ey-young-woman-working-business-assignment

Business conduct and ethics: Protecting your organisation

In today’s world, trust is highly valued. Scrutiny of business’ conduct and ethical behaviour has never been more prevalent.

The Kingman Review specifically references business conduct as an area that needs improving and the Brydon Review goes further, recommending strengthened director and auditor accountability for fraud prevention. 

It is not just regulators and public policy makers who are demanding higher standards of business conduct and ethics – employees, customers, activists and investors are increasingly exposing companies who don’t measure up.

The COVID-19 epidemic has further increased the need for companies to demonstrate they have a robust business and ethics framework in place to deal with the heightened risks emerging from this unprecedented situation.

Companies that do not adhere to the higher standards being set by regulators, risk losing the trust and confidence of not only investors but also other stakeholders including wider society.

What does this mean for you?

The consequences of poor business ethics and conduct can be significant, from financial penalties, reputational damage, and falling share prices to personal impact on board members and the senior executive team. 

Regulators, investors and activists are using increasingly sophisticated methods to detect misconduct and hold businesses to account.

Risks will occur across every aspect of your business – from how you interact with your customers, employees and supply chain to the way you manage data and impact the environment.  Having an effective and robust framework to identify and mitigate these risks is essential.

The first stage is to make sure you have a holistic view of your conduct and risk universe which may include, for example:

  • Financial – accounting change, financial reporting, capital adequacy, tax transparency & compliance and anti-tax evasion.
  • Operational – third party risk, cyber security, physical security, supply chain transparency and responsible sourcing.
  • Legal – ethical breaches, fraud, bribery & corruption, economic crime.
  • Environmental and social – conflict materials, environmental impact, health/safety & wellbeing, modern slavery, employment law, diversity and inclusion reporting.
  • Regulatory – Brexit, sanctions & export controls, anti-money laundering, anti-trust, consumer protection, data privacy and intellectual property.
  • Sector-specific – automotive emissions, financial services, financial crime, product safety, food safety, healthcare professional sales and medicines control.

Approaching these in a fragmented way, is likely to expose companies to either duplicating effort in managing their risks or creating gaps, reducing oversight of their risk universe. Instead, companies should seek to build an effective and integrated framework. 

In doing so, business leaders will need to ask themselves the following questions:

  • Who ‘owns’ conduct risk in our organisation?
  • When did we last complete a conduct risk assessment?
  • Are we comfortable that we are engaging with reputable third parties?
  • Are we asking the right questions of our data to highlight and monitor conduct risk?
  • Does our board have regular oversight and independent assurance that the organisation is compliant with relevant laws and regulations?
  • Are we comfortable that our whistleblowing policies and procedures are effective?
  • Do we talk about culture as often as we talk about profit and business performance?

Having built a framework, it is vital to regularly test its effectiveness. For example, are you making the most of data and technology to understand and proactively manage your risks? And, with incident reporting rates increasing by more than 50% from 2016 to 2018 according to Expolink’s Whistleblowing Benchmarking Report 2019, do you have policies in place for employees to report their concerns internally so that they can be addressed before escalating?

The risk landscape is constantly evolving, even more so now with the disruption caused by COVID-19, therefore it’s important that your framework is dynamic to adapt to the rapidly changing environment. 

Using our business conduct and ethics diagnostic, you can evaluate the maturity of your existing framework compared to the latest regulation and leading practices. Where gaps are identified, we can help you design and implement a remediation programme, covering: 

PREVENT

  • Policy assessment and drafting 
  • Controls assessment and development
  • Conduct risk assessments 
  • Developing and delivering training

DETECT

  • Risk-based conduct monitoring and controls testing 
  • Developing and embedding data analytics monitoring

RESPOND

  • Investigating issues & whistle-blower allegations
  • Reporting and KPI development 
  • Remediation of process and control weaknesses

Summary

Organisations are under pressure – not only to behave ethically but to be able to demonstrate it. To successfully navigate the crisis in trust affecting today’s businesses EY can help you build, evaluate and improve your business conduct and ethics framework so that it meets the expectations of your stakeholders whilst reflecting the latest thinking and technology.  

About this article

Authors

Our latest thinking

Making corporate reporting relevant to your broader stakeholder base

In a world where trust and transparency are key to sustainable long-term value, businesses must find new ways to satisfy the reporting needs of all stakeholders.