When you look across the spectrum of U.S. regulatory agencies and tally up the fines, penalties, and legal settlements for compliance failures, those numbers are staggering—nearly $222 billion since 2020.
It is no secret that strong ethics is good business. There are many reasons for this, but a big one is risk reduction—a great ethics and compliance program fosters a culture of integrity where costly misconduct is prevented, or addressed proactively before things get out of control. Likewise, poor compliance actually costs organizations huge amounts of money. This blog will explore the five biggest reasons why.
Reason #1: Fines, penalties, and settlements
This is the obvious one. When you look across the spectrum of U.S. regulatory agencies and tally up the fines, penalties, and legal settlements that organizations are paying to the government for their compliance failures, those numbers are pretty staggering. Since 2020, the top 100 regulatory fines, criminal penalties, and class action settlements for corporate misconduct in the U.S. alone is nearly $222 billion. That’s enough to buy the National Football League and dissolve it.
Reason #2: The misconduct multiple
There is also an unseen aspect to regulatory costs. If you look at any given regulatory fine, penalty, or legal settlement, take that number and triple or quadruple it. That will reflect the costs to the organization before it ever got to the point of writing a check to the government or a plaintiff’s attorney. These are additional costs to in-house/defense attorneys, forensic accountants, the auditing team, and other functions that all have a very high resource cost.
Reason #3: The performance cost
This is the hidden cost of time that your company could have used to do other things, had it not been forced to spend it dealing with a serious regulatory or legal misconduct issue. Ongoing regulatory and legal concerns are a drag on morale and overall employee psychological safety. It also contributes to employee churn. Many employees will simply work for another company that endure a painful situation at their current one, and the cost of replacing talent is a multiple of any given position’s annual salary, when factoring in recruiting costs and lost productivity.
Reason #4 The rehabilitation cost
Companies that get into huge regulatory or legal trouble typically end up having to rebuild their compliance program, either because the government requires it, or shareholders demand it. Boeing will spend some $455 million over the next three years to rehabilitate its program. Walmart spent $845 million to rehab its program. Those are very large numbers.
Reason #5: The competitive cost
The four previous costs detailed all contribute to the inverse of the Ethics Premium, which tracks the financial performance of the publicly traded companies on the World’s Most Ethical Companies list. “You don’t see those fines and penalties in that particular cohort,” says Ethisphere Chief Strategy Officer Erica Salmon Byrne. “What you do see is a year-over-year outperformance against a comparable stock index.” Put simply, companies poor compliance lose business even if they do not face outright fines and penalties. They lose customers, they lose supply chain partners, and they lose strategic partners.
Having direct access to the board is a pretty clear regulatory expectation, particularly for industries with significant compliance oversight.
What does a good compliance org chart look like? How your compliance function is composed and to whom it reports can have a huge impact on your overall program effectiveness.
We advise a few key considerations: team composition, where the team sits, and what not to do.
Team Composition
Ethisphere data tells us that teams are becoming increasingly diverse, professionally.
We see more companies with communications professionals that are part of the compliance team and responsible for drafting compelling communications that employees actually want to engage with.
We see more companies put people with data backgrounds on the team and those people are responsible for data analytics and looking at different dashboarding and ways that data can tell an organization how the program is performing.
We see more teams with auditors on them or forensic accountants—particularly if you are in an industry where you might have to do a lot of forensic work as part of an investigation. By that token, we are seeing a lot people with investigations backgrounds on teams, also.
Lawyers, of course, continue to be very prevalent on teams, as well.
Overall, we see increasing specialization on compliance teams across a broad range of backgrounds. More often than not, we will see teams that have people who specialize in particular pieces of the program, so you might have somebody who focuses on your third-party risk management, or training, communications, manager preparedness, and things along those lines. But of course, we are also seeing a lot of people who are compliance managers and other kinds of generalist roles.
Where the Function Sits
On the age-old question of where does the compliance team sit within the organization, again, we are seeing a fair amount of diversity on that.
We still see a majority of compliance functions rolling into legal where the person who is running the program—the chief compliance officer—is increasingly not dual-hatted. While we do still see some compliance officers who are also the general counsel, increasingly, we see a recognition on the part of companies that those are two different full-time jobs, and you should designate the person who is actually running the program accordingly and give them the appropriate level of gravitas in the organizational chart.
We also see—and this is being driven by regulatory expectations—a lot of programs where the person who is running the program also has a direct line in to the chair of the relevant board committee that oversees the program. They are having their own direct conversations with that individual that do not go through the general counsel. This is very important. Having direct access to the board is a pretty clear regulatory expectation.
Things Are Different in Healthcare
An important caveat: The one place where we see a different reporting structure is for organizations that are subject to the oversight of Health and Human Services here in the U.S. That entity has been very clear that they believe that compliance reporting into the legal department is bogus. They want to see compliance as its own independent function.
