ce pe report

7/24/2019 Ce Pe Report

1/141


2/141

2014, SCCE | NYSE Governance Services, all rights reserved

TABLE OF CONTENTS

METHODOLOGY ............................................................................................................................................ 3

RESPONDENT DEMOGRAPHICS .................................................................................................................... 4

PROGRAM OVERSIGHT ................................................................................................................................. 8

STANDARDS AND DOCUMENTATION ......................................................................................................... 31

DUE CARE .................................................................................................................................................... 45

ETHICS AND COMPLIANCE TRAINING ......................................................................................................... 58

MONITORING AND AUDITING .................................................................................................................... 85

RESPONSE AND PREVENTION ................................................................................................................... 107

GOVERNANCE ........................................................................................................................................... 122


3/141


METHODOLOGY

SCCE and NYSE Governance Services jointly administered the 2014 Compliance and Ethics Program

Environment Surveyfrom June to August of 2014. The survey was designed to be completed by Chief

Compliance Officers or the person responsible for the day-to-day operation of the ethics and compliance

program.

The survey was conducted online, and respondents were required to answer all applicable questions. All

response data is kept confidential and respondents will remain anonymous. While respondents provided

identifying information so data could be reviewed to ensure the integrity of the data, the results within

this report are presented in the aggregate. This report breaks the survey into the hallmarks of the U.S.

Federal Sentencing Guidelines (FSG) as well as a Governance section, which focuses on the questions

regarding each organizations Board of Directors.

The survey was distributed to SCCEs contacts, and participation in the survey was optional. In total,

there are 249 complete and usable surveys presented in the analysis of the results. Please note that the

survey used forced responses as well as skip logic to ensure that respondents would not be presentedwith questions that did not apply to their organizations or their job functions.


4/141


RESPONDENT DEMOGRAPHICS

Industries Most Represented

31%

11%

11%

11%

8%

Health Care and Social

Assistance

Manufacturing

Utilities

Finance and Insurance

Educational Services


5/141


8%

13%

8%

31%

13%

17%

6%2%

2%

Respondents According to Workforce Size

Less than 100 employees

100 499 employees

500 999 employees

1,000 4,999 employees

5,000 9,999 employees

10,000 24,999 employees

25,000 49,999 employees

50,000 99,999 employees

Over 100,000 employees


6/141


25%

13%

11%10%

10%

9%

8%

7%4%

2%

1% Respondents by Total Annual Revenues

$1 4.9 billion

Less than $20 million

$200 499 million

$5 9.9 billion

$10 49.9 billion

$20 49 million

$500 999 million

$50 99 million

$99 199 million

Over $100 billion

$50 99.9 billion


7/141


36%

24%

23%

9%

8%

Respondents by Type of

Company/Organization

Publicly traded company

Non-profit or not-for-

profit organization

Privately owned company

Academic institution

Other (please clarify in

the box provided)


8/141


PROGRAM OVERSIGHT

More than half (56 percent) of surveyed organizations give the person with overall responsibility for the

compliance and ethics program the title of Chief Compliance and/or Ethics Officer or Compliance and/or

Ethics Officer. Most often, the person with overall responsibility for the program reports to the CEO,

followed by the Board of Directors, followed by the General Counsel or Chief Legal Officer. Seventy-nine

percent of those who do not report to the Board indicate having a dotted reporting line to the Board.

It is worth noting that within this study, we have chosen to break out the roles of the person who has

overall responsibility for the program versus the person with day-to-day operational responsibility. We

have done this as the differing responsibilities of the person responsible for the overall operation of the

program and the person or persons responsible for the day-to-day operation of the program are

important to note if they are not one and the same person. As the US Federal Sentencing Guidelines

note, "[i]f the specific individual(s) assigned overall responsibility for the compliance and ethics program

does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-

day operational responsibility for the program typically should, no less than annually, give the governing

authority or an appropriate subgroup thereof information on the implementation and effectiveness of

the compliance and ethics program," Application Note 3, Sec. 8B2.1, and the person with "day-to-day"

authority "shall be given adequate resources, appropriate authority, and direct access to the governing

authority or an appropriate subgroup of the governing authority." Sec. 8B2.1 (b) 2.

Two-thirds of organizations maintain an internal committee dedicated to compliance and ethics. Not

surprisingly, the Chief Compliance and/or Ethics Officer most commonly chairs the internal compliance

and ethics committee (41 percent) and most often reports its findings and recommendations to the

Audit Committee. The majority of internal compliance and ethics committees have cross-functional

representation (72 percent) and a documented charter (71 percent). Nearly all (93 percent) have

regularly scheduled meetings that take place at least quarterly. A wide variety of topics are commonlydiscussed during committee meetings, including upcoming initiatives (81 percent), training initiatives

and statistics (81 percent), legal and regulatory updates (76 percent), and policy management and

updates (75 percent).

Most organizations have a charter or detailed written description for the compliance and ethics function

(79 percent). In addition, the majority have formally documented the delegation of the oversight of the

compliance and ethics function to a person or committee (71 percent).

Two-thirds of respondents indicate that the same person is assigned both overall and day-to-day

operational responsibility for the compliance program.


9/141


Program Oversight: Reporting and Structure

Forty percent of organizations indicate that the job title of the person assigned overall responsibility for

the compliance and ethics program is Chief Compliance and/or Ethics Officer. Only 8 percent of

surveyed organizations assign overall responsibility for the compliance and ethics program to the

General Counsel or Chief Legal Officer.

67%

33%

0%

10%

20%

30%

40%

50%

60%

70%

80%

Yes No

Is the same person assigned both overall

and day-to-day operational responsibility

for your compliance and ethics function?

40%

16%

14%

9%

9%

8%

3% 1% 0%

Please specify the job title(s) of the person assigned overall

responsibility for the compliance and ethics program.

Chief Compliance and/or Ethics

Officer

Compliance and/or Ethics Officer

Director

Executive, Senior, or Vice President

Other

General Counsel or Chief Legal

Officer

Manager

Chief Human Resources Officer


10/141


The most common job title for the person with day-to-day operational responsibility for the compliance

and ethics program is Director (35 percent), followed by Compliance and Ethics Officer(18 percent)

and Manager (12 percent).

35%

18%14%

12%

10%

8%

1% 1% 1%

Job title(s) of the person delegated day-to-day operational

responsibility for the compliance and ethics program.

Director


Other

Manager

Executive, Senior, or Vice President

Chief Compliance and/or Ethics

Officer

Chief Executive Officer



11/141


Thirty-eight percent of those with overall program responsibility report directly to the CEO, while 19

percent report to the Board of Directors. Respondents who selected Other report to a Company

President, Vice President of Finance & Corporate Operations, or Group Financial Controller, among

others. Only 18 percent report to the General Counsel or CLO.

38%

20% 19%18%

4%

1%

0%

5%

10%

15%

20%

25%

30%

35%

40%

CEO Other Board of

Directors

General

Counsel or

CLO

COO Chief HR

Officer

To whom does the person with overall

responsibility for the compliance program

report?


12/141


Although only 19 percent of those with overall responsibility for the program report directly to the

Board, the overwhelming majority (79 percent) have a dotted reporting line to the Board.

