4 minute read 14 Nov 2019
Wind turbines on mountain

Why trust must be central to compliance programs in the energy sector

4 minute read 14 Nov 2019

Show resources

  • Integrity Compliance and Ethics (pdf)

  • ey-standard-on-anti-bribery-management-systems.pdf

    Download 160 KB
  • Are regulators and litigants better at analytics than you? (pdf)

    Download 237 KB

Employees in the sector often have to work in environments where unethical behavior is a fact of everyday life. Here’s how to respond.

The energy sector is on a transformative journey, and as such, the compliance landscape within the industry has also changed significantly in recent years. Fundamental changes include oil price fluctuations, pressure on shareholder value and returns, and cost-cutting. Some companies have joined forces in megamergers, while others have divested assets or diversified into renewables, all of which is leading toward an inevitable shakeup of the industry.

However, one of the recurring issues in the energy sector is trust. The industry is uniquely susceptible to bribery and corruption, with reliance on third-party relationships and employees often having to work in challenging environments where unethical behavior is a fact of everyday life. Maintaining trust while working in this way continues to be a challenge.

Corporate integrity and building a culture of compliance are therefore becoming increasingly relevant to enhancing reputations and maintaining or improving business performance. In June 2019, at the fifth annual EY seminar on Risk and Compliance in the Energy Sector, panelists from EY and leading multinational energy companies discussed these trends, and several ways to build a comprehensive compliance program in the sector.

1. Define the role of data in compliance programs

One of the biggest advances in the past 10 years has been the data that compliance officers can now access to monitor ethical behavior. Good-quality data and information from multiple sources — such as financial transactions, travel movements and instant messaging — allows compliance officers to spot patterns and offer factual understanding of what has happened. This information is enabling companies to build preventive risk management programs.

Although data has brought some advantages, it should not be viewed as a complete solution, and sometimes issues remain hidden in plain sight. For instance, if an executive has a specific way of negotiating deals and communicating with third parties, it is unlikely that anyone will question this. This is where building a culture of integrity and accountability is important to promote good corporate governance and limit what could be deemed as bad behavior.

Better data governance is critical in order to pool knowledge so compliance professionals can develop a full picture of what is happening on the ground and effectively advise their boards.

Compliance teams are embracing the use of data scientists, so data is proactively factored into the planning and design of compliance programs.

2. Evolve the role of chief compliance officers

Over the next five years, the responsibilities of the chief compliance officer will evolve to cover integrity and bridge the gap between rules and culture. They will be asked to carefully walk the line between incentivizing the right behaviors and penalizing those who break the rules.

Finding a balance will help create a culture of trust that offers a preventive alternative, addressing threats before they materialize. Greater opportunities to leverage more sources of data are putting pressures on the traditional three lines of defense to shift, change, or potentially blend. Therefore, oversight and strategic direction from the board and executive level will be critical.

3. Empower compliance from the top

While boards are not naïve to compliance issues, resources and budget are not always allocated to proactively manage risks. A crisis or compliance breach is often the catalyst for investment in a comprehensive and proactive compliance program.

In stark contrast both cybersecurity and health and safety command board attention and attract significant investment. Cybersecurity is seen as a realistic and costly threat in terms of reputation and financial damage, and effectively managing health and safety risk is unanimously acknowledged as fundamental to operating in the sector.

Another reason why proactive planning is important is the rise of social media. Breaches are reported in real time, which means that boards have very limited time to understand the full extent of an issue before they must act and address how and why it happened and what their response will likely be. This presents an ongoing challenge for compliance and integrity teams and can damage companies’ reputations if precautions are not taken.

4. Embrace technology and new skill sets

A future focus for compliance needs to be on preventing breaches through developing a culture of transparency and trust, putting integrity at the heart of compliance activities. Implementing tools and technology that harness data and information can then monitor and verify activity and identify potential breaches before they occur.

Those working in compliance should be ready to embrace data and combine skill sets to ensure they have a full understanding of what is happening across their company.

A company that adheres to principles of morality, ethics and honesty (and demands the same level of integrity from its business partners) will be better placed to combat non-compliant, negligent or illegal conduct.


Corporate integrity and building a culture of compliance are becoming increasingly relevant to enhancing reputations and maintaining or improving business performance. To address the challenges, technology equips companies with new tools, but don’t overlook the need for human skills and involvement from the board and the C-suite.

About this article