Ethics and Compliance Operating Model

Numerous factors are driving Ethics and Compliance functions to reconsider “how” they operate. Boards, regulators, investors, suppliers and customers are just some of the key stakeholderswanting increased transparency over how Ethics and Compliance risk is being managed. This, coupled with the fact that regulation is becoming increasingly complex and pervasive in nature and as organisations evolve their business models and strategies at breakneck speed means that Ethics and Compliance functions must respond.

Whilst historically the focus has been on writing polices, deploying training and reporting on completion stats, functions have recognised this is inadequate. Operating models must consider,  at a minimum, how to identify and respond to obligations, assess ethics & compliance risk, provide assurance over controls, manage incidents and provide impactful reporting to relevant stakeholders.

More mature functions are thinking about “how” they perform their role by documenting the way the function operates. This ensures that the end to end role of the function is documented and understood by not only the Ethics & Compliance team, but other key relevant functions.

It is a big leap. From setting out the requirements for your organisation at an Ethics & Compliance Policy level, to truly understanding whether they have embedded your requirements into their day to day activities. However, to be a truly effective function, it is necessary to push the boundaries.

To embrace the full spectrum of your 2nd line of defence role.  

There are, however, some building blocks that must be established before effective assurance activity can be performed. This includes, identification and assessment of Ethics & Compliance risks, capturing of mitigating activities (including controls), creating and executing an assurance plan (e.g. control self-assessment, audit) and reporting the outcome of assurance activity to relevant stakeholders. Once these components have been established it is possible to help drive your organisations towards integrated assurance. 

Impactful and engaging output of assurance activity cannot be underestimated. There are often very few touchpoints between an Ethics & Compliance function  and key stakeholders. This means what touchpoints there are need to be insightful, informative and help enable decisions to be made. 

Creating simply, yet effective dashboarding and visualisation of assurance outcomes can help an Ethics & Compliance function demonstrate the  value they bring to the overall organisation. 

We provide advisory services over all parts of an Ethics & Compliance operating model, examples include: 

• Operating Model Design
• Regulatory Horizon Scanning
• Ethics & Compliance Risk Assessments design and deployment
• Policy writing and review
• Control Framework design and implementation
• Training design and implementation
• Assurance provision
• Dashboarding and visualisation of reporting

We also have a range of experts across the various Ethics & Compliance domains, including:

• Anti Bribery and Corruption
• Global Export Controls and Sanctions
• Data Privacy
• Anti-Trust and Competition
• Modern Slavery
• FRC Reporting