79%

21%

Does the person with overall responsibility

for the compliance program have a dottedreporting line to the Board?

Yes

No


13/141


Of organizations in which the person with day-to-day responsibility does not have overall responsibility

for the program, 31 percent indicate that the day-to-day person reports to the Chief Ethics and/or

Compliance officer, followed by the General Counsel or Chief Legal Officer (21 percent).

0%

0%

6%

9%

13%

21%

21%

31%

0% 5% 10% 15% 20% 25% 30% 35%

Board of Directors

Chief HR Officer

COO

Executive, Senior or Vice

President

CEO

General Counsel or CLO

Other

Chief Compliance and/or Ethics Officer

To whom does the person with day-to-dayoperational responsibility for the compliance

program report?


14/141


Whereas 78 percent of those with overall responsibility for the compliance program have a dotted

reporting line to the Board, only 36 percent of those with day-to-day responsibility have dotted-line

reporting to the Board.

36%

64%

78%

22%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Yes No

Do you have a dotted reporting line to theBoard?

Person with day-to-day responsibility Person with overall responsibility


15/141


Thirty-nine percent of respondents indicate that the Board (or Board committee assigned program

oversight) is not required to be notified of or to approve employment decisions regarding the person

with overall responsibility for the compliance and ethics program. Only one-quarter (26 percent) of

surveyed organizations require notification and approval of such employment decisions.

39%

35%

26%

Is the Board or a Board committee required to be notified or approve

of employment decisions relating to the person who has been

delegated overall responsibility?

No

Yes, notification is required

Yes, notification and

approval is required


16/141


The person with overall responsibility reports to the Board or Board committee much more frequently

than the person with day-to-day operational responsibility. While two-thirds (67 percent) of those with

overall responsibility report to the Board or Board committee at least quarterly, nearly half (43 percent)

of those with day-to-day responsibility report to the Board either on an ad hoc basis only or not at all.

44%

23%

9% 9%6% 5%

3%

22%

16%

25%

10%

6%4%

18%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Regularly

scheduled,

quarterly

Regularly

scheduled,

more often

than quarterly

Ad hoc only Regularly

scheduled,

annually

Regularly

scheduled,

biannually

Regularly

scheduled,

three times per

year

Never

Frequency of communication with the Board or a Board

committee

Person with overall program responsibility Person with day-to-day program responsibility


17/141


The topics most commonly communicated to the Board or Board committee include C&E program

audits, assessments and/or benchmarking (82 percent); Code of Conduct updates or revisions (79

percent); overall program performance (73 percent); C&E risk assessments (72 percent); training

initiatives and statistics (68 percent); misconduct investigations and resolutions (68 percent); and

significant legal and regulatory updates (67 percent).


18/141


The majority of compliance groups are invited or allowed to attend and add elements to human

resources training events, attend audits, and add compliance and ethics questions to employee surveys.

Less than half are invited to provide formal input on corporate business strategy or allowed time on

sales/marketing agendas.

37%

48%

61%

67%

69%

76%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Invited/allowed time on sales and marketing agendas

Invited to provide formal input on corporate business

strategy

Invited/allowed to attend human resources training events

Invited/allowed to add compliance and ethics questions to

employee surveys

Invited/allowed to attend audits

Invited/allowed to add compliance and

ethics elements to human resources training events

Types of interactions ethics and compliance function has with

other functional groups within the organization


19/141


Program Oversight: Compliance and Ethics Committees

Two-thirds (68 percent) of surveyed organizations maintain an internal compliance and ethics

committee.

68%

15%

17%

Does yourorganization maintain an internalcommittee dedicated to compliance and

ethics?

Yes

No, but internalstakeholders meet on

an ad hoc basis

No


20/141


Not surprisingly, the Chief Compliance and/or Ethics Officer most commonly chairs the internal

compliance and ethics committee (41 percent), followed by the Compliance and/or Ethics Officer (16

percent).

41%

16%

12% 11% 11%

6%

2% 1% 1% 0% 0%0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

ChiefCompliance

and/or

Ethics

Officer

Complianceand/or

Ethics

Officer

Executive,Senior or

Vice

President

Director Other GeneralCounsel or

Chief Legal

Officer

Manager Chief AuditOfficer

There is nochair

ChiefHuman

Resources

Officer

Chief RiskOfficer

Who is the chair of the internal compliance and ethics committee?


21/141


The internal compliance committee most often reports its findings and recommendations to the full

Board of Directors (39 percent); the Audit Committee (38 percent); someone at the executive, senior, or

vice president level (26 percent); or the Chief Compliance and/or Ethics Officer (20 percent).

5%

6%

8%

10%

10%

12%

18%

20%

26%

38%

39%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Chief Risk Officer


Chief Audit Officer


The committee does not provide reports

Other

General Counsel or Chief Legal Officer

Chief Compliance and/or Ethics Officer

Executive, Senior or Vice President

Audit Committee of the Board

Board of Directors

To whom does the internal compliance and ethics

committee report its findings and recommendations?

(select all that apply)


22/141


Most internal compliance and ethics committees keep minutes at each meeting (76 percent), have

cross-functional representation (72 percent), maintain a documented charter (71 percent), and are

executive-level (54 percent). Fewer committees have executive- and manager-level representation, have

rotating memberships, or are manager-level only.

76%72% 71%

54%

39%

12%8%

0%

10%

20%

30%

40%

50%

60%

70%

80%

Minutes are kept

at each meeting

Cross-functional

committee

Documented

charter

Executive level

committee

Executive and

manager level

committee

Rotating

membership

Manager level

committee

Select the options that best describe characteristics of your internal compliance andethics committee. (select all that apply)


23/141


The majority (58 percent) of internal compliance and ethics committees meet on a regularly scheduled,

quarterly basis. Only 7 percent of committees meet less than quarterly.

58%

35%

3% 2% 1% 1%0%

10%

20%

30%

40%

50%

60%

70%

Regularly

scheduled,

quarterly

Regularly

scheduled, more

often than

quarterly

Regularly

scheduled, three

times per year

Ad hoc only Regularly

scheduled,

biannually

Regularly

scheduled,

annually

How often does the internal compliance and ethics

committee meet?


24/141


The majority of internal compliance and ethics committees discuss the topics listed in the chart below,

with the exception of Code of Conduct updates and/or revisions (6 percent).

6%

53%

59%

69%

69%

70%

73%

74%

74%

75%

76%

79%

81%

81%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Code of Conduct updates/revisions

Compliance and ethics program

audits/assessments/benchmarking

Compliance and ethics risk assessments

Culture of ethics employee assessments

Culture communication initiatives

Hotline and reporting statistics

Industry trends and best practice updates

Misconduct investigations and resolutions

Overall program performance

Policy management/updates

Significant legal and regulatory updates

Training initiatives and statistics

Upcoming program initiatives

Other

Select the topics that are discussed during the

internal compliance and ethics committeemeetings. (select all that apply)


25/141


Half (51 percent) of surveyed organizations have less than four full-time employees dedicated to the

ethics and compliance function. However, an additional chart depicting the allocation of personnel to

the ethics and compliance function in relation to the overall size of the organization provides further

insight.

