By Blandine CORDIER-PALASSE & Marine RICHERT, LexisNexis N°1, p. 38
Report on the actions carried out by companies competing in the 2019 Trophées d'excellence
Blandine Cordier-Palasse, President of BCP Executive Search, co-founder of the Cercle de la compliance
Marine Richert, compliance lawyer, member of the Master's in Business Law and Ethics Alumni Club
1. Background
In a societal context where business ethics and compliance are becoming essential, where respect for and consideration of stakeholders is becoming the norm. Groups are making strong commitments to society, increasingly supported and implemented by their internal organisation.
We can therefore see that the "tone from the top" of the board of directors/supervisory board and senior management and their active involvement in the deployment of compliance/compliance have an impact on this development.
The 2019 Trophées d'excellence of the Chair in Business Law & Ethics,
are organised in partnership with BCP Executive Search. They provided an opportunity to review the internal organisation of the companies surveyed. We then looked at their general governance, their risk governance and their culture of ethics and compliance/compliance.
The panel of companies is deliberately diverse, both in terms of size (CAC 40, SBF 120, VSE/SME, private group, subsidiary of public group, etc.) and business sector (industry, fund management, real estate or service company). The aim of the survey is to identify trends in the way the function is organised within these structures. The aim is also to understand the stages from design to deployment of the system. The aim is to identify good practice and reward those organisations that stand out from the rest.
2. Comments: survey results
A. - General governance
The review of general governance was based on the actions in favour of ethics and compliance/compliance of the board of directors/supervisory board responsible for the company's strategy. Ethics, governance and compliance/compliance are covered by a dedicated organisation. This organisation was set up at the initiative of the governance bodies.
Key figures
Out of a panel of 11 companies observed :
- 6 have set up an Ethics and Governance (E&G) Committee within the Board;
- 2 have appointed an ethics and compliance/compliance committee within the executive.
These committees comprise between 3 and 6 directors, with at least one independent director. They meet at least twice a year. It is interesting to note that more than 30 companies replied that they were not sufficiently mature in the deployment of their compliance/compliance programme to compete this year.
1° Tasks of the dedicated committees
In general, these committees are responsible for :
- review the definition of the Group's core values
- review its governance, ethics and compliance policy;
- discuss and make recommendations to the Board of Directors;
- ensuring that the Code of Ethics is implemented and disseminated
- ensuring that the global policies defined by the Group are implemented;
- review the company's risk mapping in relation to ;
- organise the function ;
- issue an activity report and recommendations.
These committees must also :
- ensure, where appropriate, that a system is in place to prevent and detect corruption and influence peddling;
- ensure that executive directors implement a policy of non-discrimination and diversity;
- managing conflicts of interest ;
- assess the reporting and control procedures for non-financial indicators.
Some groups have also set up an ethics, compliance and CSR committee within the Comex/Codir to keep it regularly informed about the compliance programme and its progress. The aim is to provide it with concrete information on the effectiveness of the programme and its monitoring. The aim is also to discuss any preventive and/or remedial action that needs to be taken.
Some groups also set up committees. These may be called Business Ethics at the level of each subsidiary or of global functions. They are co-chaired by Business Ethics Officers, in charge of the subsidiary or function, and the heads of the country or function.
Their objective is to evaluate and continuously improve the compliance programme of countries or functions. Adopting a risk-based approach. To ensure that the Group's strategy is implemented in an ethical and compliant manner.
It also involves developing the organisation's ethical culture and aligning responsibilities and resources in favour of the deployment of the compliance/compliance programme.
2° Organisation and scope of the ethics and/or compliance/compliance departments
This organisation varies from one company to another, not necessarily because of size but rather because of the approach to ethics and compliance adopted. In the panel studied, the majority of companies have a single ethics and compliance department. This department has a variable scope of action.
Examples
One company includes CSR in the scope of its ethics and compliance/compliance department. Two other companies have extended it to include data protection.
A public limited company with 100 % public capital % has decided to separate the ethical approach from that of compliance/compliance, the latter being attached to the legal department.
Where they exist, the ethics and/or compliance/compliance departments communicate regularly with top management and even with the Board's ethics and governance committee. Generally speaking, the ethics and/or compliance/compliance departments have a specific budget and are allocated increasing resources to carry out their tasks.
3° Positioning of the ethics and/or compliance/compliance function
Details
- 60 % of ethics and compliance/compliance directors report to the Chairman or CEO for reasons of independence and good governance.
- 33 % report to the General Secretary.
In some cases, ethics and compliance are integrated into other departments. For example, the Legal Department or the Audit, Risk and Internal Control Department.
In addition, these different choices can be explained by the sector, which is more or less regulated. Or the size of the company, its culture, the degree of management awareness of these risks and their bottom line. These include image and reputation risk.
