4 minute read 17 Jun 2020
265292174

Business conduct and ethics: Protecting your organisation

Authors
Terry Seagreaves

EY UK Assurance Forensic & Integrity Services, Director

Investigations & Compliance Director with over 19 years of experience in fraud, bribery and corruption investigations, focused on large and complex multinational investigations.

Emma Browne

Partner, Business Conduct & Ethics, Forensic & Integrity Services, Ernst & Young LLP

Helps organisations achieve their integrity agenda. Co-founder of a dog rescue in Spain.

4 minute read 17 Jun 2020

In today’s world, trust is highly valued. Scrutiny of business’ conduct and ethical behaviour has never been more prevalent.

The Kingman Review specifically references business conduct as an area that needs improving and the Brydon Review goes further, recommending strengthened director and auditor accountability for fraud prevention. 

It is not just regulators and public policy makers who are demanding higher standards of business conduct and ethics – employees, customers, activists and investors are increasingly exposing companies who don’t measure up.

The COVID-19 epidemic has further increased the need for companies to demonstrate they have a robust business and ethics framework in place to deal with the heightened risks emerging from this unprecedented situation.

Companies that do not adhere to the higher standards being set by regulators, risk losing the trust and confidence of not only investors but also other stakeholders including wider society.

What does this mean for you?

The consequences of poor business ethics and conduct can be significant, from financial penalties, reputational damage, and falling share prices to personal impact on board members and the senior executive team. 

Regulators, investors and activists are using increasingly sophisticated methods to detect misconduct and hold businesses to account.

Risks will occur across every aspect of your business – from how you interact with your customers, employees and supply chain to the way you manage data and impact the environment.  Having an effective and robust framework to identify and mitigate these risks is essential.

The first stage is to make sure you have a holistic view of your conduct and risk universe which may include, for example:

  • Financial – accounting change, financial reporting, capital adequacy, tax transparency & compliance and anti-tax evasion.
  • Operational – third party risk, cyber security, physical security, supply chain transparency and responsible sourcing.
  • Legal – ethical breaches, fraud, bribery & corruption, economic crime.
  • Environmental and social – conflict materials, environmental impact, health/safety & wellbeing, modern slavery, employment law, diversity and inclusion reporting.
  • Regulatory – Brexit, sanctions & export controls, anti-money laundering, anti-trust, consumer protection, data privacy and intellectual property.
  • Sector-specific – automotive emissions, financial services, financial crime, product safety, food safety, healthcare professional sales and medicines control.

Approaching these in a fragmented way, is likely to expose companies to either duplicating effort in managing their risks or creating gaps, reducing oversight of their risk universe. Instead, companies should seek to build an effective and integrated framework. 

In doing so, business leaders will need to ask themselves the following questions:

  • Who ‘owns’ conduct risk in our organisation?
  • When did we last complete a conduct risk assessment?
  • Are we comfortable that we are engaging with reputable third parties?
  • Are we asking the right questions of our data to highlight and monitor conduct risk?
  • Does our board have regular oversight and independent assurance that the organisation is compliant with relevant laws and regulations?
  • Are we comfortable that our whistleblowing policies and procedures are effective?
  • Do we talk about culture as often as we talk about profit and business performance?

Having built a framework, it is vital to regularly test its effectiveness. For example, are you making the most of data and technology to understand and proactively manage your risks? And, with incident reporting rates increasing by more than 50% from 2016 to 2018 according to Expolink’s Whistleblowing Benchmarking Report 2019, do you have policies in place for employees to report their concerns internally so that they can be addressed before escalating?

The risk landscape is constantly evolving, even more so now with the disruption caused by COVID-19, therefore it’s important that your framework is dynamic to adapt to the rapidly changing environment. 

Using our business conduct and ethics diagnostic, you can evaluate the maturity of your existing framework compared to the latest regulation and leading practices. Where gaps are identified, we can help you design and implement a remediation programme, covering: 

  • PREVENT
    • Policy assessment and drafting 
    • Controls assessment and development
    • Conduct risk assessments 
    • Developing and delivering training  
  • DETECT
    • Risk-based conduct monitoring and controls testing 
    • Developing and embedding data analytics monitoring
  • RESPOND
    • Investigating issues & whistle-blower allegations
    • Reporting and KPI development 
    • Remediation of process and control weaknesses
Future of Corporate Reporting_3

Our latest thinking

Effective internal controls for greater corporate reporting confidence

Regulatory reform and stakeholder expectations are raising the bar for corporate reporting – greater transparency and accountability will be needed to clear it.

17 Mar 2020 Dan Feather

How will your corporate reporting change to balance all stakeholders’ needs?

Our changing world is increasing demand on companies to deliver value for a broader stakeholder group – and corporate reporting needs to keep pace.

7 Jan 2020 Hywel Ball

Summary

Organisations are under pressure – not only to behave ethically but to be able to demonstrate it. To successfully navigate the crisis in trust affecting today’s businesses EY can help you build, evaluate and improve your business conduct and ethics framework so that it meets the expectations of your stakeholders whilst reflecting the latest thinking and technology.  

About this article

Authors
Terry Seagreaves

EY UK Assurance Forensic & Integrity Services, Director

Investigations & Compliance Director with over 19 years of experience in fraud, bribery and corruption investigations, focused on large and complex multinational investigations.

Emma Browne

Partner, Business Conduct & Ethics, Forensic & Integrity Services, Ernst & Young LLP

Helps organisations achieve their integrity agenda. Co-founder of a dog rescue in Spain.