As the global workplace emerges into the “new normal,” one of the lessons learned during the COVID-19 crisis is the importance of effective systems for verifying compliance with an organization’s requirements and rules in changing workplaces. The limits of relying principally on on-site audits and investigations were sharply illustrated during the COVID-19 pandemic, with employees working remotely and site visits sharply curtailed.
Assuming hybrid workplaces are here to stay as part of the new normal, opportunities for in-person monitoring could continue to be limited. One powerful but sometimes overlooked solution is digitized “smart” disclosures and certifications. Many ethics and compliance programs use annual disclosures to identify potential conflicts of interest, track them, and mitigate any that pose compliance risks. Some companies have been using online certifications to ensure compliance with their vaccine requirements prior to returning to the office.
But disclosures and certifications are a powerful tool that can be used, not just for conflicts of interest, but in a host of situations to provide critical information, remind employees of their obligations, identify red flags and formalize their obligation to comply with the organization’s policies.
Establishing a record and meeting regulatory guidance
Digitized disclosures and certifications can provide records that establish key facts and meet regulator’s expectations. Recent Department of Justice guidance on effective compliance practices highlights the importance of certifications and disclosures.
The July 2019 guidance from the Department of Justice Anti-Trust Division specifically lists questions about disclosures and certifications that prosecutors should ask:
- Must employees certify that they have read the compliance policy? If so, how? Do the certification policies apply to all employees? Do they apply to members of the Board of Directors? How often must employees certify their antitrust compliance?
- Does the company have a way of tracking business contacts with competitors or attendance at trade association meetings, trade shows, and other meetings attended by competitors? Is that tracking system regularly monitored?
- Are employees required to certify they understood new [anti-trust] policies?
- Does the company periodically analyze reports or investigation findings for patterns or other red flags of a potential antitrust violation?
Similarly, June 2020 guidance from the Department of Justice Fraud Section asks:
- Did the company engage in ongoing monitoring of the third-party relationships, be it through updated due diligence, training, audits, and/or annual compliance certifications by the third party?
As well as in these examples, top-tier ethics and compliance programs use disclosures and certifications creatively to create formal records of compliance, providing a prompt and means of speaking up apart from the company hotline. For example, one large tech company requires employees to certify every year that they have followed the company’s Code of Conduct and not observed any violations of the code that they have not reported. The form contained a section that they can use to disclose any concerns or misconduct. Filling it out annually was a condition of receiving a bonus, which helped to ensure 100% timely completion.
Other companies have used certifications and disclosures to formalize the importance of following company policies in high-risk environments. One company required all employees hired or operating in a high-corruption location—including drivers and security personnel—to sign an annual certification that they would not make any facilitation or other improper payments as part of their work. The certification was written in simple, clear terms that non-English speakers could understand rather than legal jargon. Managers on the project were required to give more detailed certifications, including agreeing to discuss local corruption challenges regularly in their teams.
Getting “smart” with certifications and disclosures
Although certifications and disclosures can be powerful tools to remind employees of their obligations, obtain critical information, and create a record of compliance, ensuring the data and records they provide are easily available in real time is an area in which many companies struggle. If annual conflict of interest disclosures are kept in boxes or on Excel spreadsheets, it can take days to pull the right records and analyze information.
One leading organization discovered in the course of an audit that a company owned by a senior executive’s husband was a major subcontractor on company projects supervised by his wife. Given the potential seriousness of the conflict and the rank of the executive, questions from the C-suite started hitting the chief ethics and compliance officer’s inbox almost immediately. Having an online, searchable database of the executive’s annual conflict of interest disclosures enabled the investigation to go forward using established facts about the accuracy of the wife’s conflict disclosures.
Another area for getting “smart” is clarification and follow-up. Many annual conflict of interest disclosures and others, such as certifications by third parties about ownership interests by government officials, raise more questions than answers. The E&C team typically needs to follow up on answers to get additional details and document any necessary remediation.
Using manual systems to chase, log, and clarify information isn’t only inefficient; it’s frustrating. A smart disclosure manager, like Catalyst Disclosures, makes queries part of the record and sends automatic reminders to provide the certification or additional information, cutting out the need to chase down answers.
For example, a sports organization that needs to get on top of any potential conflicts by its procurement team in real time, before a major event, can send out a tailor-made disclosure and certification to ensure compliance. Using the sort feature and follow-up capability of an online platform can help get this done and create a full transparent record of any conflicts or mitigation measures at the same time.
Looking around the corner using analytics
Another lesson learned from the pandemic and the new normal is the importance of using data analytics to identify emerging red flags or trends, before they morph into misconduct. The Department of Justice Anti-Trust Division guidance quoted above asks, “Does the company periodically analyze reports or investigation findings for patterns or other red flags of a potential antitrust violation?“
Using a smart, platform-based disclosure system can help identify patterns that need attention, such as a spike in conflict disclosures in a particular office or part of the world. Such data can be synthesized with other company data on misconduct, training behavior (pass/fail rates, for example), or policy downloads to gain insight into operations without having to go on site. This type of data, moreover, facilitates on-site audits or investigations.
The key takeaway
Disclosures and certifications are powerful means of scaling out limited compliance staff and resources. Using them wisely and creatively can build compliance “muscle” and solid records of compliance. But to be effective, these systems need to both “smart” and easy to use.
Here are additional resources to help E&C teams learn more about the power of digitizing disclosures and certifications: