Global Ethics, Compliance & Integrity Yearbook 2021
Table Of Contents
- About the author
- About the book
- This eBook can be cited
- INTRODUCTION: Why Ethics, Compliance and Integrity Matter More Than Ever?: Bartosz Makowicz
- CHAPTER #1: Governance & Compliance Management
- International Guidance for the Governance of Organizations: Carolynn J. Chalmers, Victoria Hurth, and André Jacquemet
- Compliance and Integrity – Competence Package: Alexander Matuk
- Keeping One’s Eyes Open When Selecting Business Partners: Regina Hoermanseder
- Tailoring Compliance Program in Fast Growing Small and Mid-Size Companies: Mariola Lisewska
- A New Kid in Town: The Compliance Officer: Víctor Gómez Martín
- The New Compliance Manager is a Change Manager: Alexander Ghazvinian
- Business in the Gray Zone –Dealing with Compliance Dilemmas in High-Risk Regions: Quirin Kissmehl, Anna Zubrod
- Money-Laundering Prevention Systems in Peru: Carlos Wiesse
- CHAPTER #2: Integrity Management
- The Importance of an Effective Integrity System to Business Success: Marcelo Zenkner
- Towards Developing an Integrity Risk Monitor (IRM): A Status Report: Christian Hauser, Anina Havelka, Sandro Hörler, and Albert Weichselbraun
- Integrity as a Management Tool: Mirjam Durrer, Stefan Hunziker, Anjuli Unruh, and Antje Würzburg
- A Culture of Integrity as the Fundamental Basis of Compliance Programs: Vivian Andrade, Roberta Codignoto
- How to Amplify Integrity and Accountability Through the Voice of Business: Richard Bistrong
- Integrity Programs: Drivers for Private and Public Sectors and Main Challenges: Fernanda Nan
- Integrity Crisis?: Anatoly Yakorev
- CHAPTER #3: Organizational Ethics and Culture
- The Importance of The Human Factor in Compliance Programs: Carlos Lelo Filipe
- Utopian Islands of Ethics & Compliance: Patrick Henz
- Driving Compliance-Culture through Top Management Teams: Peter Ruhwedel, Marieluise Schaper
- The Compass of Integrity, Ethics & Compliance in Indian Boardrooms*: Shweta Bharti, Sukrit Kapoor
- Getting To The Heart Of Culture By Connecting Dots: Jane Mitchell
- Ethics, Compliance & Culture: Dhruv Goyal
- How Is It Possible To Maintain an Ethical Environment in Business? A Democratic Governance and Compliance Agenda: Humberto Mota Filho
- CHAPTER #4: Anti-Bribery Management
- Update on ISO 37001 – Anti-Bribery Management Systems: Jean Pierre Méan
- What do Corrupt Organizational Cultures Have in Common?: Alison Taylor
- The Reputational Risks of Corruption: Marc Y. Tassé
- Anti-Corruption Beyond Illusions: The Pressing Need to Make a Difference: Nikos Passas
- History of Anti-Corruption Compliance in Russia: Anatoly Kilyachkov, Anatoly Yakorev
- Justifying Corporate Bribery through Islam and Cultural Traditions in Indonesia: A Phenomenological Approach: Nobuyuki Chikudate, Nadiatus Salama
- CHAPTER #5: Whistleblowing Management
- ISO/DIS 37002 – Whistleblowing Management Systems – A Best-practice Approach: Michael Kayser
- A New Dawn for Employee Disclosure in the EU –A Summary, with Some Advice for Legislators, Governments and Employers: Philip Brennan
- Whistleblowing – To Blow or Not to Blow: Martin Woods
- Whistleblowing in Public and Private Sectors: The Romanian Case: Cristian Ducu, Mihai Popa
- CHAPTER #6: Challenges of Digitalization
- New Compliance Challenges in the Wake of Digital Transformation: Current Fraud Reports and Scenarios from the Asian Financial and Insurance Sector: Akif Mert
- Interdisciplinary Approach to Compliance as Entrepreneurial Response to the Reality of “IoT” and the Challenges Presented by “VUCA”: Piotr Janecki
- Privacy Compliance: A View from Brazilian General Data Protection Law (LGPD): Marcelo Crespo
- Legal Developments in 2019 on Taiwanese Regulations regarding Virtual Currencies: Hung Ou Yang
- CHAPTER #7: Corporate Incentives and Sanctions
- Corporate Criminal Law in Austria: Maximilian Wellner
- The Planned German Corporate Sanctions Law – History and Future: Martin Petrasch
- The Italian Regulation on Corporate Criminal Liability: Antonio Giuseppe Di Pietro
- Enhancing Compliance Culture through Punitive Sanctions – Notes from Poland: Hanna Maria Malik
- Bios of Authors
After the huge success of the first edition of this Yearbook in 2018 – followed by preparation period in 2019–2020 – this year’s 55 authors and myself take great pride in presenting you with the 2021 edition of the “Yearbook of Global Ethics, Compliance and Integrity”!
