the DOJ can evaluate program design, resourcing, and efficacy.
This regulatory schizophrenia leads, among other things, to longer and more complicated codes of conduct, as Compliance and HR seek to cover all bases.
Typically, after pledging allegiance to the highest ethical standards and a culture of compliance, codes of conduct trudge across the entire regulatory landscape affecting company operations (e.g., environmental, workplace safety, anti-discrimination, anti-trust, data privacy). The codes also provide essential contact information.
Getting Strangled By The Lifeline
Ever-expanding codes of conduct risk entangling and strangling the companies that issue them.
First, code-of-conduct provisions can constitute statements made to commercial and capital markets. Making promises in your code of conduct that you don’t keep might lead to charges of unfair or deceptive trade practices (Federal Trade Commission) and/or material misstatements (Securities & Exchange Commission). Codes should therefore read like disclosure documents, not manifestos.
The second risk concerns accessibility. Yes, employees can access the code of conduct via the company website. In investigators’ eyes, that might constitute legal accessibility.
But the code of conduct must be more than a legal document: it must drive behavior. At some point a code of conduct becomes so long, complex, and wide-ranging that it loses practical accessibility. Company personnel charged with following the code won’t read it or can’t understand it.
At this point, the code of conduct becomes the blue pill. Compliance personnel think they have a legally and practically effective document. But they don’t. So, when the federal-agent’s knock on the door comes, it comes as a shock.
The Red Pill: Coding Conduct
Facing reality means coding ethics and compliance into structures, processes, and organizational culture. These interface with case-management systems to ensure orderly investigation, resolution, reporting, data-driven lessons learned, and continuous improvement. Here, a code of conduct might represent an end-state snapshot for legal and compliance functions. But, codes of conduct cannot carry the load as a roadmap or reference source driving day-to-day behavior.
“Loss of aim turns codes of conduct into marketing or CYA documents,” according to Nick Gallo, Co-CEO of Ethico, a provider of ethics & compliance software and services. “Compliance tools should enable generally over-burdened Compliance and HR professionals to crowdsource risk management at scale — while reinforcing the right behaviors across the workforce”
A company’s business-expense-and-reimbursement rules, for example, might run hundreds of pages. Like modern-day tax-filing software, the rules should be baked into the back end of a software application. A simple user interface ensures adherence, provides clarification in bite-sized pieces when required or requested, and automates workflows, including exception handling. The back end also contains customizable anomaly-spotting algorithms that red flag suspect behavior for investigation.
Codes and Coding
U.S. five-star general Dwight Eisenhower observed, “Plans are worthless, but planning is everything.”
A similar relation exists between codes and coding. In modern businesses, the aims of a code of conduct must find expression — and realization — through their coding into digitalized business operations.