Boards of Directors and senior management continue to have the
overarching responsibility for establishing the strategic vision for the
organization, setting ethical standards of behavior, and understanding the
compliance risks that might cause harm to the entity. The “tone at the top”
remains a critical task. The irony is that as businesses become more complex,
the need for establishing compliance and ethical standards becomes more
important yet infinitely more difficult with multiple vendor relationships,
supply chains, and global operations. As we have seen, trying to get third-parties to adhere to codes of conduct, whether set by the business who is
contracting for the service or the third-parties own codes of conduct, can
often be a challenging task.
This is a critical juncture for both compliance and organizational
leadership. As organizations continue to evolve in structure and style, it is
an opportunity to assess how effectively they are addressing their ethical and
compliance responsibilities. As one of the studies90 on risk management in
this article reported, there is a need for Boards of Directors and senior
management to become more focused on third-party compliance risk issues.
Organizational leadership should ensure that sufficient resources are
provided to conduct appropriate due diligence and third-party-risk-management operations, and that the organization’s compliance function has
the resources and authority necessary to address third-party compliance risk.
Third-parties must understand the organization’s compliance and ethical
commitments and the consequences for failure to adhere to them. Ultimately,
it is the company’s Board of Directors and senior management who must
establish the ethical and compliance standards that dictate with whom the
company will do business, and equally important, when it will terminate a
relationship with a business whose compliance and ethical policies and
practices are anathema to its own culture.
Compliance needs to reassess its strategic role in the organization. With
the growth of outsourced compliance services, what are compliance’s “core”
functions (e.g. risk assessment, counsel to organizational leadership,
focusing on ethical and cultural issues, training, policy development,
administration of whistle blowing programs, etc.) that add strategic value to
the organization? How can compliance effectively use these outsourced
resources to enhance its own strategic role, and relevancy in third-party
oversight. The traditional boundaries of organizations have been redrawn.
Focusing on ethics and culture will be an on-going challenge for
organizational compliance in this era of outsourcing.
ON THE DETECTION AND PREVENTION OF CORPORATE MISDEEDS 15 (2009),