2020 has proved to be highly turbulent: other non-compliance scandals in different organizations, change in culture and perception of compliance, new approaches in compliance management, digitalization, highly advanced economic globalization and at latest since January 2020 the Covid19-Pandemic that has changed our corporate world and influenced to perception of Ethics, Compliance and Integrity. All that makes this year’s publication exceptionally interesting and underlines the fact that these three aspects – Ethics, Compliance and Integrity – form part of a whole. They support and complement each other, influence each other and together contribute to provide greater security, fairness, diversity, safety, awareness and respect for rules and regulations in enterprises and other kinds of organizations. In the 2021 edition of the Yearbook we are pleased to present you some 40 articles divided into seven chapters which each deal with different themes.
In the name of the authors I also would like to express very special words of appreciation to the KBA NotaSys Integrity Fund. Without the Fund’s generous support, this publication would not have been possible. Furthermore, some of the current projects supported by the Fund feature in this Yearbook which are: Compliance and Integrity – Competence Package, Business in the Gray Zone – Dealing with Compliance Dilemmas in High-Risk Regions, Towards Developing an Integrity Risk Monitor (IRM): A Status Report, Integrity as a Management Tool and Driving Compliance-Culture through Top Management Teams.
I express the greatest gratitude and appreciation to the 55 authors and would like to thank to the Team of the VCC and the Publisher for an outstanding support! I am more than proud and honoured to be a part of this excellent network and publication, in which we have proven that, wherever we live in the word, we share a strong belief in ethics, compliance and integrity and the need to make these attributes matter more than ever in our organizations!
I wish you happy and fruitful reading!
Berlin, January 2021 Bartosz Makowicz
A lot has happened over the past two years in the field of Ethics, Compliance and Integrity, although it is perhaps more correct to say: we have “two highly turbulent years” behind us! Compliance Management Systems (“CMS”) have increasingly developed in the direction of integrated systems, in which the idea of integrity and ethics assumes the main role. Several developments have contributed to this huge change in concept and practice. In this short introduction, I would like to focus on two issues: first, on the different developments of last two years and, second, on how we are going to address them in this Yearbook.
2 Recent developments
Although most of the recent developments represent a continuous process and have been changing quickly, I would nevertheless like to draw attention to five of them, which I consider the most important.
2.1 Reaction on scandals
First, there have been numerous compliance scandals which, besides the “usual” economic and industrial scandals (e.g. “diesel gate”, “wirecard”), have also affected different sorts of organizations such as public institutions, sport clubs, associations or religious communities. The criminal energy and invention of those responsible has turned out to be quite unpredictable and is not restricted by national borders. Such scandals have occurred in almost all countries in the world and have cast a shadow over the various national supervisory authorities. As a result, national legislators feel obliged to take action and create new and more restrictive laws. The legislative trend has recently been to create some legal incentives to implement Compliance Management Systems, rather than stating a legal obligation for all kind of companies to do so. In effect, several European and other national legislations have already enacted laws or, like in Germany, is in course of, that would enable organizations to provide ←13 | 14→evidence for an effective Compliance Management Systems in order to lower a possible sanction. This kind of so called compliance defence will however make a cut in the development of CMS in those countries. It will no longer be enough to have “any kind of compliance” or to install some of its elements as a “window dressing”. Only effective and adequate solutions will matter! At organizational level (e.g. in corporations) therefore, numerous reinvention and optimization processes are being put in place in order to improve existing structures and processes as a mean of preventing future cases of non-compliance.
