Ce Pe Report
-
Upload
amos-manullang -
Category
Documents
-
view
258 -
download
0
Transcript of Ce Pe Report
-
7/24/2019 Ce Pe Report
1/141
-
7/24/2019 Ce Pe Report
2/141
2014, SCCE | NYSE Governance Services, all rights reserved
TABLE OF CONTENTS
METHODOLOGY ............................................................................................................................................ 3
RESPONDENT DEMOGRAPHICS .................................................................................................................... 4
PROGRAM OVERSIGHT ................................................................................................................................. 8
STANDARDS AND DOCUMENTATION ......................................................................................................... 31
DUE CARE .................................................................................................................................................... 45
ETHICS AND COMPLIANCE TRAINING ......................................................................................................... 58
MONITORING AND AUDITING .................................................................................................................... 85
RESPONSE AND PREVENTION ................................................................................................................... 107
GOVERNANCE ........................................................................................................................................... 122
-
7/24/2019 Ce Pe Report
3/141
2014, SCCE | NYSE Governance Services, all rights reserved
METHODOLOGY
SCCE and NYSE Governance Services jointly administered the 2014 Compliance and Ethics Program
Environment Surveyfrom June to August of 2014. The survey was designed to be completed by Chief
Compliance Officers or the person responsible for the day-to-day operation of the ethics and compliance
program.
The survey was conducted online, and respondents were required to answer all applicable questions. All
response data is kept confidential and respondents will remain anonymous. While respondents provided
identifying information so data could be reviewed to ensure the integrity of the data, the results within
this report are presented in the aggregate. This report breaks the survey into the hallmarks of the U.S.
Federal Sentencing Guidelines (FSG) as well as a Governance section, which focuses on the questions
regarding each organizations Board of Directors.
The survey was distributed to SCCEs contacts, and participation in the survey was optional. In total,
there are 249 complete and usable surveys presented in the analysis of the results. Please note that the
survey used forced responses as well as skip logic to ensure that respondents would not be presentedwith questions that did not apply to their organizations or their job functions.
-
7/24/2019 Ce Pe Report
4/141
2014, SCCE | NYSE Governance Services, all rights reserved
RESPONDENT DEMOGRAPHICS
Industries Most Represented
31%
11%
11%
11%
8%
Health Care and Social
Assistance
Manufacturing
Utilities
Finance and Insurance
Educational Services
-
7/24/2019 Ce Pe Report
5/141
2014, SCCE | NYSE Governance Services, all rights reserved
8%
13%
8%
31%
13%
17%
6%2%
2%
Respondents According to Workforce Size
Less than 100 employees
100 499 employees
500 999 employees
1,000 4,999 employees
5,000 9,999 employees
10,000 24,999 employees
25,000 49,999 employees
50,000 99,999 employees
Over 100,000 employees
-
7/24/2019 Ce Pe Report
6/141
2014, SCCE | NYSE Governance Services, all rights reserved
25%
13%
11%10%
10%
9%
8%
7%4%
2%
1% Respondents by Total Annual Revenues
$1 4.9 billion
Less than $20 million
$200 499 million
$5 9.9 billion
$10 49.9 billion
$20 49 million
$500 999 million
$50 99 million
$99 199 million
Over $100 billion
$50 99.9 billion
-
7/24/2019 Ce Pe Report
7/141
2014, SCCE | NYSE Governance Services, all rights reserved
36%
24%
23%
9%
8%
Respondents by Type of
Company/Organization
Publicly traded company
Non-profit or not-for-
profit organization
Privately owned company
Academic institution
Other (please clarify in
the box provided)
-
7/24/2019 Ce Pe Report
8/141
2014, SCCE | NYSE Governance Services, all rights reserved
PROGRAM OVERSIGHT
More than half (56 percent) of surveyed organizations give the person with overall responsibility for the
compliance and ethics program the title of Chief Compliance and/or Ethics Officer or Compliance and/or
Ethics Officer. Most often, the person with overall responsibility for the program reports to the CEO,
followed by the Board of Directors, followed by the General Counsel or Chief Legal Officer. Seventy-nine
percent of those who do not report to the Board indicate having a dotted reporting line to the Board.
It is worth noting that within this study, we have chosen to break out the roles of the person who has
overall responsibility for the program versus the person with day-to-day operational responsibility. We
have done this as the differing responsibilities of the person responsible for the overall operation of the
program and the person or persons responsible for the day-to-day operation of the program are
important to note if they are not one and the same person. As the US Federal Sentencing Guidelines
note, "[i]f the specific individual(s) assigned overall responsibility for the compliance and ethics program
does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-
day operational responsibility for the program typically should, no less than annually, give the governing
authority or an appropriate subgroup thereof information on the implementation and effectiveness of
the compliance and ethics program," Application Note 3, Sec. 8B2.1, and the person with "day-to-day"
authority "shall be given adequate resources, appropriate authority, and direct access to the governing
authority or an appropriate subgroup of the governing authority." Sec. 8B2.1 (b) 2.