28%

23%

11%

11%

9%

7%

3%3%

3% 2%

Approximate full-time employee equivalent dedicated to the ethics and

compliance function within your organization

2 3 employees

One employee

4 5 employees

6 9 employees

Less than one full-time equivalent

9 19 employees

30 49 employees

Over 100 employees

20 29 employees

50 99 employees


26/141


Less than 1

employee

One

employee

2-3

emloyees

4-5

employees

6-9

employees

9-19

employees

20-29

employees

30-49

employees

50-99

employees

Over 100

employees

Less than 1,000 employees

24% 31% 32% 6% 3% 4% 1% 0% 0% 0%

1,000 - 4,999 employees

3% 36% 23% 17% 12% 6% 1% 0% 1% 0%

5,000 - 9,999 employees

3% 6% 47% 13% 6% 9% 0% 9% 6% 0%

10,000 - 24,999 employees

2% 12% 22% 10% 22% 10% 7% 5% 2% 7%

25,000 - 49,999 employees

0% 0% 25% 6% 25% 19% 6% 0% 6% 13%

50,000 - 99,999 employees

0% 0% 20% 0% 0% 0% 0% 20% 20% 20%

Over 100,000 employees

17% 17% 0% 17% 0% 0% 0% 33% 0% 0%

Full-time Employee Equivalent dedicated to Compliance and Ethics Function by Total Workforce Size

79%

21%

Is there a charter, or detailed written

description, for the compliance and

ethics function?

Yes

No


27/141


Nearly three-fourths (71 percent) of surveyed organizations have formally documented delegation of

the oversight of the compliance and ethics function to a person or committee.

51%

20%

15%

9%

5%

Has the Board formally documented delegation

of the oversight of the compliance and ethics

function to a person or committee?

Yes, to a committee

Yes, to a person

No

No, but a committee hasoversight in practice

No, but a person has

oversight in practice


28/141


Oversight of the compliance and ethics function is most commonly delegated to the Audit Committee

(41 percent) or Compliance Committee (20 percent). Those who selected other typically delegate

oversight to a joint committee between compliance/ethics and another function (such as legal, audit, or

risk management).

The vast majority (92 percent) of oversight committees hold regularly scheduled meetings at leastquarterly.

41%

32%

20%

5%

2%

Please indicate the name of the related oversight

committee.

Audit Committee

Other

Compliance Committee

Governance Committee

Risk Management

Committee

57%

35%

5%2% 1%

0%

10%

20%

30%

40%

50%

60%

70%

Regularly scheduled,

quarterly


more often than

quarterly


three times per year


annually


biannually

How often does the related oversight committee meet?


29/141


Organizations appear to share a great deal of information related to compliance and ethics with the

Board or Board Committee. At least 75 percent of surveyed organizations report C&E program audits,

assessments, or benchmarking (80 percent); Code of Conduct updates or revisions (77 percent); overall

program performance (76 percent); and C&E risk assessments (75 percent). Less commonly reported

information includes culture communication initiatives (49 percent) and culture of ethics assessments

(46 percent).

6%

46%

49%

53%

60%

63%

65%

69%

70%

73%

75%76%

77%

80%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Other

Culture of ethics employee assessments

Culture communication initiatives

Industry trends and best practice updates

Policy management and updates

Upcoming program initiatives

Training initiatives and statistics

Misconduct investigations and resolutions

Significant legal and regulatory updates

Hotline and reporting statistics

Compliance and ethics risk assessments

Overall program performance

Code of Conduct updates/revisions

C&E program audits/ assessments/benchmarking

Indicate which information (if any) your organization

reports to the Board or Board committee. (select all that

apply)


30/141


Slightly over half (53 percent) of organizations report having compliance and ethics points of contact

embedded within their various business units or regions.

53%47%

Does your organization have compliance and ethics

points of contact embedded within business units and/orregions?

Yes

No


31/141


STANDARDS AND DOCUMENTATION

Not surprisingly, 97 percent of surveyed organizations maintain an organization-wide employee Code of

Conduct. However, less than half of organizations (41 percent) meet the best practice standard of

rewriting or updating their Code at least every two to three years. Additionally, less than half (43

percent) maintain a document that outlines how frequently the Code is updated. Employee knowledge

assessments and culture surveys are the most commonly cited tools used to measure the effectiveness

of the Code (51 and 49 percent, respectively), followed by tracking Code communication initiative dates

against employee reports (18 percent), and employee focus groups (17 percent).

Seventy-three percent of organizations that have operations or transact business in more than one

country translate their Code, compared to 37 percent of all surveyed organizations. Of these

organizations that translate their Codes, nearly half (47 percent) translate the document into all official

languages. An additional 20 percent translate the Code into all official languages as well as some

additional languages.

Similarly, 57 percent of organizations that have operations or transact business in more than onecountry translate their policies, compared to 29 percent of all surveyed organizations. Forty-five percent

of these organizations translate their policies into all official languages, and another 12 percent translate

into some additional languages as well.

Nearly all organizations (95 percent) require at least some of their employees to acknowledge the Code

on a periodic basis, with over half (57 percent) requiring employees to acknowledge annually.

While only one-third of surveyed companies maintain a third-party or supplier code, nearly half (44

percent) do require third parties to sign an agreement stating that they will adhere to compliance

standards.


32/141


Nearly all surveyed organizations (97 percent) maintain an organization-wide employee Code of

Conduct. Three-fourths (75 percent) review the Code at least every two to three years.

97%

3%

Does your organization maintain an organization-

wide employee Code of Conduct?

Yes

No

54%

21%

13%

3% 3% 2% 2% 2%

0%

10%

20%

30%

40%

50%

60%

Annually Every 2-3

years

Every 3-5

years

Other Biannually Quarterly Every 5-7

years

Less

frequently

than everyseven years

How often does the compliance and ethics function review

the Code for potential updates?


33/141


Less than half (41 percent) of organizations meet the best practice standard of rewriting or substantially

revising their Code at least every two years. Similarly, less than half (43 percent) formally document the

frequency with which the Code is updated. An organizational policy on internal policies is the most

common means of documenting the frequency of Code updates.

33%30%

11% 10% 8% 8%

0%

5%

10%

15%

20%

25%

30%

35%

40%

Every 3-5

years

Every 2-3

years

Annually Other Less

frequently

than every

seven years

Every 5-7

years

How often does the Code undergo substantial

revision or rewriting?

57%

24%

11%8%

0%

10%

20%

30%

40%

50%

60%

This is not formally

documented

Organizational policy on

internal policies

Compliance and ethics

program charter

Compliance and ethics

committee charter

Indicate the document that outlines the frequency

with which the Code is updated.


34/141


Employee compliance knowledge assessments (51 percent) and culture surveys (49 percent) are the

tools most commonly used to measure the effectiveness of the Code. Respondents who selected

otheralso cited helpline reporting trends and exit interviews.

