Integrity Management – Keeping it Simple in a Complex World

Posted on November 22nd, 2024 by Dr Daniel Malan

Imagine you are the Chief Integrity Officer (also called Ethics and Compliance Officer) of a large multinational corporation. Your company has annual revenues of more than $10 billion, employs more than 100 000 employees and operates in more than 50 countries. Each day, in each jurisdiction, you know that each employee will have multiple opportunities to engage in unethical behaviour. This could range from criminal behaviour like insider trading, money laundering, procurement fraud or bribery to internal misconduct like cheating on a timesheet or an expense claim, to behavioural issues such as discrimination, harassment, and bullying. Unethical behaviour is often illegal, but not always. Sometimes we refer to behaviour that is lawful but awful. Regardless of the legality, the repercussions remain significant. Companies lose their reputation and pay huge fines. Sometimes they cease to exist. Individual employees lose their jobs and sometimes go to jail.

There are more than enough case studies to illustrate what happens when things go wrong. A recent case is the British Post Office/Horizon scandal which has been called one of the biggest miscarriages of justice in British history. This involved thousands of innocent sub-postmasters being pursued for financial shortfalls caused by faults in Horizon, an accounting software system developed by Fujitsu. In 2022, sixteen Wall Street firms, including Barclays, Bank of America, Citigroup, Credit Suisse, and others were fined a combined $1.8 billion after staff discussed deals and trades on their personal devices and apps. In 2017, Volkswagen received a $2.8 billion criminal fine for Dieselgate – this involved the rigging of diesel engines with cheat devices to manipulate emissions data. Volkswagen has paid out more than $30 billion worldwide as a result of the scandal. In South Africa, investors have lost almost $14 billion in the Steinhoff accounting fraud scandal, the former Chief Financial Officer has been jailed for five years and the former CEO committed suicide.

Clearly there are many risks involved at the individual company level, and these companies paid dearly for their transgressions. Not only are the fines enormous, but innocent lives were destroyed, some people went to jail and some (both perpetrators and victims) have lost their lives. Now think about the scale. The United Nations estimate is that there are 80 000 multinational corporations in the world. Of these, the largest 2 000 had combined revenues of almost €50 trillion in 2022. And this is only the tip of the iceberg. According to the United Nations, micro, small and medium enterprises (MSMEs) account for more than 90% of all business and more than two-thirds of all employment worldwide. If we want to get one number that gives a sense of the scale, the UN gives us one: each year, approximately 5% of global GDP is lost due to global corruption.

While these numbers are overwhelming, if you are an Integrity Officer, you have only one company to worry about! It is clear that Integrity Officers do not have an easy job and are faced with various challenges. Firstly, it is difficult to train to become an Integrity Officer. The job description is not aligned with an academic qualification, like becoming an accountant or engineer. You are simply thrown in at the deep end. Secondly, the position is cross-functional – there is a bit of everything involved: HR, risk, forensic investigation, legal, etc. As the Integrity Officer you have to be a generalist, and you are unlikely to be an expert in any one of them. If this is not scary enough, Integrity Officers are increasingly given additional responsibilities in the ESG (environmental, social, and governance), CSR (corporate social responsibility), and EDI (equity, diversity, and inclusion) spaces. You don’t work with employees only, but also with supply chains and communities. Thirdly, new technology (so-called frontier technology) adds a new layer of complexity. It can be a friend or a foe. The same technology that companies can use to sniff out fraud can be used against them in cyberattacks. Fourthly, it is very likely that you don’t have accurate data – your sustainability reporting manager, especially on the environmental side, has access to sophisticated software and granular data, but you are usually restricted to poor data that still come from spreadsheets, emails, or notes from Zoom calls. Finally, and perhaps most importantly, you don’t have a receptive audience – the employees that concern you are either trying to hide their behaviour or they don’t realise the behaviour they engage in is questionable.

There is no magic solution, but – as a minimum – Integrity Officers need to consider the following core components of a successful integrity management system: Assessment, Behaviour, Compliance and Disclosure.

Assessment
Accurate information is required about the prevailing ethical risks and the existing ethical culture inside the company – if you don’t understand the status quo, you can’t change it. This information is usually gathered through some form of confidential employee survey and provides the baseline data required to design appropriate interventions.

Behaviour change
Integrity training should empower employees to make ethical decisions rather than require them to tick boxes. If you train employees about all the things they are not allowed to do, they typically come back to you and say: “Show me where it says I cannot do this”. This is not very helpful. There is a rule of thumb that 80% of employees are inherently ethical but need guidance. 10% will not be influenced by training because they are determined to engage in unethical conduct, and 10% are so committed that they don’t even need training. Dealing with the 80% is the game-changer. Tick-box compliance training does not work for them.

Compliance
Although “beyond compliance” is used increasingly to describe effective integrity programmes, compliance should never be discarded. Employees should be aware of the risks and implications of unethical (especially illegal) behaviour. They should be given the tools to speak up about misconduct. According to the EU Whistleblower Directive, companies with 50 or more employees must implement confidential internal reporting systems and provide feedback to employees within three months.

Disclosure
Accurate and reliable data is required to report to both internal and external stakeholders about progress. This is becoming increasingly important as we see regulation in the space. In terms of the new European Sustainability Reporting Standards, companies are required to report on business conduct (ESRS G1). This includes reporting on corporate culture, supply chain issues, anti-corruption and anti-bribery measures, political lobbying, protection of whistle-blowers and payment practices.

Addressing these four components in an integrated way will go some way in addressing the challenges faced by the Integrity Officer. Accurate data will inform integrity programmes, both in terms of design and disclosure requirements. Appropriate training will change behaviour and have a positive impact on corporate culture, and all of this will be underpinned by a strong compliance system that is viewed as a part of the solution, but not the solution.

It would be naïve to think that the global cost of corruption will be curbed dramatically soon, but the main priority for an individual Integrity Officer is to address these issues at the company level. Each individual success story will make an important contribution to shift the dial globally.

Daniel Malan is the Director of the Corporate Governance Lab at Trinity Business School, an Associate Professor Extraordinaire at Stellenbosch Business School, and co-founder of IntegrityIQ, an ethics AI start-up supported by Enterprise Ireland.

Posted in EDTalks | Comments Off on Integrity Management – Keeping it Simple in a Complex World