In looking back at SCCE’s 17th Annual Compliance and Ethics Institute, held in Las Vegas this year, I have to say it was one of the best SCCE CEI events I and other members of the Mitratech team have attended in recent years.
It also provided food for thought about the future of risk and compliance management, and the forces very much at work at this moment that are impacting it.
It was a pleasure to see friends and colleagues, as well as to see a wide array of vendors, both new and old. Two of them who were particularly worthy of shout-outs? Broadcat for their game-changing method of educating employees on ethics and compliance, and Syntrio for their flexible approach to eLearning.
During the conference, many different workshops, discussion groups, roundtables, and presentations were given, across many different areas. But for myself and others, I’m sure, the main takeaway was about the increasing focus on business culture.
Setting a foundation for a culture of ethics
Building a culture of ethics reduces the risk of noncompliance. But that’s not an easy task, because unlike some general compliance initiatives, it is not a tick in the box. It’s a way of life, it’s a mentality, it’s a desire to be the best version of yourself you can, both as an organization and as an individual.
During the conference, three areas presented themselves as being vital in laying the foundations of just such a culture:
One standout session that spoke to the need to construct sound processes as cornerstones of an ethical culture? Advancing a Culture of Integrity by Building Strong Climates, presented by Brian K. Lee, a Practice Leader at Gartner.
His very incisive advice? The first thing for risk and compliance managers to do is look internally and lay the foundations for an ethics-centric culture. What processes do you already have in place?
There must be a top-down and bottom-up approach to ethics, by ensuring that throughout the organization there are processes in place to educate, communicate, emphasize, and embrace ethical behavior.
Two excellent sessions really brought the use of technology in building a culture of ethics to the fore: Jay Rosen of Affiliated Monitors, Inc., presented Secrets from In-house Ethics & Compliance Buyers: How to Keep the Gate and Your Sanity, while Tom Fox of Advanced Compliance Solutions and Matt Kelly of Radical Compliance spoke to how AI Is Coming: Future-proof Your Career and Your Compliance Program.
The takeaway? While there is caution that utilizing technology to mask lazy processes and a lack of a culture of ethics will lead to failure, technology is an enabler for those organizations trying to provide maturity and visibility into the performance of their ethics and compliance programs.
It’s understandable why sexual harassment, data protection, and social media seemed to be the hot topics at SCCE CEI this year. Many sessions covering these concerns were held, and one common theme resonated across them all: Employees are your largest source of risk.
So, the education of your employees is paramount in protecting your organization. Robust policies and procedures and continuous improvement are required to stay ahead of the game and protect your enterprise, your customers or clients, your stakeholders, and even employees in the event of employee breaches, whether accidental or malicious.
4. “Ethics Rising” in risk and compliance management
If there was one topic where more emphasis could have been placed, it was on the subject of personal accountability. We didn’t see much examination of this during the conference, but it’s of crucial and growing concern. Not only are regulators holding senior individuals responsible for certain breaches, we’re starting to see ethical organizations driving individual accountability internally.
As the Google walkout demonstrates, employees are feeling increasingly empowered to make a public issue of their compliance concerns – and companies are listening.
In other words, you no longer get to hide behind your organization when it comes to matters of corporate misconduct. Moreover, as the Google example demonstrates, the organization itself can at the very least suffer a reputational black eye when individuals violate accepted ethics, codes of conduct, or the law.
On the Legal Operations side of Mitratech’s business, we have seen a “Legal Rising” movement underway as in-house legal departments begin to leverage technology to become more central to their organizations. Based on observations of this year’s SCCE CEI, and of the risk management landscape in general, it seems fair to say there’s an “Ethics Rising” trend gaining strength in GRC, as risk and compliance managers embrace the need to build an integrated culture of ethics and accountability in their companies, or hazard having it imposed on them by external forces.
A powerful convergence of company awareness, societal pressures, and technology are pushing this evolution forward, and it will be fascinating to see what happens between now and next year’s SCCE CEI.