10%

12%

17%

18%

24%

49%

51%

0% 10% 20% 30% 40% 50% 60%

Tracking Code release dates against employeereports

Tracking employee utilization of Code

resources on your intranet

Employee focus groups

Tracking Code communication initiative dates

against employee reports

Other

Employee culture of integrity and compliance

surveys

Employee compliance knowledge assessments

Which methods do the compliance and ethicsfunction utilize to measure the effectiveness of the

Code? (select all that apply)


35/141


85%

11%4%

Does your Code address your organizations

formal set of organizational values?

Yes

No, but compliance and

ethics function-specific

values are discussed

No


36/141


10%

18%

29%

37%

39%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Number of employees working within a

country or region

Number of employees who speak a languageas their primary language

Countries or regions in which the organization

has operations

Local laws where the organization operates

Location of company headquarters is only

official language

How does your organization determine what its

official languages are? (select all that apply)


37/141


While less than 40 percent of all surveyed organizations (domestic and global) translate their Code, 73

percent of respondents that have operations or transact business in more than one country do translate

it.

37%

63%

Do you translate your Code? (all respondents)

Yes

No

73%

27%

Do you translate your Code? (organizations

that have operations or transact business in

more than one country)

Yes

No


38/141


Two-thirds (67 percent) of all organizations that translate their Code do so into all of their official

languages.

47%

29%

20%

4%

Do you translate your Code into all official

languages?

Yes

No

Yes as well as some

additional languages

Other


39/141


Over half (57 percent) of organizations that have operations or conduct business in more than one

country translate their policies, yet less than one-third (29 percent) of all respondents (domestic and

global) indicate that they do so. Over half (57 percent) of those that translate their policies translate

them into all official languages. It is worth noting that while 73% of organizations translate their Code,

only 29% of all respondents translate their related policies, while organizations who have international

operations still fall below the Code benchmark with 57% translating policies.

29%

71%

Do you translate your policies? (all

respondents)

Yes

No

57%

43%

Do you translate your policies? (organizations

that have operations or conduct business in more

than one country)

Yes

No


40/141


47%

29%

20%

4%

Do you translate your Code into all official

languages?

Yes

No

Yes as well as some

additional languages

Other


41/141


Nearly all organizations (95 percent) require at least a portion of their employees to acknowledge the

Code periodically. Over half (57 percent) require all employees to acknowledge the Code annually, and

half (50 percent) collect acknowledgements directly following Code training. Twenty percent of

organizations require managers and above to acknowledge the Code either annually or biennially.

Organizations collect acknowledgements equally in soft (45 percent) and hard (43 percent) copy

formats.

1%

2%

5%

19%

28%

43%

45%

50%

57%

0% 10% 20% 30% 40% 50% 60% 70%

Managers and above are required to acknowledge

the Code biennially

All employees are required to acknowledge the

Code biennially

My organization does not collect acknowledgments

of the Code

Managers and above are required to acknowledge

the Code annually


Code upon hire only

Acknowledgments are collected in hard copy

format

Acknowledgments are collected in soft copy format

Acknowledgments of the Code are collected

directly following Code training


Code annually

Which of the following apply to the

acknowledgment of your Code? (select all that

apply)


42/141


Most organizations maintain standalone policies for universal risk areas including workplace

harassment, discrimination/diversity, data privacy, information security, conflicts of interest, and

workplace health and safety. Though only half of all surveyed organizations maintain a standalone anti-

corruption/bribery policy, 77 percent of organizations that have operations or transact business in more

than one country maintain a standalone policy on anti-corruption/bribery.

12%

20%

34%

36%

39%

41%

44%

47%

48%

50%

51%

62%

62%

62%

67%

71%

72%

74%

74%

74%

76%

78%

78%

78%

83%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Conflict minerals

Money laundering

Fair dealing (fair business pract ices)

Antitrust/Competition

Insider trading

Environmental protection

Intellectual property

Company assets

Political contributions, activities and lobbying

Anti-corruption/Bribery

Policy management

Misconduct investigations

Financial integrity and fraud

Social media

Non-retaliation

Gifts and entertainment

Records management

Conflicts of interes t

Records retention

Workplace health a nd safety

Confidential information

Information security

Data privacy

Equal employment opportunity/Discrimination/Diversity

Workplace harassment

For which of the following risk topics does your organization maintain written,

standalone policies (coverage within the Code does not apply)? (select all that

apply)


43/141


Nearly nine out of ten organizations (87 percent) review their policies at least every two to three years

for potential updates.

44% 43%

10%

3%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Every 2-3 years Annually Every 4-6 years Less frequently than

every seven years

How often does your organization normally

review your policies for potential updates?


44/141


Only one-third of all surveyed companies maintain a third-party or supplier code of conduct, and 23

percent of those companies require third parties to sign an agreement to abide by the code. Nearly half

(44 percent) require third parties to sign an agreement to adhere to the companys compliance

standards.

33%

67%

Does your organization maintain a third party

(supplier) code of conduct?

Yes

No

44%

33%

23%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Yes, they are required to s ign an

agreement to adhere to our

integrity standards, which is

included in our contract

No Yes, they are required to sign an

agreement to abide by the third

party code of conduct

Are third parties required to sign an agreement

agreeing to adhere to compliance standards?


45/141


DUE CARE

Nearly all organizations (93 percent) conduct background checks for some or all individuals in positions

of trust (where permitted by law). Of these organizations, only 17 percent perform checks upon

consideration for a promotion, and 16 percent perform checks periodically.

Two-thirds of organizations require conflicts of interest acknowledgement and/or disclosure (separatefrom a Code acknowledgement) from some or all of their employees. Of these companies, 81 percent

require acknowledgement and/or disclosure annually. The majority require conflicts of interest

acknowledgement and/or disclosure from all director-level personnel and above.

Only 37 percent of surveyed companies track both gifts and entertainment. Seven percent track either

gifts or entertainment only. Of those that track both, 41 percent use an automated tracking tool.


46/141


Ninety-three percent of all surveyed organizations conduct background checks for at least some

individuals in positions of trust (where permitted by law). The majority (59 percent) conduct checks for

all positions, and 20 percent conduct checks depending on seniority level and business function.

Among the organizations that conduct background checks depending on seniority level, the majority

conduct them for all managers with direct reports and above.

59%

20%

9% 7% 4%

0%

10%20%

30%

40%

50%

60%

70%

Yes, for all positions Yes, for some

positions depending

on seniority level

and business

function

Yes, for some

positions depending

on business function

No Yes, for some

positions depending

on seniority level

Does your organization conduct background checks

of individuals in positions of trust(where permitted

by law)?

36%

41%

48%

56%

57%

66%

74%

82%

84%

92%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Supervisor level personnel w/o direct reports

Supervisor level personnel with direct reports

Manager level personnel w/o direct reports

Manager level personnel with direct reports

Director level personnel w/o direct reports

Director level personnel with direct reports

Vice President personnel

Executive Vice President personnel

Senior Vice President personnel

Chief Executive personnel

Which seniority levels merit a background check

within your organization? (select all that apply)


47/141


Finance and accounting (85 percent), compliance and ethics (68 percent), human resources (65 percent),

security (64 percent), and internal audit (61 percent) are the most common business functions that

merit background checks.