Example
An industrial company in the SBF 120 index has chosen to integrate ethics and compliance/compliance into the legal department, as these are cross-functional concepts in different areas of law and issues that may arise at several levels.
In any event, all companies agree on the need for the ethics and/or compliance/compliance department to be in constant interaction with other key departments, in particular the legal department, human resources, finance, audit and internal control departments, and even the strategy and general management departments.
Note
Two companies expressly emphasise that if an ethics and/or compliance/compliance programme is to be implemented effectively, compliance/compliance must be seen not as a function of expertise, but as an operational function, a cross-functional Business Partner.
B. - Action taken by the ethics and governance committees
1° Training and awareness-raising
Observation
Given the 'tone from the top' established in most of the companies in the panel, the measures that are the least difficult to implement are the adoption of a code of ethics and a code of conduct, and the raising of awareness among employees and the provision of related training.
However, even if employee buy-in is gradual, there is an expectation of such measures on their part - which partly explains the relative ease with which business ethics values and policies can be adopted, which are not just empty words but are truly embodied and anchored in the conduct of the company's business, at all levels.
In addition, the survey shows that the company culture and the importance of ethics are also factors that facilitate adherence.
2° Risk mapping
Observation
For most groups, the most difficult measure to implement is risk mapping - an essential prerequisite for setting up the compliance/compliance infrastructure and action plans.
The main challenge we face is related to the international scope of our operations, which involves crossing regulations and integrating complex or country-specific requirements.
The second challenge, a corollary of the first, is of a managerial nature, particularly in multinationals, i.e. the need to ensure the cooperation of multidisciplinary and multicultural internal contacts whose sensitivity to ethical and compliance/compliance issues varies considerably from one country to another, but also according to function, generation, culture, religion, individual sensitivity, etc.
Finally, incorporating business-specific risks into the mapping, such as the identification of third parties or the implications of commercial policy, requires a certain amount of tact if it is to be understood as protection and not as an obstacle to business development.
3° Prevention of corruption
Secondly, companies do not all face the same difficulties when it comes to corruption prevention plans. Some point out that their large size and international exposure in countries where cultural differences have an impact on understanding and sensitivity to these issues constitute an obstacle to the circulation and reporting of information.
The internationalisation of companies also makes it difficult to use the whistleblowing procedure uniformly because of cultural differences, with some populations shying away from it. Another difficulty concerns the assessment of third parties which, when there are many of them, is more or less complex and requires additional resources, particularly digital and human resources.
4° Compliance/compliance infrastructure
For most companies, the action plan covers, on the one hand, corporate governance, and in particular the delegation of powers and reporting to the board of directors at group and country level and, on the other hand, the construction of the infrastructure. In particular, it varies according to the governance, business sectors and geographical, cultural, geopolitical or other exposures of the groups.
More generally, actions include the compliance/compliance infrastructure to translate ethical values and integrity principles into clear rules, precise preventive or curative action plans and concrete results with decision-making tools. These steps may include defining processes and their scope of application, identifying functional and operational relays at head office and in international subsidiaries, training, warning systems, internal controls, assigning supervisory and reporting responsibilities, and monitoring to ensure the effectiveness of the programme.
Note
The compliance/compliance infrastructure and action plan can cover anti-corruption policy - as mentioned above - as well as anti-competition policy, export control, protection, etc. The compliance/compliance infrastructure and action plan can cover anti-corruption policy - as mentioned above - as well as anti-competition policy, export control, protection, etc.
data protection, cyber security and cyber crime, the fight against fraud, anti-money laundering, conflicts of interest, the assessment of third parties, etc.
C. - Integrating ethics and compliance/compliance into the corporate culture
The dissemination of a culture of ethics and compliance/compliance takes different forms. The majority of companies state that the ethics and/or compliance/compliance department should not be the only player involved in day-to-day ethics: all employees are the bearers of the company's mission and should feel responsible for compliance.
The two most frequent levers we see are the bridge between integrity and compliance/compliance, and taking account of the expectations of civil society as a lever for commitment.
On the other hand, the majority of companies have not chosen to use the ethics day as a lever, and two of them specify that this is a deliberate choice, as ethics should be an everyday issue and not just a matter for one day a year.
One company even points out that, thanks to the change in mindset and the level of maturity achieved in terms of ethics by companies in regulated sectors that have been implementing a compliance/compliance programme for several years, processes have been simplified and transformed in favour of empowering teams, particularly with regard to project approval workflows.
3. Conclusion: compliance/compliance, values and ethics: a winning trifecta
Thanks to this survey, we have finally been able to identify a number of pioneers in the field of ethics and compliance/compliance, as well as a large number of practices. They clearly show that the trend is towards strengthening and integrating robust ethics and compliance/compliance policies at all levels of the company.
We also found that all the companies surveyed have strong values, take responsibility for them and make adherence to the company's culture an important part of corporate life.