By contrast to this legislative development on the national levels, owing to the lack of a global legislator, international institutions are trying to find new concepts and solutions. In addition to this, the fact that there is no global legislator capable of creating unified rules demands new forms of common language in integrity and compliance management. It is therefore highly welcome that some international activities have been launched by e.g. the International Organization for Standardization (ISO), in order to create new and globally recognized implementation standards. This can ensure greater transparency and fairness by simplifying processes and procedures to a large degree. In this book you will find several articles on the new ISO standards as well those standards that are still under construction or in the revision process. We present you especially the standard ISO 37000 (under construction) for Governance of Organizations, ISO 37001 Anti-Bribery Management Systems to which a handbook has been developed and the ISO 37002 (under construction) on Whistleblowing Management Systems.
2.2 Moral obligation
The huge challenge will now be obvious when after stating that we need some unified rules and standards on the global scene, on the other hand, however, we still need to consider the very particular needs of human beings, which means the every single member of our organizations. This brings me to the second important development, namely the ongoing change in organizational culture, where the values of individuals and (for the same reason) integrity and ethics, have been steadily increasing in importance. Even if most national jurisdictions in the world do not impose any explicit, cross-sectoral legal obligation to introduce compliance and integrity management systems, it is increasingly recognised (especially by decision-makers) that introducing such programmes is a moral consequence of creating an organization (of whatever type) and acting within it. An organization is nothing more (but also nothing less) than a number of persons who group together on the justified presumption ←14 | 15→that it is easier to achieve some goals when acting together. On the other hand, when gaining clear advantages from being part of the group, the group itself (whether a corporation, union, church, sport club or any other kind of organization) creates risks and so it should be a moral obligation of its members and, in particular, its leadership to keep such risks under control. Although compliance management had been regarded as the answer before, numerous scandals involving companies with excellent compliance programmes, has revealed that more has to be done.
2.3 New moral and cultural driven approaches
As a consequence (and this represents my third point), the new concepts must – as some do already– go far beyond the notion of legal compliance. In order to emphasise the tone from the top, it is not enough for the top management to commit to compliance or create policies, issue a code of conduct and open a channel for whistleblowers. Rather, a complex management system, which places human beings at its center, must be invented and implemented. This will ensure that Ethics and Integrity occupy centre stage when it comes down to implementing an effective CMS. This task involves different considerations: first, including the members of each organization into developing and establishing new structures and processes will lead to a better understanding of the processes and, thereby, a greater acceptance of the whole system. Secondly – and arguably even more importantly – is the understanding of human behaviour and values that creates particular behavioural patterns. Without this knowledge, it will be hard, if not impossible, to address the compliance risks associated with adequate procedures and structures. Methods that do not correspond to the values of members of the particular organization will not only be ignored but actively evaded. On that basis the so called “behavioural compliance” as a new science has been recently emerging. Furthermore, clear and understandable measures should be undertaken that aim to influence individuals in a transparent way, in order to make them behave in keeping with their own values or organizational values. For that purpose, the existing values must first be mapped, systemized and understood in order to see and consider how further organizational values can be implemented and internalized by each member of the organization.
The fourth aspect that has influenced the development of Ethics, Compliance and Integrity in the last two years is digitalization. The world has been never ←15 | 16→more complex than it is now. Digitalization like crypto-currency, block chain technology or even the darknet have led to an unprecedented complexity and lack of transparency, which have made human actions untraceable. When explaining the influence of digitalization, one could concentrate on two main influences. First, new compliance risks: before being so euphoric about new possibilities that bring us the new hardware and software should we not consider what kinds of unpredictable new compliance risks they generate? It is quite obvious that the development of IT, technic, AI and other has always been years ahead the legislative actions.