53%

55%

57%

61%

64%

65%

68%

85%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Procurement

Risk Management

Information Technology

Internal Audit

Security

Human Resources

Compliance and Ethics

Finance and/or Accounting

Indicate which business functions merit abackground check for potential employees.



48/141


An overwhelming majority (94 percent) of organizations perform background checks during pre-

employment screening. Only 17 percent conduct checks upon promotion, and 16 percent perform them

periodically.

During the pre-employment screening process, most organizations (82 percent) check resumes to

confirm accuracy and honesty, and the majority also check government debarment/exclusion lists (69percent) and conduct third-party employment checks (64 percent).

94%

17%

10%

3% 3%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

During pre-

employment

screening

Upon

consideration for a

promotion

Annually Every 2-4 years Every 5-9 years

Indicate when background checks are generally

performed. (select all that apply)

82%

69%64%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Check resumes to confirm

accuracy and honesty

Check government

debarment/exclusion lists

Conduct third-party

employment checks

During the pre-employment screening process,does your organization:


49/141


Two-thirds (67 percent) of all surveyed organizations require conflicts of interest acknowledgement

and/or disclosure from at least some employees, with almost one-third (30 percent) requiring

acknowledgement from all employees.

Periodic conflicts of interest acknowledgement and/or disclosure are required for nearly all C-suite

personnel (94 percent), followed by executive vice president (81 percent), senior vice president (78percent), and vice president (71 percent) personnel.

33%

30%

18%

14%

5%

0%

5%

10%

15%

20%

25%

30%

35%

No Yes, for all employees Yes, for employees at

specific seniority levels

and within specific

business functions

Yes, for employees at

specific seniority levels

Yes, for employees within

specific business

functions

Does your organization require periodic conflicts of interest

acknowledgment and/or disclosure from employees separate

from a Code acknowledgment?


50/141


Finance and accounting (86 percent) and compliance and ethics (84 percent) are the most common

business units included in periodic conflicts of interest acknowledgements, followed by information

technology (72 percent), human resources (68 percent), procurement (61 percent), and internal audit

(60 percent).

20%

26%

34%

43%

55%

66%

71%

78%

81%

95%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Supervisor level personnel without direct reports

Supervisor level personnel with direct reports

Manager level personnel without direct reports

Manager level personnel with direct reports

Director level pe rsonnel without direct

reports

Director level personnel with direct reports

Vice President personnel

Senior Vice President personnel

Executive Vice President personnel

Chief Executive personnel

Seniority levels included in the periodic conflicts of interest

acknowledgment and/or disclosure: (select all that apply)


51/141


40%

47%

51%

51%

60%

61%

68%

72%

84%

86%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Security

Sales

Marketing

Risk Management

Internal Audit

Procurement

Human Resources

Information Technology

Compliance and Ethics

Finance and/or Accounting

Business units included in the periodic conflicts of

interest acknowledgment and/or disclosure: (select

all that apply)


52/141


The most common types of conflicts assessed in the acknowledgement and/or disclosure are the

following: doing business with family or people with whom one has a personal relationship (93 percent),

outside employment (83 percent), and family or personal relationships with coworkers (76 percent).

A vast majority of organizations (81 percent) require annual conflicts of interest acknowledgement

and/or disclosure.

10%

48%

66%

69%

76%

83%

93%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other

Organizational opportunities

Investments

Serving on outside Boards

Family or personal relationships withother employees

Outside employment

Doing business with family/others

with whom you have a personal relationship

What types of conflicts does the conflict of interest

acknowledgment and/or disclosure assess? (select all

that apply)

81%

16%

2% 1%

How frequently does your organization require

conflicts of interest acknowledgment and/or

disclosure?

Annually

Ad hoc basisBiannually

Every three years


53/141


Over half of surveyed organizations (56 percent) do not track gifts or entertainment. Of the 44 percent

of companies that do, over one-third (37 percent) track both gifts and entertainment.

56%

37%

5%2%

0%

10%

20%

30%

40%

50%

60%

No Yes, we track both

gifts and

entertainment

Yes, but we only track

gifts

Yes, but we only track

entertainment

Does your organization track gifts and

entertainment?


54/141


Survey results indicate that organizations utilize a variety of tools to track gifts and entertainment. An

automated tracking tool (41 percent) is most commonly used, followed by email (28 percent), business

unit- or department-specific Excel spreadsheets (17 percent), and centralized Excel spreadsheets (14

percent).

Half (51 percent) of these tools allow for retroactive notification and/or disclosure, and slightly less thanhalf (43 percent) allow for cumulative tracking per recipient. One-third of gift and entertainment

tracking tools allow for approval before acceptance, cumulative tracking per recipient organization, and

approval before an offer.

41%

28%

17%

14%

What method of gift and entertainment tracking do

you use?

Automated tra cking tool

Emails sent to compliance

and ethics function

Business unit/department-

specific Excel spreadsheets

Centralized Excel

spreadsheet

51%

43%

32% 32%30%

0%

10%

20%

30%

40%

50%

60%

Retroact ive notification

and/or disclosure

Cumulative gift and

entertainment tracking

per recipient

Approval before

employees accept an

offer of gifts or

entertainment

Cumulative gift and

entertainment tracking

per recipient

organization

Approval before

employees offer gifts or

entertainment

Your gift and entertainment tracking tool allows for: (selectall that apply)


55/141


Among organizations that only track gifts, 38 percent utilize an automated tracking tool, while slightly

under one-third use a centralized spreadsheet (31 percent) or email (31 percent).

Most tools allow for retroactive notification and/or disclosure (54 percent) or cumulative tracking per

recipient (38 percent). Fewer organizations gift tracking tools allow for approval before acceptance (23

percent), approval before an offer (8 percent), and cumulative tracking per recipient organization (8percent).

38%

31% 31%

0%0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Automated tracking tool Centralized Excel

spreadsheet

Emails sent to compliance

and ethics function

Business unit/department-

specific Excel spreadsheets

What method of gift tracking do you use?

54%

38%

23%

8% 8%

0%

10%

20%

30%

40%

50%

60%

Retroactive notification

and/or disclosure

Cumulative gift tracking

per recipient

Approval before

employees accept an

offer of gifts

Approval before

employees offer gifts

Cumulative gift tracking

per recipient

organization

Your gift tracking tool allows for: (select all that apply)


56/141


Forty percent of organizations only track gifts received by employees that exceed a specific monetary

threshold. Slightly over one-third (36 percent) track all gifts given by employees, and one-third track all

gifts received by employees.

8%

13%

13%

15%

27%

33%

36%

40%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

We track honoraria offered by employees

Gifts offered (but not accepted) to employees

are only tracked if they exceed a specific

monetary threshold

We track honoraria received by employees

All gifts offered (but not accepted) to employees

are tracked

Gifts given by employees are only tracked if they

exceed a specific monetary threshold

All gifts received by employees are tracked

All gifts given by employees are tracked

Gifts received by employees are

only tracked if they exceed a specific monetary

threshold

For gift tracking, which of the following apply to your

organization? (select all that apply)


57/141


With respect to entertainment tracking, 42 percent of organizations track all entertainment provided by

employees, and 24 percent only track entertainment provided by employees that exceeds a specific

monetary threshold. One-third (34 percent) only track entertainment provided to employees that

exceeds a specific monetary threshold, while 30 percent track all entertainment provided to employees.