That is driving the fact that in about 40% of the Ethisphere dataset, we see compliance reporting outside of Legal, and either directly to the CEO or somebody else in the C-suite (chief operating officer, administrative officer, etc.). These positions, of course, have that critically important direct line into the chair of the board committee.
What Not to Do
You do not want to see four levels between compliance and anybody who is ultimately responsible for the behavior of the organization. The farther down you are in the org chart, the less likely your information is getting to the people it needs to reach. For example, if there are a number of stops along the way, your information can get watered down, and you won’t have direct access to the chair.
If you have that kind of structure and you wind up in front of any regulatory body, they will not look favorably upon it. Going back to the 2010 amendments to the Federal Sentencing Guidelines, the federal government set an expectation for compliance to have unfettered access to the board. The primary reason for that was a case in which the general counsel was actually involved in misconduct and he board had no idea, because the general counsel prevented the compliance team from getting information to them.
So, since 2010, we have seen a very clear expectation from regulators that the people who are responsible for compliance on a day-to-day basis need to have unrestricted access to the board or to the chair of the committee that oversees the compliance program, where nobody else is filtering the information that compliance provides. Compliance should be able to sit in the executive session with that board committee and be able to talk on a regular basis with the chair. That has been the clear regulatory expectation for the last 14 years. You can find details on how to make a case for appointing a Chief Compliance Officer here.
Our mission is to provide ethics and compliance practitioners with a venue by which they could share their expertise with the broader ethics and compliance community. Whether it’s talking about an innovative new program, compliance policy, or procedure…highlighting trends worth watching…sharing ways to build a better culture of integrity…we’ve had guests from all over join us to share their insights.
As we’re fond of saying, there is no competition in compliance. That’s why we are so enthusiastic about showcasing this field’s incredible thought leaders and subject matter experts.
In particular, we have had a number of guests join us from the Business Ethics Leadership Alliance, or BELA, a global community committed to advancing business integrity that is comprised of senior legal, ethics, and compliance leaders representing more than 60 industries.
Being a BELA member means being part of an ethics and compliance community that shares best practices, expertise, and experiential benchmarking as folks share what is really moving the needle within their program.
In this episode of the Ethicast, we showcase a few of the BELA members who’ve come on the show. They don’t just represent best practices within their own organizations. They represent best practices within the ethics and compliance profession itself by sharing what they know in the interest of helping everyone advance business integrity.
Bo van Zeeland of SABIC shares how to secure ethics and compliance program resources, even when budgets are tight.
Marie-Claude Dumas and Julianna Fox of WSP share some key indicators of an E&C program that has truly embedded itself within an organization.
Craig Pedersen of PepsiCo talks about how the company incorporates culture assessments into their program.
Katy Creecy of Uber explains how data analytics have made such a powerful impact on Uber’s program.
2:33: SABIC secures E&C resources even when budgets are tight
5:15: WSP’s key indicators of a truly embedded E&C program
11:16: PepsiCo incorporates culture assessments into their program
12:41: Uber’s data analytics strategy in practice
Listen in to each full episode to gain ethics and compliance best practices.
How to Secure E&C Resources Even When Budgets Are Tight:
SABIC’s robust ethics and compliance program have earned the company its rightful status as a peer leader among other companies in the Middle East. Its focus on global diversity, culture, and anticorruption are just some of the program maturity hallmarks that have earned the company its Compliance Leader Verification status from Ethisphere. Bo van Zeeland, GM & Global Chief Counsel, Business Ethics & Compliance for SABIC has led the charge on elevating and advancing SABIC’s Culture of Integrity, Code of Ethics, and Human Rights Program. And he has also successfully managed to secure the resources his program needs, even during trying economic times for the petrochemical industry.
9:28: Building a global speak-up culture across a diverse organization
11:09: Securing E&C resources even when budgets are tight
To learn more about the great work Bo and his colleagues are doing at SABIC, visit sabic.com and mouse over the About tab. There you’ll find link’s to SABIC’s Compliance Culture, its Code of Ethics, its Human Rights Program, and more.
How to Build a Truly Embedded Ethics & Compliance Program:
Earlier this year, Ethisphere granted the Compliance Leader Verification to WSP for a second time, in recognition of its exceptional ethics and compliance program. Marie-Claude Dumas, President and Chief Executive Officer of WSP in Canada, and Julianna Fox, WSP’s Chief Ethics and Compliance Officer, explain how WSP used cross-functional collaboration, innovative speak-up culture, and a global network of champions to build the ethics and compliance capabilities that lead WSP from strength to strength.