Two-thirds of organizations maintain an internal committee dedicated to compliance and ethics. Not
surprisingly, the Chief Compliance and/or Ethics Officer most commonly chairs the internal compliance
and ethics committee (41 percent) and most often reports its findings and recommendations to the
Audit Committee. The majority of internal compliance and ethics committees have cross-functional
representation (72 percent) and a documented charter (71 percent). Nearly all (93 percent) have
regularly scheduled meetings that take place at least quarterly. A wide variety of topics are commonlydiscussed during committee meetings, including upcoming initiatives (81 percent), training initiatives
and statistics (81 percent), legal and regulatory updates (76 percent), and policy management and
updates (75 percent).
Most organizations have a charter or detailed written description for the compliance and ethics function
(79 percent). In addition, the majority have formally documented the delegation of the oversight of the
compliance and ethics function to a person or committee (71 percent).
Two-thirds of respondents indicate that the same person is assigned both overall and day-to-day
operational responsibility for the compliance program.
-
7/24/2019 Ce Pe Report
9/141
2014, SCCE | NYSE Governance Services, all rights reserved
Program Oversight: Reporting and Structure
Forty percent of organizations indicate that the job title of the person assigned overall responsibility for
the compliance and ethics program is Chief Compliance and/or Ethics Officer. Only 8 percent of
surveyed organizations assign overall responsibility for the compliance and ethics program to the
General Counsel or Chief Legal Officer.
67%
33%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Yes No
Is the same person assigned both overall
and day-to-day operational responsibility
for your compliance and ethics function?
40%
16%
14%
9%
9%
8%
3% 1% 0%
Please specify the job title(s) of the person assigned overall
responsibility for the compliance and ethics program.
Chief Compliance and/or Ethics
Officer
Compliance and/or Ethics Officer
Director
Executive, Senior, or Vice President
Other
General Counsel or Chief Legal
Officer
Manager
Chief Human Resources Officer
-
7/24/2019 Ce Pe Report
10/141
2014, SCCE | NYSE Governance Services, all rights reserved
The most common job title for the person with day-to-day operational responsibility for the compliance
and ethics program is Director (35 percent), followed by Compliance and Ethics Officer(18 percent)
and Manager (12 percent).
35%
18%14%
12%
10%
8%
1% 1% 1%
Job title(s) of the person delegated day-to-day operational
responsibility for the compliance and ethics program.
Director
Compliance and/or Ethics Officer
Other
Manager
Executive, Senior, or Vice President
Chief Compliance and/or Ethics
Officer
Chief Executive Officer
Chief Human Resources Officer
-
7/24/2019 Ce Pe Report
11/141
2014, SCCE | NYSE Governance Services, all rights reserved
Thirty-eight percent of those with overall program responsibility report directly to the CEO, while 19
percent report to the Board of Directors. Respondents who selected Other report to a Company
President, Vice President of Finance & Corporate Operations, or Group Financial Controller, among
others. Only 18 percent report to the General Counsel or CLO.
38%
20% 19%18%
4%
1%
0%
5%
10%
15%
20%
25%
30%
35%
40%
CEO Other Board of
Directors
General
Counsel or
CLO
COO Chief HR
Officer
To whom does the person with overall
responsibility for the compliance program
report?
-
7/24/2019 Ce Pe Report
12/141
2014, SCCE | NYSE Governance Services, all rights reserved
Although only 19 percent of those with overall responsibility for the program report directly to the
Board, the overwhelming majority (79 percent) have a dotted reporting line to the Board.
79%
21%
Does the person with overall responsibility
for the compliance program have a dottedreporting line to the Board?
Yes
No
-
7/24/2019 Ce Pe Report
13/141
2014, SCCE | NYSE Governance Services, all rights reserved
Of organizations in which the person with day-to-day responsibility does not have overall responsibility
for the program, 31 percent indicate that the day-to-day person reports to the Chief Ethics and/or
Compliance officer, followed by the General Counsel or Chief Legal Officer (21 percent).
0%
0%
6%
9%
13%
21%
21%
31%
0% 5% 10% 15% 20% 25% 30% 35%
Board of Directors
Chief HR Officer
COO
Executive, Senior or Vice
President
CEO
General Counsel or CLO
Other
Chief Compliance and/or Ethics Officer
To whom does the person with day-to-dayoperational responsibility for the compliance
program report?
-
7/24/2019 Ce Pe Report
14/141
2014, SCCE | NYSE Governance Services, all rights reserved
Whereas 78 percent of those with overall responsibility for the compliance program have a dotted
reporting line to the Board, only 36 percent of those with day-to-day responsibility have dotted-line
reporting to the Board.
36%
64%
78%
22%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Yes No
Do you have a dotted reporting line to theBoard?