13%

20%

24%

30%

34%

42%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

All entertainment offered (but not accepted) to

employees is tracked

Entertainment offered (but not accepted) to

employees is only tracked if it exceeds a specific

monetary threshold

Entertainment provided by employees is only

tracked if it exceeds a specific monetary

threshold

All entertainment provided to employees istracked

Entertainment provided to employees is only

tracked if it exceeds a specific monetary

threshold

All entertainment provided by employees is

tracked

For entertainment tracking, which of the

following apply to your organization? (select all

that apply)


58/141


ETHICS AND COMPLIANCE TRAINING

Ninety-six percent of organizations reportedly offer ethics and compliance training. Of these

organizations, 81 percent invest the time and resources to measure its effectiveness. The top four

methods of measuring effectiveness are tracking misconduct trends (50 percent), administering

comprehension tests directly after training (47 percent), obtaining feedback from managers (43

percent), and performing culture of ethics assessments (39 percent). In addition, 73 percent of

organizations offer risk-specific training.

However, organizations often struggle with gaining training completions. Specifically, only 88 percent of

organizations reach 90 percent completion for Code training. Only 74 percent of organizations achieve

this benchmark for risk-specific training. The most common methods cited for achieving this goal include

using direct email reminders (71 percent), incorporating rollout and reminder emails for all training

participants into the communication plan (55 percent), holding department heads accountable for

completion rates within their departments (50 percent), and holding managers accountable for the

completion rates of their direct reports (46 percent).

Not surprisingly, the majority of organizations (69 percent) offer Code training on an annual basis. Code

training proved to cover a wide range of risk topics, including most often conflicts of interest, gifts and

entertainment, and company assets. In terms of targeted, standalone risk topic training, respondents

indicated that anti-corruption/bribery, antitrust/competition, and financial accuracy/fraud are the most

common topics.

More than half of respondents (55 percent) engage in pre- and post-training testing to gauge employee

knowledge.

Thirty-nine percent of organizations provide targeted ethics and compliance training on manager

responsibilities to all managers, while an additional 11 percent offer such training to senior managers

only. The most common topics for training include handling reports and concerns (80 percent),

encouraging employees to raise concerns (78 percent), maintaining an open-door environment (74

percent), establishing tone from the middle (70 percent), and preventing and spotting retaliation (66

percent).

Thirty-four percent of organizations reportedly distribute compliance and ethics communications to the

entire employee population at least once per month.

Two-thirds of organizations (65 percent) provide compliance and ethics resources to managers to help

them promote compliance and ethics within the organization.

The majority of respondents (81 percent) indicated that all employees receive compliance and ethics

training. Eighty three percent of organizations deliver the training in an online format, while 71 percent

choose to do so in person. A modest amount of respondents (nine percent) utilize mobile platforms.


59/141


4%

4%

9%

22%

71%

81%

83%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

C&E training is not offered within my

organization

Other

C&E training is delivered on mobile platforms

C&E training is delivered to managers and above

C&E training is delivered in person

C&E training is delivered to all employees

C&E training is delivered in an online format

Select which of the following statements apply to

your ethics and compliance training program. (select

all that apply)


60/141


Organizations measure the effectiveness of their ethics and compliance programs in many ways. The top

four methods include tracking misconduct trends (50 percent), administering comprehension tests

directly after training (47 percent), obtaining feedback from managers (43 percent), and performing

culture of ethics assessments (39 percent).

9%

13%

19%

21%

39%

43%

47%

50%

0% 10% 20% 30% 40% 50% 60%

Other

Knowledge assessments (performed separately

from training)

My organization does not measure effectiveness

of the training program

Tracking reporting frequency against training

rollout timing

Culture of ethics assessments

Feedback from managers

Comprehension tests delivered immediately

following training

Tracking misconduct trends

How do you measure the effectiveness of your

compliance and ethics training program?(select all that

apply)


61/141


The most common frequency for reviewing and measuring the effectiveness of a compliance and ethics

training program was on an ongoing basis (41 percent), followed by annually (32 percent), and on an ad

hoc basis (15 percent).

Well over half of organizations with an ethics and compliance function (58 percent) maintain a formally

documented compliance and ethics curriculum. Not surprisingly, more than four out of five

organizations (82 percent) offer Code training.

41%

32%

15%

6%

3% 3%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Ongoing basis Annually Ad hoc basis Every two

years

Every three

years

Other

How frequently do you measure the effectiveness ofyour compliance and ethics training program using

the selected measurements?


62/141


58%

42%

Does your compliance and ethics function maintain a

formally documented compliance and ethics

curriculum?

Yes

No

82%

18%

Does your compliance and

ethics function offer Code training?

Yes

No


63/141


Nearly three-quarters of respondents (73 percent) offer risk-specific training to employees.

73%

27%

Does your compliance and ethics function offer

risk-specific training?

Yes

No


64/141


When asked to characterize their organizations documented compliance and ethics curriculum, more

than two-thirds (69 percent) indicated that it includes multiple risk areas. Other common aspects

include defined target audiences (53 percent), specified training frequency by topic (47 percent), one-

year time span (47 percent), specified modality for each topic/audience (45 percent), creation through

cross-functional collaboration (44 percent), and use of a rollout schedule (44 percent).

4%

29%

40%

44%

44%

45%

47%

47%

53%

69%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Other

Takes a multi-year approach

Includes target completion rates

Includes a training rollout schedule

Created through cross-functional collaboration

Addresses modality for each topic/audience

Covers one year of training

Includes training frequency by topic

Includes defined target audiences

Includes multiple risk areas

Which of the following apply to your documented

compliance and ethics curriculum? (select all that

apply)


65/141


Completion rates are higher on average for Code training than risk-specific training (based on those

organizations offering risk-specific training). This is most evident at the 96-100 percent completion

interval (71 percent versus 53 percent). These rates indicate that organizations are struggling to achieve

the goal of 100 percent training completion.

71%

17%

6%3% 2% 1% 1% 0%

0%

10%

20%

30%

40%

50%

60%

70%

80%

96 100% 90 95% 88 89% 40 59% 70 79% 20 39% 60 69% 0 19%

On average, what is the completion rate for your Code

training?

53%

21%

11%

4% 4% 3% 2% 1%

0%

10%

20%

30%

40%

50%

60%

96 100% 90 95% 80 89% 40 59% 70 79% 60 69% 20 39% 0 19%

On average, what is the completion rate for risk-specific

training?


66/141


The most common audience for Code training is all employees (85 percent), followed by employees with

computer access (seven percent).The overwhelming majority (93 percent) of respondents indicate thatCode training is mandatory.

0%

1%

1%

2%

2%

2%

7%

85%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

All vice presidents and above

All directors and above

All managers and above

All salaried employees and some hourly

employees

All salaried employees

Other

All employees with computer access

All employees

Which best describes your Code training audience?


67/141


93%

6% 1%

Is Code training mandatory?