On the other hand, different digitalized tools can greatly support the daily tasks of an integrity or compliance officer. Digital tools are already being used for compliance risk assessment, third party compliance, training and other methods, which have seen human beings replaced by machines. However, we also need ethics and integrity in this area more than ever, in order to ensure that new automated processes and functions are based on recognisably human values. The more decision making processes are owned by machines, and this is already reality, the stronger is the need to incorporate our values into this processes, in order to ensure that they are considered. If we than put the globalization “on the top” it will quickly be clear that also in the area of Ethics, Compliance and Integrity we face completely new challenges.
However, globalization has also had another unwelcome side effect: new risks and threats do not stop at a country’s border. In other words, they do not recognize clear lines and the internet and instantaneous communication make them highly mobile. By this, I do not mean the international illegal activities of human beings but rather a new kind of threat to our economies, societies and ourselves in the form of viruses that have had existed before but probably have never yet influenced all those factors to this extent. At the end of 2019, probably none of us would have imagined that a virus was capable of changing not only our economies and lives to an unprecedented degree but also significantly influencing the development of Ethics, Compliance and Integrity. Indeed, the Covid-19 pandemic that is meant here, changed everything. It has created a new reality, which requires us to develop new concepts and solutions. It has, again accelerated the digitalization process, that has had been already fast enough. It has also created new compliance risks and a change in human values and these two changes must be reflected in compliance management systems. Overnight, national legislators enacted new laws, which must now be considered when ←16 | 17→re-assessing compliance risks. However, the very appetite for risk must also be considered against the background of economic pressure and possible recession. We have adapted and now become accustomed to new working models such as home office or using our own devices (BYOD). In the vast majority of cases and the urgent situation, however, the accompanying compliance risks have not been assessed.
Last but not least, compliance and integrity officers have often found themselves in the position, where they have had to fight for their budgets and personnel when the top management was looking for “system optimization” and making cuts in the wrong places. This also focuses attention on human beings. Without understanding the impact on values and culture, we will not be able to ensure ethics and integrity in our organizations.
3 The content
Our purpose was to address most of this challenges and developments with this Yearbook. In the 2021 edition we are pleased to present you with some 40 articles divided into seven chapters which each deal with different themes.
We start this edition with eight articles on Governance and Compliance Management in Chapter 1, which presents new developments and tools in this field and explains recent trends. Some articles focus on management as a system or form of governance in itself, others describe the challenges that small and medium sized enterprises are confronted with, or concentrate on particular compliance risks like money laundering or, eventually, explain specific situations in high-risk regions.
The second chapter focuses on Integrity Management. We start the chapter with a very practical overview of the importance of an effective integrity system in ensuring business success, followed by articles on innovations in the field of integrity (e.g. developing an Integrity Risk Monitor, integrity as a management tool or some ideas on how to amplify integrity and accountability through the voice of business). This chapter closes with some impressions on the meaning of integrity management in the public sector and some thoughts on whether integrity, from Russian perspective, has recently undergone a crisis.
Chapter 3 takes us on a journey to the world of organizational ethics and culture. We approach this issue from several innovative perspectives, starting with the importance of the human factor in compliance programs, followed by some thoughts on how ethics and compliance are related as well as the role and importance of the top management teams when driving compliance-culture ←17 | 18→forward. In this chapter, you will also find great insights and practical advice on the newest methods and tools that may prove more than helpful when creating and supporting an organization’s ethics and compliance culture.
In the following Chapter 4, we focus on a selective but very “traditional” compliance risk, namely corruption. In the six articles, which make up this chapter, you will find both theoretical and very practical approaches that in common make a great variety of different aspects. These include the presentation of the new ISO Handbook and standard on anti-bribery management system (ISO 37001), some ideas on what corrupt organizations have in common, reputational risks that may be caused by corruption and, last but not least, a unique and true story on anti-corruption in Russia. The articles on the possible justification of corruption by Islam or the pressing need to make a difference in the term of anti-corruption are also highly recommendable.