Person with day-to-day responsibility Person with overall responsibility
-
7/24/2019 Ce Pe Report
15/141
2014, SCCE | NYSE Governance Services, all rights reserved
Thirty-nine percent of respondents indicate that the Board (or Board committee assigned program
oversight) is not required to be notified of or to approve employment decisions regarding the person
with overall responsibility for the compliance and ethics program. Only one-quarter (26 percent) of
surveyed organizations require notification and approval of such employment decisions.
39%
35%
26%
Is the Board or a Board committee required to be notified or approve
of employment decisions relating to the person who has been
delegated overall responsibility?
No
Yes, notification is required
Yes, notification and
approval is required
-
7/24/2019 Ce Pe Report
16/141
2014, SCCE | NYSE Governance Services, all rights reserved
The person with overall responsibility reports to the Board or Board committee much more frequently
than the person with day-to-day operational responsibility. While two-thirds (67 percent) of those with
overall responsibility report to the Board or Board committee at least quarterly, nearly half (43 percent)
of those with day-to-day responsibility report to the Board either on an ad hoc basis only or not at all.
44%
23%
9% 9%6% 5%
3%
22%
16%
25%
10%
6%4%
18%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Regularly
scheduled,
quarterly
Regularly
scheduled,
more often
than quarterly
Ad hoc only Regularly
scheduled,
annually
Regularly
scheduled,
biannually
Regularly
scheduled,
three times per
year
Never
Frequency of communication with the Board or a Board
committee
Person with overall program responsibility Person with day-to-day program responsibility
-
7/24/2019 Ce Pe Report
17/141
2014, SCCE | NYSE Governance Services, all rights reserved
The topics most commonly communicated to the Board or Board committee include C&E program
audits, assessments and/or benchmarking (82 percent); Code of Conduct updates or revisions (79
percent); overall program performance (73 percent); C&E risk assessments (72 percent); training
initiatives and statistics (68 percent); misconduct investigations and resolutions (68 percent); and
significant legal and regulatory updates (67 percent).
-
7/24/2019 Ce Pe Report
18/141
2014, SCCE | NYSE Governance Services, all rights reserved
The majority of compliance groups are invited or allowed to attend and add elements to human
resources training events, attend audits, and add compliance and ethics questions to employee surveys.
Less than half are invited to provide formal input on corporate business strategy or allowed time on
sales/marketing agendas.
37%
48%
61%
67%
69%
76%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Invited/allowed time on sales and marketing agendas
Invited to provide formal input on corporate business
strategy
Invited/allowed to attend human resources training events
Invited/allowed to add compliance and ethics questions to
employee surveys
Invited/allowed to attend audits
Invited/allowed to add compliance and
ethics elements to human resources training events
Types of interactions ethics and compliance function has with
other functional groups within the organization
-
7/24/2019 Ce Pe Report
19/141
2014, SCCE | NYSE Governance Services, all rights reserved
Program Oversight: Compliance and Ethics Committees
Two-thirds (68 percent) of surveyed organizations maintain an internal compliance and ethics
committee.
68%
15%
17%
Does yourorganization maintain an internalcommittee dedicated to compliance and
ethics?
Yes
No, but internalstakeholders meet on
an ad hoc basis
No
-
7/24/2019 Ce Pe Report
20/141
2014, SCCE | NYSE Governance Services, all rights reserved
Not surprisingly, the Chief Compliance and/or Ethics Officer most commonly chairs the internal
compliance and ethics committee (41 percent), followed by the Compliance and/or Ethics Officer (16
percent).
41%
16%
12% 11% 11%
6%
2% 1% 1% 0% 0%0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
ChiefCompliance
and/or
Ethics
Officer
Complianceand/or
Ethics
Officer
Executive,Senior or
Vice
President
Director Other GeneralCounsel or
Chief Legal
Officer
Manager Chief AuditOfficer
There is nochair
ChiefHuman
Resources
Officer
Chief RiskOfficer
Who is the chair of the internal compliance and ethics committee?
-
7/24/2019 Ce Pe Report
21/141
2014, SCCE | NYSE Governance Services, all rights reserved
The internal compliance committee most often reports its findings and recommendations to the full
Board of Directors (39 percent); the Audit Committee (38 percent); someone at the executive, senior, or
vice president level (26 percent); or the Chief Compliance and/or Ethics Officer (20 percent).
5%
6%
8%
10%
10%
12%
18%
20%
26%
38%
39%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Chief Risk Officer
Chief Human Resources Officer
Chief Audit Officer
Compliance and/or Ethics Officer
The committee does not provide reports
Other
General Counsel or Chief Legal Officer
Chief Compliance and/or Ethics Officer
Executive, Senior or Vice President
Audit Committee of the Board
Board of Directors
To whom does the internal compliance and ethics
committee report its findings and recommendations?
(select all that apply)
-
7/24/2019 Ce Pe Report
22/141
2014, SCCE | NYSE Governance Services, all rights reserved
Most internal compliance and ethics committees keep minutes at each meeting (76 percent), have
cross-functional representation (72 percent), maintain a documented charter (71 percent), and are
executive-level (54 percent). Fewer committees have executive- and manager-level representation, have
rotating memberships, or are manager-level only.