5:59: How top leadership directly empowers a strong E&C culture
8:49: Optimizing risk management and audit processes to align with E&C
11:11: Key indicators of a truly embedded E&C program
15:50: Advice for CECOs looking to achieve program recognition
To learn more about WSP’s ethics and compliance program, visit www.wsp.com and hit the Who We Are tab. From there, click on Corporate Responsibility.
At PepsiCo, the Secret Ingredient is Culture:
Earlier this year, PepsiCo received World’s Most Ethical Companies honors for an astonishing 18th time in a row—something only a handful of other companies have achieved. The secret of Pepsi’s success here is no secret at all, though. As Craig Pedersen, Director, Global Compliance & Ethics Program, PepsiCo, explains, it comes from a substantial and sustained campaign with support from across the enterprise at all levels, all feeding into a robust culture that puts ethics and integrity first.
1:10: What it takes to maintain ethics & compliance program at such a high level of excellence
2:23: How PepsiCo’s E&C program evolves to keep pace with best practices
3:35: How PepsiCo incorporates culture assessments into their program
4:59: Specific initiatives to create a global culture of integrity that preserves local autonomy
6:25: Insights on participating in the World’s Most Ethical Companies program
8:54: PepsiCo contributions to the global ethics economy
Driving Ethics & Business Integrity with Data:
Ridesharing pioneer Uber recently earned the coveted Compliance Leader Verification from Ethisphere in recognition of its alignment with ethics & compliance best practices, program monitoring, and use of data analytics to ensure program effectiveness. In this episode, Katy Creecy, Senior Manager, Ethics & Compliance Programs, joins us to explain how Uber’s innovative and impactful data analytics strategy is moving the company’s E&C needle in a meaningful way.
To learn more about BELA, visit www.ethisphere.com/bela to request guest access to the BELA Member Resource Hub and to speak with a BELA Engagement Director.
Ethisphere’s Compliance Leader Verification recognizes organizations with an outstanding commitment to achieving a best-in-class ethics and compliance program
Phoenix, AZ – October 8, 2024 – Ethisphere, a global leader in defining and advancing the standards of ethical business practices, announced today that Labcorp earned the coveted Compliance Leader Verification from August 2024 through December 2025.
Labcorp, a global leader of innovative and comprehensive laboratory services, helps doctors, hospitals, pharmaceutical companies, researchers and patients make clear and confident decisions through its unparalleled diagnostics and drug development laboratory capabilities.
“Congratulations to the Labcorp team for achieving Compliance Leader Verification recognition,” said Eric Jorgenson, Director, Data & Services for Ethisphere. “The review team was impressed by Labcorp’s commitment to a speak-up ethical culture with policies and processes in place for employees to report issues and have concerns addressed. This is just one aspect of a very robust program founded in the company’s values.”
“Ethics and integrity are at the heart of everything we do and integral to our mission to improve health and improve lives,” said Tracy Strong, Chief Compliance and Privacy Officer for Labcorp. “We are honored to receive this recognition as it’s a testament to Labcorp’s commitment to uncompromising integrity in how we relate to each other, our patients, our clients and the communities we serve.”
The Compliance Leader Verification process involves a rigorous review of an ethics and compliance program and corporate culture. It includes completing the Ethics Quotient® (EQ), a questionnaire covering the elements of an effective program; benchmarking program practices against the World’s Most Ethical Companies®; and extensive document review and interviews with executives and stakeholders. Labcorp also chose to conduct an Ethical Culture survey to assess employee perceptions across eight pillars of an ethical culture.
Labcorp’s performance was evaluated on six key areas: program resources and structure; perceptions of ethical culture; written standards; training and communication; risk assessment, monitoring and auditing; and enforcement, discipline, and incentives.
Ethisphere® is the global leader in defining and advancing the standards of ethical business practices that fuel corporate character, marketplace trust, and business success. Ethisphere has deep expertise in measuring and defining core ethics standards using data-driven insights that help companies enhance corporate character. Ethisphere honors superior achievement through its World’s Most Ethical Companies® recognition program, provides a community of industry experts with the Business Ethics Leadership Alliance (BELA), and showcases trends and best practices in ethics with Ethisphere Magazine and The Ethicast podcast. Ethisphere also helps to advance business performance through data-driven assessments, benchmarking, and guidance. Learn more about Ethisphere at https://www.ethisphere.com.
About Labcorp
Labcorp (NYSE: LH) is a global leader of innovative and comprehensive laboratory services that helps doctors, hospitals, pharmaceutical companies, researchers and patients make clear and confident decisions. We provide insights and advance science to improve health and improve lives through our unparalleled diagnostics and drug development laboratory capabilities. The company’s more than 67,000 employees serve clients in approximately 100 countries, provided support for 84% of the new drugs and therapeutic products approved in 2023 by the FDA, and performed more than 600 million tests for patients around the world. Learn more about us at www.Labcorp.com.