Chapter 5 is entirely devoted to whistleblowing and whistleblower protection. We open this chapter with the presentation of the new ISO standard on whistleblowing management systems (still under construction), followed by some insights on the new EU Directives on whistleblower protection which are due to be implemented in the member states by the end of 2021. We are also honoured to publish a thrilling story by one of the most famous whistleblowers from the banking sector. The chapter closes with some whistleblowing issues regarding Romania.
Chapters 6 and 7 continue the focus on current challenges, this time in the field of digitalization and new national legislation in relation to corporate incentives and sanctions. Regarding the relationship between Ethics, Compliance and Integrity on the one hand and digitalization on the other, Chapter 6 opens with an overview of the new challenges of digitalization from an Asian perspective followed by the presentation of an interdisciplinary approach as a compliance solution to the internet of things. The other two articles deal with recent developments in data protection in Brazil and the regulation of virtual currency in Taiwan. The last chapter focuses on legislation on corporate incentives and sanctions and compares recent approaches in Austria, Germany, Italy and Poland.
This Yearbook is our answer to both current challenges and chances for organizational Ethics, Compliance and Integrity around the world. The goal is to create a highly competitive and complex continues publication by which we will constantly support Compliance, Ethics and Integrity Community in their ←18 | 19→daily job. This job not only has been always important but especially in this turbulent times it will become more and more crucial. The world in which Ethics, Compliance and Integrity was being perceived as a luxury good, is over, in the current reality these three approaches integrated in a complex governance and management systems is the basis for any kind of organization. Regardless digitalization, pandemics or economic crisis – Ethics, Compliance and Integrity matter more than ever!
Carolynn J. Chalmers, Victoria Hurth, and André Jacquemet
Corporate governance is, globally, considered core to promoting economic stability and encouraging national investment1. It also benefits all sizes and types of organizations including, charitable organizations, voluntary associations and even small organizations:
“Well-run SMEs represent a powerful driver of economic expansion and job creation. Regardless of a business’s size, there is overwhelming evidence that effective corporate governance is an essential element for achieving these outcomes.” Mary Porter Peschka, Director Environmental, Social and Governance Department International Finance Corporation2
Whilst the fact that the term “corporate governance” is commonly used across the world, the term is neither defined nor consistently applied. This is due to nuances in the way that corporate governance has developed in different global “alliances”, e.g. differences can be observed between Northern Europe compared with the United Kingdom and the United States, and similarly compared with Asian and African practices. In a globalised world where organizations and their systems span geographic boundaries, there is a need for an internationally agreed definition and interpretation.
Additionally the word “corporate” in the common term “corporate governance” is restrictive. Dictionaries refer to “corporate” as “large companies or groups” or “corporate companies”. In essence, “corporate” derives from the legal status of being incorporated (enjoying some legal rights as if a natural person). Incorporated companies of course can take many forms, including charities. Even so, the need for governance goes beyond the boundary of organisations that are incorporated and includes partnerships, associations and trusts. As such the phrase “governance of organizations” is fully inclusive. Furthermore, despite there being a wide range of governance guidance globally, these are irregularly distributed across geographical regions.←23 | 24→
In this context there is an identified need for harmonisation of a range of aspects for the governance of organizations. This paper outlines the progress and current status of a process to develop internationally agreed definitions and guidance for the governance of organizations, which is applicable to all sizes and types of organizations.
2 Development Arrangements
Developing internationally agreed definitions and guidance requires a suitable support organization. There are few organisations with truly international representation. The Organisation for Economic Co-operation and Development (OECD) one such organization and its guidance, “Principles of Corporate Governance”, has international endorsement3. However, in terms of representation, its membership is limited to 36 countries and the primary audience for the governance principles is not individual organizations. Rather, the OECD guidance is a global public policy instrument which is designed to assist governments and regulators to “evaluate and improve the legal, regulatory, and institutional framework for corporate governance”4.
In contrast, the International Organization for Standardization (ISO), is an independent, non-governmental international organization endorsed by national governments worldwide currently comprising 164 country members. Additionally, subject to defined criteria, organizations can be involved in the development process. ISO aims to bring together “experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards”5. ISO standards development processes are collaborative in nature and support international expert participation as well as public input. Whereas thousands of standards have been published, and some of these refer to the functions of governance, there is currently no ISO guidance published for the governance of organizations.