76%72% 71%
54%
39%
12%8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Minutes are kept
at each meeting
Cross-functional
committee
Documented
charter
Executive level
committee
Executive and
manager level
committee
Rotating
membership
Manager level
committee
Select the options that best describe characteristics of your internal compliance andethics committee. (select all that apply)
-
7/24/2019 Ce Pe Report
23/141
2014, SCCE | NYSE Governance Services, all rights reserved
The majority (58 percent) of internal compliance and ethics committees meet on a regularly scheduled,
quarterly basis. Only 7 percent of committees meet less than quarterly.
58%
35%
3% 2% 1% 1%0%
10%
20%
30%
40%
50%
60%
70%
Regularly
scheduled,
quarterly
Regularly
scheduled, more
often than
quarterly
Regularly
scheduled, three
times per year
Ad hoc only Regularly
scheduled,
biannually
Regularly
scheduled,
annually
How often does the internal compliance and ethics
committee meet?
-
7/24/2019 Ce Pe Report
24/141
2014, SCCE | NYSE Governance Services, all rights reserved
The majority of internal compliance and ethics committees discuss the topics listed in the chart below,
with the exception of Code of Conduct updates and/or revisions (6 percent).
6%
53%
59%
69%
69%
70%
73%
74%
74%
75%
76%
79%
81%
81%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Code of Conduct updates/revisions
Compliance and ethics program
audits/assessments/benchmarking
Compliance and ethics risk assessments
Culture of ethics employee assessments
Culture communication initiatives
Hotline and reporting statistics
Industry trends and best practice updates
Misconduct investigations and resolutions
Overall program performance
Policy management/updates
Significant legal and regulatory updates
Training initiatives and statistics
Upcoming program initiatives
Other
Select the topics that are discussed during the
internal compliance and ethics committeemeetings. (select all that apply)
-
7/24/2019 Ce Pe Report
25/141
2014, SCCE | NYSE Governance Services, all rights reserved
Half (51 percent) of surveyed organizations have less than four full-time employees dedicated to the
ethics and compliance function. However, an additional chart depicting the allocation of personnel to
the ethics and compliance function in relation to the overall size of the organization provides further
insight.
28%
23%
11%
11%
9%
7%
3%3%
3% 2%
Approximate full-time employee equivalent dedicated to the ethics and
compliance function within your organization
2 3 employees
One employee
4 5 employees
6 9 employees
Less than one full-time equivalent
9 19 employees
30 49 employees
Over 100 employees
20 29 employees
50 99 employees
-
7/24/2019 Ce Pe Report
26/141
2014, SCCE | NYSE Governance Services, all rights reserved
Less than 1
employee
One
employee
2-3
emloyees
4-5
employees
6-9
employees
9-19
employees
20-29
employees
30-49
employees
50-99
employees
Over 100
employees
Less than 1,000 employees
24% 31% 32% 6% 3% 4% 1% 0% 0% 0%
1,000 - 4,999 employees
3% 36% 23% 17% 12% 6% 1% 0% 1% 0%
5,000 - 9,999 employees
3% 6% 47% 13% 6% 9% 0% 9% 6% 0%
10,000 - 24,999 employees
2% 12% 22% 10% 22% 10% 7% 5% 2% 7%
25,000 - 49,999 employees
0% 0% 25% 6% 25% 19% 6% 0% 6% 13%
50,000 - 99,999 employees
0% 0% 20% 0% 0% 0% 0% 20% 20% 20%
Over 100,000 employees
17% 17% 0% 17% 0% 0% 0% 33% 0% 0%
Full-time Employee Equivalent dedicated to Compliance and Ethics Function by Total Workforce Size
79%
21%
Is there a charter, or detailed written
description, for the compliance and
ethics function?
Yes
No
-
7/24/2019 Ce Pe Report
27/141
2014, SCCE | NYSE Governance Services, all rights reserved
Nearly three-fourths (71 percent) of surveyed organizations have formally documented delegation of
the oversight of the compliance and ethics function to a person or committee.
51%
20%
15%
9%
5%
Has the Board formally documented delegation
of the oversight of the compliance and ethics
function to a person or committee?
Yes, to a committee
Yes, to a person
No
No, but a committee hasoversight in practice
No, but a person has
oversight in practice
-
7/24/2019 Ce Pe Report
28/141
2014, SCCE | NYSE Governance Services, all rights reserved
Oversight of the compliance and ethics function is most commonly delegated to the Audit Committee
(41 percent) or Compliance Committee (20 percent). Those who selected other typically delegate
oversight to a joint committee between compliance/ethics and another function (such as legal, audit, or
risk management).
The vast majority (92 percent) of oversight committees hold regularly scheduled meetings at leastquarterly.
41%
32%
20%
5%
2%
Please indicate the name of the related oversight
committee.