Yes, for all employees

Yes, for some employees,

but not for other employee

groups

No


68/141


Code training reportedly has a number of key characteristics. Eighty-four percent of respondents

indicated that the training is part of the new employee orientation process, 76 percent track completion

rates, 67 percent review and refresh content on a regular basis, 48 percent include comprehension

testing, 35 percent track and maintain testing results, and 34 percent include training as a component of

performance evaluations.

34%

35%

48%

67%

76%

84%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Completion of training is part of employee

performance evaluation

Testing results are tracked and maintained

Includes comprehension testing

Content is reviewed and refreshed on a regularbasis

Tracked for completion rates

Part of the new employee orientation process

Select the characteristics that best describe your Code

training. (select all that apply)


69/141


More than two-thirds (69 percent) of organizations deliver Code training on an annual basis, while 12

percent deliver the training upon hire only. Nine percent deliver it every two years.

69%

12%

9%

5%5%

For employees who receive Code training, how

frequently is it delivered?

Annually

Upon hire only

Every two years

Every three years

Other


70/141


Respondents indicated that anti-corruption/bribery, antitrust/competition, and financial accuracy/fraud

are the most common standalone risk topics targeted for training. Information security, equal

employment opportunity/discrimination/diversity, workplace harassment, and confidential information

were the most common risk topics for which training was provided to all employees. Moreover, Code

training proved to cover a wide range of risk topics led by conflicts of interest, gifts and entertainment,

and company assets.

Please indicate which of the following applies to the following risk topics as it

relates to training: (select all that apply)

Delivere d as targeted,

standalone tr aining to a

targeted group of

employees

Delivered as targeted,

standalone training to all

employees

Covered within Code

training

My organization does not

currently provide training

on this topic

Anti-corruption/Bribery 30% 9% 39% 22%

Antitrust/Competition 31% 4% 36% 28%

Company assets 14% 12% 60% 14%

Confidential information 18% 24% 53% 5%

Conflicts of interest 19% 16% 63% 2%

Equal employment

opportunity/Discrimination

/Diversity 18% 27% 48% 6%

Fair dealing (fair business

practices) 16% 9% 53% 22%

Financial accuracy/Fraud 27% 14% 52% 7%

Gifts and entertainment 19% 15% 63% 4%

Information security 20% 29% 46% 5%

Insider trading 20% 7% 31% 41%

Intellectual property 19% 9% 47% 26%

Money laundering 16% 5% 24% 55%

Records management and

retention 22% 19% 46% 13%

Social media 16% 15% 47% 21%

Workplace harassment 20% 26% 48% 5%

Risk Topic

Training Aspects


71/141


Organizations utilize a variety of tools to assess and assign their training curriculum. These tools include

but are not limited to pretests and post tests (offered by 55 percent of respondents) to gauge employee

knowledge progress, progressive course difficulty based on employee job responsibilities (28 percent),

and pretests to gauge employee baseline knowledge (12 percent).

6%

6%

7%

12%

28%

55%

0% 10% 20% 30% 40% 50% 60%

Pretests to assess baseline knowledge and assign

individual curriculum accordingly

Progressive course difficulty based on employee

tenure

Pretests to provide employees an opportunity to

test out of training

Pretests to gauge employee baseline knowledge

Progressive course difficulty based on employee job

responsibilities

Pretests and post tests to gauge employee

knowledge progress

Which of the following training practices does your

organization utilize? (select all that apply)


72/141


Achieving training completion goals is often quite challenging. Consequently, organizations rely on

several methods to encourage and enforce training completion. The top five most prevalent methods

used include using direct email reminders (71 percent), incorporating rollout and reminder emails into

the communication plan for all training participants (55 percent), holding department heads and

business unit leaders accountable for completion rates of all individuals within their

department/business unit (50 percent), holding managers accountable for the completion of their direct

reports (46 percent), and factoring completion into performance evaluations (37 percent).

8%

13%

35%

37%

46%

50%

55%

71%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Other

Completion is factored into raise and/or bonus

Robust chase programs

Completion is factored into performance e valuation

Managers are held accountable for completion rates of direct

reports

Department heads/business unit heads are held accountable forcompletion rates of all individuals within their department/business

unit

Rollout and reminder emails are incorporated into the

communication plan for all training participants

Direct email reminders

How does your organization encourage/enforce completion of

training? (select all that apply)


73/141


An emerging best practice is to provide additional training to managerial-level employees on the

compliance- and ethics-related responsibilities and obligations specific to their role. Thirty-nine percent

of survey participants provide targeted training to managers with direct reports on their special ethics-

and compliance-related responsibilities. An additional 11 percent provide such training to senior

managers only. The most common topics for manager training include handling reports and concerns

(80 percent), encouraging employees to raise concerns (78 percent), maintaining an open-door

environment (74 percent), establishing tone from the middle (70 percent), and preventing and spotting

retaliation (66 percent).

39%

11%

50%

Does your compliance and ethics function provide targeted

training to management with direct reports on their special

responsibilities related to compliance and ethics?

Yes, to all managers

Yes, to senior managers only

No


74/141


5%

33%

42%

50%

66%

70%

74%

78%

80%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Other

Conducting employment interviews

Manager accountability for misconduct by subordinates

How to incorporate ethics in business decision making

Preventing and spotting retaliation

Establishing the tone from the middle (how to promote a

culture of integrity)

Maintaining an open door environment

How to encourage employees to raise concerns and reports

Handling employee reports and concerns

Specify which topics are included in the management-specific

compliance and ethics training. (select all that apply)


75/141


The most prevalent characteristics of manager-specific compliance and ethics training include requiring

completion for managers (68 percent), tracking for completion rates (53 percent), reviewing and

refreshing content on a regular basis (49 percent), and being conducted as part of new hire manager

orientation (47 percent).

18%

27%

28%

47%

49%

53%

68%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Testing results are tracked and maintained

Includes comprehension testing

Completion of training is part of manager performance

evaluation

Conducted as part of new manager orientation (upon

hire or promotion)

Content is reviewed and refreshed on a regular basis

Tracked for completion rates

Completion is mandatory for all managers with direct

reports

Identify which of the following characteristics applies to your manager-specific compliance and ethics training. (select all that apply)


76/141


The results are fairly even when it comes to maintaining a documented communication plan, with

slightly more than half of respondents (53 percent) maintaining such a plan. For organizations that do

have a communication plan, nearly two-thirds (64 percent) address multiple risk areas and nearly as

many (63 percent) include a rollout schedule and specify the communication frequency (58 percent).

47%53%

Does your compliance and ethics function maintain a documented

communication plan?

Yes

No


77/141


2%

25%

27%

42%

50%

52%

53%

53%

58%

63%

64%

0% 10% 20% 30% 40% 50% 60% 70%

Other

The communication plan takes a multi-year approach

The communication plan calls for implementation by

different business functions (e.g., finance, HR, sales)

The communication plan is created through cross-functional

collaboration

The communication plan includes defined target audiences

The communication plan covers one year of communications

The communication plan addresses the modality of

communication for each topic/audience

The communication plan utilizes message delivery by various

internal leaders (e.g., CEO, Chief Compliance Officer, managers)

The communication plan includes communication frequency

The communication plan includes a rollout schedule

The communication plan addresses multiple risk areas

Which of the following apply to your documented communication plan? (select all

that apply)


78/141


Respondents use a wide variety of avenues to communicate compliance and ethics messages within

their organizations. The most commonly used options include emails (79 percent), printed materials (66

percent), intranet site/portal (59 percent), senior executive meetings (44 percent), and newsletters (42

percent).