In 2016, the British Standards Institution approached ISO with a proposal for a new field of work: Standardization in the field of governance, relating to the direction, control and accountability of organizations. An international ballot by member nations approved the proposal. Consequently, technical committee ISO/TC 309 Governance of Organizations was created and the British Standards Institution was appointed as the secretariat6.←24 | 25→
ISO/TC309 is mandated to develop and maintain standards applicable for all organizations, of all types and sizes, to improve the effective delivery of governance.
ISO/TC309 is also directed to:
2.1 Distinguish between governance and management
The committee is tasked with distinguishing between the concepts of governance, “in the context of accountability” and management, in the context of “bringing people together to accomplish desired goals and objectives”. The primary focus is to provide guidance for “those who govern or are accountable for an organization”. The committee may also develop standards for those responsible for management systems which support effective governance practices
2.2 Complement ISO management system standards
Other disciplines, such as risk management, environmental management and sustainable finance overlap governance. The committee is therefore tasked to develop a distinct portfolio which is separate from, but complementary to, the ISO portfolio of management system standards. Liaisons with other Technical Committees are required to explore and clarify overlapping matters.
2.3 Consider all types and sizes of organizations and their stakeholders
The committee is to ensure that its work applies to all sizes and types of organizations. The committee is to also clarify the types of audience members to whom its work is aimed. The committee’s work should be able to be used for a wide range of purposes by a wide range of organizational stakeholders, such as owners, customers, regulators and employees.
2.4 Address related matters
The committee is to address commonly used governance aspects in more detail, including those of accountability, direction and control. The mandate also considers principles of governance such as: anti-bribery; conflict of interest; due ←25 | 26→diligence; whistleblowing; compliance; remuneration; committee structures and external reporting.
2.5 Provide leading guidance
The committee is to develop standards which are not merely an aggregation of existing global practices, but to also consider emerging realities. The committee output is to be “fit for the 21st century” with input from experts and their research and practical experience.
2.6 Develop consistent terminology
The committee is to ensure that definitions replace the many disparate definitions for the same or similar concepts. These definitions should further provide guidance to other ISO committees. To this end, a Terminology Task Group was established to co-ordinate the standardization of terminology, monitor the use of terms and definitions and consider the translatability into other languages.
2.7 Constitute Working Groups to achieve outcomes
Four Working Groups have been constituted that are responsible for the following work items:
Working Group 1: Governance of Organizations
ISO 37000 Guidance for the Governance of Organizations (in development from September 2017)
Working Group 2: Anti-bribery Management Systems
ISO 37001 Anti-bribery Management Systems (published in 2016)
Working Group 3: Whistleblowing Management Systems
ISO 37002 Whistleblowing Management Systems – guidelines (in development from September 2018)
Working Group 4: Compliance Management Systems
ISO 19600 Compliance Management Systems, published in 2014, and the revision to a requirements standard, ISO 37301 (in development)←26 | 27→
3 Development Approach for ISO 37000
In September 2017, the committee adopted the proposal for the development of a new work item, ISO 37000 Guidance for the Governance of Organizations, and assigned this project to Working Group 1. The scope of this work is to provide:
• Guidelines for the governance of organizations;
• Key principles, relevant practices; and
• A framework to guide the governance of organizations in how to meet responsibilities and to fulfil their purpose.
In accordance with the committee’s mandate, the project is to provide guidance, applicable to all sizes and types of organizations, and is to:
• Clarify the distinction between the concepts of “governance” and “management”;
• Support existing national legislation, policy, regulation or guidance;
• Consider existing international guidance relating to the governance of organizations; and
- ISBN (PDF)
- ISBN (ePUB)
- ISBN (MOBI)
- ISBN (Hardcover)
- Publication date
- 2021 (February)
- Berlin, Bern, Bruxelles, New York, Oxford, Warszawa, Wien, 2021. 564 pp., 21 fig. b/w, 3 tables.