Audit Committee
Other
Compliance Committee
Governance Committee
Risk Management
Committee
57%
35%
5%2% 1%
0%
10%
20%
30%
40%
50%
60%
70%
Regularly scheduled,
quarterly
Regularly scheduled,
more often than
quarterly
Regularly scheduled,
three times per year
Regularly scheduled,
annually
Regularly scheduled,
biannually
How often does the related oversight committee meet?
-
7/24/2019 Ce Pe Report
29/141
2014, SCCE | NYSE Governance Services, all rights reserved
Organizations appear to share a great deal of information related to compliance and ethics with the
Board or Board Committee. At least 75 percent of surveyed organizations report C&E program audits,
assessments, or benchmarking (80 percent); Code of Conduct updates or revisions (77 percent); overall
program performance (76 percent); and C&E risk assessments (75 percent). Less commonly reported
information includes culture communication initiatives (49 percent) and culture of ethics assessments
(46 percent).
6%
46%
49%
53%
60%
63%
65%
69%
70%
73%
75%76%
77%
80%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Other
Culture of ethics employee assessments
Culture communication initiatives
Industry trends and best practice updates
Policy management and updates
Upcoming program initiatives
Training initiatives and statistics
Misconduct investigations and resolutions
Significant legal and regulatory updates
Hotline and reporting statistics
Compliance and ethics risk assessments
Overall program performance
Code of Conduct updates/revisions
C&E program audits/ assessments/benchmarking
Indicate which information (if any) your organization
reports to the Board or Board committee. (select all that
apply)
-
7/24/2019 Ce Pe Report
30/141
2014, SCCE | NYSE Governance Services, all rights reserved
Slightly over half (53 percent) of organizations report having compliance and ethics points of contact
embedded within their various business units or regions.
53%47%
Does your organization have compliance and ethics
points of contact embedded within business units and/orregions?
Yes
No
-
7/24/2019 Ce Pe Report
31/141
2014, SCCE | NYSE Governance Services, all rights reserved
STANDARDS AND DOCUMENTATION
Not surprisingly, 97 percent of surveyed organizations maintain an organization-wide employee Code of
Conduct. However, less than half of organizations (41 percent) meet the best practice standard of
rewriting or updating their Code at least every two to three years. Additionally, less than half (43
percent) maintain a document that outlines how frequently the Code is updated. Employee knowledge
assessments and culture surveys are the most commonly cited tools used to measure the effectiveness
of the Code (51 and 49 percent, respectively), followed by tracking Code communication initiative dates
against employee reports (18 percent), and employee focus groups (17 percent).
Seventy-three percent of organizations that have operations or transact business in more than one
country translate their Code, compared to 37 percent of all surveyed organizations. Of these
organizations that translate their Codes, nearly half (47 percent) translate the document into all official
languages. An additional 20 percent translate the Code into all official languages as well as some
additional languages.
Similarly, 57 percent of organizations that have operations or transact business in more than onecountry translate their policies, compared to 29 percent of all surveyed organizations. Forty-five percent
of these organizations translate their policies into all official languages, and another 12 percent translate
into some additional languages as well.
Nearly all organizations (95 percent) require at least some of their employees to acknowledge the Code
on a periodic basis, with over half (57 percent) requiring employees to acknowledge annually.
While only one-third of surveyed companies maintain a third-party or supplier code, nearly half (44
percent) do require third parties to sign an agreement stating that they will adhere to compliance
standards.
-
7/24/2019 Ce Pe Report
32/141
2014, SCCE | NYSE Governance Services, all rights reserved
Nearly all surveyed organizations (97 percent) maintain an organization-wide employee Code of
Conduct. Three-fourths (75 percent) review the Code at least every two to three years.
97%
3%
Does your organization maintain an organization-
wide employee Code of Conduct?
Yes
No
54%
21%
13%
3% 3% 2% 2% 2%
0%
10%
20%
30%
40%
50%
60%
Annually Every 2-3
years
Every 3-5
years
Other Biannually Quarterly Every 5-7
years
Less
frequently
than everyseven years
How often does the compliance and ethics function review
the Code for potential updates?
-
7/24/2019 Ce Pe Report
33/141
2014, SCCE | NYSE Governance Services, all rights reserved
Less than half (41 percent) of organizations meet the best practice standard of rewriting or substantially
revising their Code at least every two years. Similarly, less than half (43 percent) formally document the
frequency with which the Code is updated. An organizational policy on internal policies is the most
common means of documenting the frequency of Code updates.
33%30%
11% 10% 8% 8%
0%
5%
10%
15%
20%
25%
30%
35%
40%
Every 3-5
years
Every 2-3
years
Annually Other Less
frequently
than every
seven years
Every 5-7
years
How often does the Code undergo substantial
revision or rewriting?
57%
24%
11%8%
0%
10%
20%
30%
40%
50%
60%
This is not formally
documented
Organizational policy on
internal policies
Compliance and ethics
program charter
Compliance and ethics
committee charter
Indicate the document that outlines the frequency
with which the Code is updated.