2%

2%

5%

9%

19%

24%

27%

30%

30%

33%

42%

44%

59%

66%

79%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Podcasts

Other

No communication initiatives are currently in place

Blogs

Annual organization-wide kickoff meetings

Videos

Town hall meetings

Interactive scenarios, games and/or quizzes

Periodic compliance road show

Organization-wide initiatives (e.g., compliance week)

Newsletter

Senior executive meetings

Intranet site/portal dedicated to compliance and ethics

Printed materials (e.g., posters, wallet cards, table tents,

guidebooks, brochures)

Emails

Which communication initiatives (aside from formal training) are utilized tocommunicate compliance and ethics messages within your organization?



79/141


Twenty-nine percent of organizations send compliance and ethics communications to the entire

employee population on an annual basis, while 24 percent send such communications quarterly. A

significant amount of respondents (27 percent) send quarterly communications to a partial employee

population (limited based on translations), and another 27 percent send such messages quarterly to a

partial employee population (limited based on computer access).

How frequently are compliance and ethics communications utilized within your

organization? (select all that apply)

Entire employee population

Partial employee

population (limited based

on translations)

Partial employee

population (limited based

on computer access)

Ongoing (at least twice per

month) 15% 16% 11%

Monthly 19% 18% 16%

Quarterly 24% 27% 27%

Biannually 7% 13% 10%

Annually 29% 15% 21%

Less frequent than annually 6% 12% 14%

Frequency

Audience


80/141


Three-quarters of respondents (75 percent) incorporate real life examples of compliance issues,

breaches, or unethical behavior into their communications. Of those who do, more than half (51

percent) share these communications via learning aids within training sessions. Other common methods

of sharing include emails (41 percent), newsletters (38 percent), and the compliance intranet and town

hall meetings at 26 percent each.

75%

25%

Does your compliance and ethics function utilize real life examples (from

within your organization and scrubbed for detail) of compliance issues,

breaches or unethical behavior in communications?

YesNo

1%

2%

11%

21%

26%

26%

38%

41%

51%

0% 10% 20% 30% 40% 50% 60%

Podcasts

Blogs

Other

Comprehension aids within the Code and/or

policies

Town hall meetings

Dedicated area on the compliance and ethics

intranet site

Newsletters

Emails

Learning aids within training sessions

How are these real life examples shared with the employee

population? (select all that apply)


81/141


Organizations reportedly utilize a wide array of communication avenues. Nearly six out of ten

respondents (59 percent) feature an introductory letter within the Code, while 58 percent distribute

emails to the workforce. Other well-used avenues include a training introduction or video letter (46

percent), town hall meetings (30 percent), annual or organization-wide meetings (26 percent), and

company newsletters (24 percent).

1%

3%

7%

8%

8%

14%

15%

20%

24%

26%

30%

46%

58%

59%

0% 10% 20% 30% 40% 50% 60% 70%

Podcasts

Other

Blogs

Interactive Q&A (e.g., internal message board, chat f unctionality)

No senior executive communication methods are utilized

Videos

Onboarding video(s)

Intranet site video(s)

Newsletter

Annual kickoff or other organization-wide meetings

Town halls or brown bag lunches

Compliance and ethics training introduction video or letter

Emails to workforce

Code of Conduct introduction letter

Select which types of communication coming from executive leadership are used within

your organization to discuss compliance and ethics. (select all that apply)


82/141


Compliance and ethics communications from senior management are featured with varying frequency;

however, annually (38 percent) and quarterly (19 percent) were the most prevalent. An emerging best

practice in these communications is to include examples of personal ethical decisions. Twenty-nine

percent of respondents opt to do so.

38%

20% 19%

11%

6%

3% 2%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Annually Other Quarterly Biannually Monthly Bimonthly Weekly

How frequently are compliance and ethics communications

from senior executives issued within your organization?

29%

71%

Does senior leadership include examples of personal ethical

decisions in these communications?

Yes

No


83/141


Sixty-five percent of respondents reportedly offer communications to mid-level managers to discuss

compliance and ethics. The top two communication avenues utilized were holding discussions within

business unit/department meetings (44 percent), and sending emails related to business

units/departments (40 percent). Twenty percent of respondents offer such communications on a

quarterly basis, while 19 percent distribute them annually, and 14 percent offer them on a monthly

basis.

0%

1%

5%

10%

10%

10%

17%

17%

18%

35%

40%

44%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Blogs

Podcasts

Other

Interactive Q&A

Annual kickoff or other organization-wide meetings

Intranet site video(s)

Onboarding discussions

Town halls or brown bag lunches

Newsletter

No mid-level management communication methods are utilized

Emails to related business units/departments

Discussions within business unit/department meetings

Select which types of communications coming from mid-level managers are used

within your organization to discuss compliance and ethics. (select all that apply)

33%

20%19%

14%

7%

4% 3%

0%

5%

10%

15%

20%

25%

30%

35%

Other Quarterly Annually Monthly Biannually Weekly Bimonthly

How frequently are compliance and ethics

communications from mid-level managers issued

within your organization?


84/141


Additionally, 65 percent of organizations reportedly provide managers with compliance and ethics

promotion resources. Of those respondents, one-third (33 percent) provide intranet resources

dedicated to managers, 29 percent discuss compliance and ethics issues regularly at manager-level

business meetings, and the same amount (29 percent) provide printed materials on compliance and

ethics specifically directed to managers. Twenty-seven percent provide regular communications from

the ethics and compliance function for managers to distribute to direct reports. One quarter (25

percent) of respondents indicate that managersteams are presented with material at

meetings/seminars hosted by the compliance and ethics function. Lastly, one out of five (20 percent)

utilize manager toolkits.

3%

20%

25%

27%

29%

29%

33%

35%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Other

Compliance and ethics communication toolkit (e .g., pre -made

PPTs, speaking guides)

Meetings/seminars with compliance and ethics personnel for

managers teams (e.g., brown bag lunch)

Regular communication from compliance and ethics function

specifically created so managers can send to their employees

Printed materials on compliance and ethics specifically directed

to managers (e.g., guidebooks, reference guides)

Compliance and ethics issues regularly discussed at manager

level business meetings

Intranet resources on compliance and ethics specifically directed

to managers

No compliance and ethics promotion resources are currently

provided to managers

Indicate which of the following compliance and ethics resources

are provided to managers with direct reports in order to help

them promote compliance and ethics within the organization.



85/141


MONITORING AND AUDITING

When it comes to misconduct reporting, the overwhelming majority of organizations (95 percent) use

systems that allow for anonymous communication. In addition, 68 percent of organizations have made a

reporting system available to third parties, such as agents and vendors, and 65 percent allow users to

seek guidance regarding ethics and compliance concerns through their reporting system.

Organizations reportedly offer a wide variety of reporting avenues. Key options include compliance and

ethics

ce pe report

Documents