Bribery and corruption are often perceived as a public sector issue. However, the increasing frequency of reports of cases of corporate wrongdoings shows that corruption is also endemic in the private sector.
Evidence shows that corruption is not a completely neutral act. It often comes with reputation, litigation, regulatory, supply chain, and even financial risks. As such, it is very important to mitigate and manage corruption in the private sector, and its associated risks. One way to do this is through the adoption of policies or codes that communicate an organisation’s values and goals.
Despite being a private sector approach to risk management, the development and adoption of anti-corruption/governance focused policies has two broad origins. The first is that it can be a regulatory requirement or a prerequisite by member organisations/states in the case of multilateral agencies. For example, the UK Bribery Act (2010) places a burden on UK entities operating abroad either directly or through agents to ensure that they have written anti-bribery policies in place. The second origin is volitional – where an entity voluntarily codifies the values it wishes to be associated with in the pursuit of its business.
Whether these policies are a regulatory requirement or voluntary, their existence is gradually becoming a competitive tool aimed at meeting the good governance expectations of potential investors, customers, business partners, et cetera. In some cases, unsurprisingly, they are explicitly positioned as impression/reputation management mechanism. Notwithstanding the strategic relevance of such policies, their implementation, one way or the other, is always an indirect indicator of an organisation’s ethical climate – i.e. employees’ shared perceptions of the ethical practices and procedures of a firm.
The implementation of corporate policies can be informed by different schools of thought. Some schools hold onto the tenets of the letter of the policy or the rule-based compliance approach. Contextualising this would result to responses such as – “that is what the policy/law/regulation says.” It is about adherence to the extant laws or regulations. Obviously, this is deeply rooted in legalism; and usually leads to a box checking approach to compliance. Other schools focus on the spirit of the policy or what it intends to achieve. This gives way to a more widespread and critical interest in the value judgment underlying the organisational decisions made by employees, and particularly those responsible for the strategic direction of the firms.
A review of most compliance programmes in organisations would show that the legalistic school of thought is often the dominant orientation towards the implementation of corporate policies. This is unsurprising, as the function is usually manned by legal professionals or compliance officers with a leaning towards legalism.
The legalistic approach to corporate codes of conduct may have the benefits of efficiency, certainty, and confidence provided by legal frameworks. However, given the dynamism and fluidity of ethics, as a precursor to laws and regulations, a narrow adherence to laws and regulations may be counterproductive – especially in grey areas where issues are not strictly white or black. Moreover, the effectiveness of corporate codes of conduct are largely dependent on appropriate organisational culture.
Studies show that organisational members imbibe their cultures (e.g. the values of corporate ethics) through socialisation. This implies that ethics and governance in corporations will benefit from multidisciplinary perspectives and as such should not be restricted to lawyers and compliance officers. It should also involve those who curate organisational cultures – for example human resources and organisational development professionals. This makes a case for the consideration of compliance from a socio-cultural paradigm.
Arguably, an organisation through socialisation provides its members with a shared set of values and norms, with strong cues for conformity. In other words, it can be argued that organisations are themselves mechanisms for behavioural control, where individuals receive behavioural instructions and act on these cues (positive or negative) to perform their respective roles. That is to say, if an organisation explicitly or implicitly teaches, encourages, condones or allows its employees to use unethical methods in their dealings with its stakeholders – clients, shareholders, suppliers, regulators, other employees, et cetera, it is likely that these will be internalised by the employees and passed on to new members despite what is written in corporate codes. In that case, culture literally eats corporate codes for breakfast!
This thinking raises a fundamental question as to which part of an organisation should then champion the embedding of organisational ethics in an organisation. Would it be the Risk management/Compliance/Internal Audit/Corporate Counsel functions as presently constituted in most organisations or should emphasis rather shift to incorporate the organisational development function, in order for ethics to be deliberately designed into the organisational culture? In my opinion, the latter option and a paradigm shift are necessary.
This proposed paradigm shift in the embedding/implementation of business ethics programmes in an organisation is worth considering because corporate failures are costly to organisations by damaging their reputations, harming employee morale, and increasing regulatory costs—not to mention the wider damage to society’s overall trust. Often times, how these polices are implemented yield them to the scrutiny of court of public opinion.
For instance, African Development Bank’s (AfDB) compliance to its code of ethics in the handling of a whistleblower’s complaints against its President is the fulcrum of a raging public debate. AfDB’s code of ethics specified that investigation be performed at the preliminary stage by the Board, but is silent on whether the Board could use an external, independent party at this first stage; or rely solely on its internal structure. Notwithstanding, AfDB was advised to bring in an external investigator to consider the matters raised by the whistleblower.
Going by the legalism approach, an investigation was conducted internally. Thus, the compliance box was successfully checked in this instance. However, unfolding events suggest that the decision making process behind this compliance has wider implication on the perceived ethical orientation of the entity, as expressed in the US Department of Treasury’s letter to the Board of Governors of AfDB. From a best practice perspective in investigations, the advice to bring in an external investigator might have been predicated on the belief that an internal investigation team may be caught in the power dynamics at play in AfDB because of the calibre of personnel involved. This is a valid consideration in the practice of investigation.
AfDB has now finally succumbed to the demands of powerful stakeholders for an independent review of its own internal investigation. This exemplifies how an organisation can be in full compliance of its internal process and yet act in a way that might negatively affect its reputation by failing to gain the trust of its stakeholders. In hindsight, this could have probably been avoided with a multidisciplinary and integrated thinking to governance ethics and its implementation.
In sum, it is fair to argue that corporate governance ethics requires integrated thinking. It should not be left to a particular function – e.g. law and compliance officers. As much as this group of professionals would like to hang onto it tenaciously and ferociously, they should also realise that this narrow approach harbours the same significant risks they eagerly seek to avoid. A multidisciplinary and inter-professional approach, it seems, is a better way to go!
Amaeshi is a governance practitioner with extensive corporate ethics and investigation experience. He can be reached via: email@example.com