-
7/24/2019 Ce Pe Report
34/141
2014, SCCE | NYSE Governance Services, all rights reserved
Employee compliance knowledge assessments (51 percent) and culture surveys (49 percent) are the
tools most commonly used to measure the effectiveness of the Code. Respondents who selected
otheralso cited helpline reporting trends and exit interviews.
10%
12%
17%
18%
24%
49%
51%
0% 10% 20% 30% 40% 50% 60%
Tracking Code release dates against employeereports
Tracking employee utilization of Code
resources on your intranet
Employee focus groups
Tracking Code communication initiative dates
against employee reports
Other
Employee culture of integrity and compliance
surveys
Employee compliance knowledge assessments
Which methods do the compliance and ethicsfunction utilize to measure the effectiveness of the
Code? (select all that apply)
-
7/24/2019 Ce Pe Report
35/141
2014, SCCE | NYSE Governance Services, all rights reserved
85%
11%4%
Does your Code address your organizations
formal set of organizational values?
Yes
No, but compliance and
ethics function-specific
values are discussed
No
-
7/24/2019 Ce Pe Report
36/141
2014, SCCE | NYSE Governance Services, all rights reserved
10%
18%
29%
37%
39%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Number of employees working within a
country or region
Number of employees who speak a languageas their primary language
Countries or regions in which the organization
has operations
Local laws where the organization operates
Location of company headquarters is only
official language
How does your organization determine what its
official languages are? (select all that apply)
-
7/24/2019 Ce Pe Report
37/141
2014, SCCE | NYSE Governance Services, all rights reserved
While less than 40 percent of all surveyed organizations (domestic and global) translate their Code, 73
percent of respondents that have operations or transact business in more than one country do translate
it.
37%
63%
Do you translate your Code? (all respondents)
Yes
No
73%
27%
Do you translate your Code? (organizations
that have operations or transact business in
more than one country)
Yes
No
-
7/24/2019 Ce Pe Report
38/141
2014, SCCE | NYSE Governance Services, all rights reserved
Two-thirds (67 percent) of all organizations that translate their Code do so into all of their official
languages.
47%
29%
20%
4%
Do you translate your Code into all official
languages?
Yes
No
Yes as well as some
additional languages
Other
-
7/24/2019 Ce Pe Report
39/141
2014, SCCE | NYSE Governance Services, all rights reserved
Over half (57 percent) of organizations that have operations or conduct business in more than one
country translate their policies, yet less than one-third (29 percent) of all respondents (domestic and
global) indicate that they do so. Over half (57 percent) of those that translate their policies translate
them into all official languages. It is worth noting that while 73% of organizations translate their Code,
only 29% of all respondents translate their related policies, while organizations who have international
operations still fall below the Code benchmark with 57% translating policies.
29%
71%
Do you translate your policies? (all
respondents)
Yes
No
57%
43%
Do you translate your policies? (organizations
that have operations or conduct business in more
than one country)
Yes
No
-
7/24/2019 Ce Pe Report
40/141
2014, SCCE | NYSE Governance Services, all rights reserved
47%
29%
20%
4%
Do you translate your Code into all official
languages?
Yes
No
Yes as well as some
additional languages
Other
-
7/24/2019 Ce Pe Report
41/141
2014, SCCE | NYSE Governance Services, all rights reserved
Nearly all organizations (95 percent) require at least a portion of their employees to acknowledge the
Code periodically. Over half (57 percent) require all employees to acknowledge the Code annually, and
half (50 percent) collect acknowledgements directly following Code training. Twenty percent of
organizations require managers and above to acknowledge the Code either annually or biennially.
Organizations collect acknowledgements equally in soft (45 percent) and hard (43 percent) copy
formats.
1%
2%
5%
19%
28%
43%
45%
50%
57%
0% 10% 20% 30% 40% 50% 60% 70%
Managers and above are required to acknowledge
the Code biennially
All employees are required to acknowledge the
Code biennially
My organization does not collect acknowledgments
of the Code
Managers and above are required to acknowledge
the Code annually
All employees are required to acknowledge the
Code upon hire only
Acknowledgments are collected in hard copy
format
Acknowledgments are collected in soft copy format
Acknowledgments of the Code are collected
directly following Code training
All employees are required to acknowledge the
Code annually
Which of the following apply to the
acknowledgment of your Code? (select all that
apply)
-
7/24/2019 Ce Pe Report
42/141
2014, SCCE | NYSE Governance Services, all rights reserved
Most organizations maintain standalone policies for universal risk areas including workplace
harassment, discrimination/diversity, data privacy, information security, conflicts of interest, and
workplace health and safety. Though only half of all surveyed organizations maintain a standalone anti-
corruption/bribery policy, 77 percent of organizations that have operations or transact business in more
than one country maintain a standalone policy on anti-corruption/bribery.
12%
20%
34%
36%
39%
41%
44%
47%
48%
50%
51%
62%
62%
62%
67%
71%
72%
74%
74%
74%
76%
78%
78%
78%
83%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Conflict minerals
Money laundering
Fair dealing (fair business pract ices)
Antitrust/Competition
Insider trading
Environmental protection
Intellectual property
Company assets
Political contributions, activities and lobbying
Anti-corruption/Bribery
Policy management
Misconduct investigations
Financial integrity and fraud
Social media
Non-retaliation
Gifts and entertainment
Records management
Conflicts of interes t
Records retention
Workplace health a nd safety
Confidential information
Information security
Data privacy
Equal employment opportunity/Discrimination/Diversity
Workplace harassment
For which of the following risk topics does your organization maintain written,
standalone policies (coverage within the Code does not apply)? (select all that
apply)
-
7/24/2019 Ce Pe Report
43/141
2014, SCCE | NYSE Governance Services, all rights reserved
Nearly nine out of ten organizations (87 percent) review their policies at least every two to three years
for potential updates.
44% 43%
10%
3%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Every 2-3 years Annually Every 4-6 years Less frequently than
every seven years
How often does your organization normally
review your policies for potential updates?
-
7/24/2019 Ce Pe Report
44/141
2014, SCCE | NYSE Governance Services, all rights reserved
Only one-third of all surveyed companies maintain a third-party or supplier code of conduct, and 23
percent of those companies require third parties to sign an agreement to abide by the code. Nearly half
(44 percent) require third parties to sign an agreement to adhere to the companys compliance
standards.
33%
67%
Does your organization maintain a third party
(supplier) code of conduct?
Yes
No
44%
33%
23%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Yes, they are required to s ign an
agreement to adhere to our
integrity standards, which is
included in our contract
No Yes, they are required to sign an
agreement to abide by the third
party code of conduct
Are third parties required to sign an agreement
agreeing to adhere to compliance standards?
-
7/24/2019 Ce Pe Report
45/141
2014, SCCE | NYSE Governance Services, all rights reserved
DUE CARE
Nearly all organizations (93 percent) conduct background checks for some or all individuals in positions
of trust (where permitted by law). Of these organizations, only 17 percent perform checks upon
consideration for a promotion, and 16 percent perform checks periodically.
Two-thirds of organizations require conflicts of interest acknowledgement and/or disclosure (separatefrom a Code acknowledgement) from some or all of their employees. Of these companies, 81 percent
require acknowledgement and/or disclosure annually. The majority require conflicts of interest
acknowledgement and/or disclosure from all director-level personnel and above.
Only 37 percent of surveyed companies track both gifts and entertainment. Seven percent track either
gifts or entertainment only. Of those that track both, 41 percent use an automated tracking tool.
-
7/24/2019 Ce Pe Report
46/141
2014, SCCE | NYSE Governance Services, all rights reserved
Ninety-three percent of all surveyed organizations conduct background checks for at least some
individuals in positions of trust (where permitted by law). The majority (59 percent) conduct checks for
all positions, and 20 percent conduct checks depending on seniority level and business function.
Among the organizations that conduct background checks depending on seniority level, the majority
conduct them for all managers with direct reports and above.
59%
20%
9% 7% 4%
0%
10%20%
30%
40%
50%
60%
70%
Yes, for all positions Yes, for some
positions depending
on seniority level
and business
function
Yes, for some
positions depending
on business function
No Yes, for some
positions depending
on seniority level
Does your organization conduct background checks
of individuals in positions of trust(where permitted
by law)?
36%
41%
48%
56%
57%
66%
74%
82%
84%
92%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Supervisor level personnel w/o direct reports
Supervisor level personnel with direct reports
Manager level personnel w/o direct reports
Manager level personnel with direct reports
Director level personnel w/o direct reports
Director level personnel with direct reports
Vice President personnel
Executive Vice President personnel
Senior Vice President personnel
Chief Executive personnel
Which seniority levels merit a background check
within your organization? (select all that apply)
-
7/24/2019 Ce Pe Report
47/141
2014, SCCE | NYSE Governance Services, all rights reserved
Finance and accounting (85 percent), compliance and ethics (68 percent), human resources (65 percent),
security (64 percent), and internal audit (61 percent) are the most common business functions that
merit background checks.
53%
55%
57%
61%
64%
65%
68%
85%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Procurement
Risk Management
Information Technology
Internal Audit
Security
Human Resources
Compliance and Ethics
Finance and/or Accounting
Indicate which business functions merit abackground check for potential employees.
(select all that apply)
-
7/24/2019 Ce Pe Report
48/141
2014, SCCE | NYSE Governance Services, all rights reserved
An overwhelming majority (94 percent) of organizations perform background checks during pre-
employment screening. Only 17 percent conduct checks upon promotion, and 16 percent perform them
periodically.
During the pre-employment screening process, most organizations (82 percent) check resumes to
confirm accuracy and honesty, and the majority also check government debarment/exclusion lists (69percent) and conduct third-party employment checks (64 percent).
94%
17%
10%
3% 3%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
During pre-
employment
screening
Upon
consideration for a
promotion
Annually Every 2-4 years Every 5-9 years
Indicate when background checks are generally
performed. (select all that apply)
82%
69%64%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Check resumes to confirm
accuracy and honesty
Check government
debarment/exclusion lists
Conduct third-party
employment checks
During the pre-employment screening process,does your organization:
-
7/24/2019 Ce Pe Report
49/141
2014, SCCE | NYSE Governance Services, all rights reserved
Two-thirds (67 percent) of all surveyed organizations require conflicts of interest acknowledgement
and/or disclosure from at least some employees, with almost one-third (30 percent) requiring
acknowledgement from all employees.
Periodic conflicts of interest acknowledgement and/or disclosure are required for nearly all C-suite
personnel (94 percent), followed by executive vice president (81 percent), senior vice president (78percent), and vice president (71 percent) personnel.
33%
30%
18%
14%
5%
0%
5%
10%
15%
20%
25%
30%
35%
No Yes, for all employees Yes, for employees at
specific seniority levels
and within specific
business functions
Yes, for employees at
specific seniority levels
Yes, for employees within
specific business
functions
Does your organization require periodic conflicts of interest
acknowledgment and/or disclosure from employees separate
from a Code acknowledgment?
-
7/24/2019 Ce Pe Report
50/141
2014, SCCE | NYSE Governance Services, all rights reserved
Finance and accounting (86 percent) and compliance and ethics (84 percent) are the most common
business units included in periodic conflicts of interest acknowledgements, followed by information
technology (72 percent), human resources (68 percent), procurement (61 percent), and internal audit
(60 percent).
20%
26%
34%
43%
55%
66%
71%
78%
81%
95%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Supervisor level personnel without direct reports
Supervisor level personnel with direct reports
Manager level personnel without direct reports
Manager level personnel with direct reports
Director level pe rsonnel without direct
reports
Director level personnel with direct reports
Vice President personnel
Senior Vice President personnel
Executive Vice President personnel
Chief Executive personnel
Seniority levels included in the periodic conflicts of interest
acknowledgment and/or disclosure: (select all that apply)
-
7/24/2019 Ce Pe Report
51/141
2014, SCCE | NYSE Governance Services, all rights reserved
40%
47%
51%
51%
60%
61%
68%
72%
84%
86%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Security
Sales
Marketing
Risk Management
Internal Audit
Procurement
Human Resources
Information Technology
Compliance and Ethics
Finance and/or Accounting
Business units included in the periodic conflicts of
interest acknowledgment and/or disclosure: (select
all that apply)
-
7/24/2019 Ce Pe Report
52/141
2014, SCCE | NYSE Governance Services, all rights reserved
The most common types of conflicts assessed in the acknowledgement and/or disclosure are the
following: doing business with family or people with whom one has a personal relationship (93 percent),
outside employment (83 percent), and family or personal relationships with coworkers (76 percent).
A vast majority of organizations (81 percent) require annual conflicts of interest acknowledgement
and/or disclosure.
10%
48%
66%
69%
76%
83%
93%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Other
Organizational opportunities
Investments
Serving on outside Boards
Family or personal relationships withother employees
Outside employment
Doing business with family/others
with whom you have a personal relationship
What types of conflicts does the conflict of interest
acknowledgment and/or disclosure assess? (select all
that apply)
81%
16%
2% 1%
How frequently does your organization require
conflicts of interest acknowledgment and/or
disclosure?
Annually
Ad hoc basisBiannually
Every three years
-
7/24/2019 Ce Pe Report
53/141
2014, SCCE | NYSE Governance Services, all rights reserved
Over half of surveyed organizations (56 percent) do not track gifts or entertainment. Of the 44 percent
of companies that do, over one-third (37 percent) track both gifts and entertainment.
56%
37%
5%2%
0%
10%
20%
30%
40%
50%
60%
No Yes, we track both
gifts and
entertainment
Yes, but we only track
gifts
Yes, but we only track
entertainment
Does your organization track gifts and
entertainment?
-
7/24/2019 Ce Pe Report
54/141
2014, SCCE | NYSE Governance Services, all rights reserved
Survey results indicate that organizations utilize a variety of tools to track gifts and entertainment. An
automated tracking tool (41 percent) is most commonly used, followed by email (28 percent), business
unit- or department-specific Excel spreadsheets (17 percent), and centralized Excel spreadsheets (14
percent).
Half (51 percent) of these tools allow for retroactive notification and/or disclosure, and slightly less thanhalf (43 percent) allow for cumulative tracking per recipient. One-third of gift and entertainment
tracking tools allow for approval before acceptance, cumulative tracking per recipient organization, and
approval before an offer.
41%
28%
17%
14%
What method of gift and entertainment tracking do
you use?
Automated tra cking tool
Emails sent to compliance
and ethics function
Business unit/department-
specific Excel spreadsheets
Centralized Excel
spreadsheet
51%
43%
32% 32%30%
0%
10%
20%
30%
40%
50%
60%
Retroact ive notification
and/or disclosure
Cumulative gift and
entertainment tracking
per recipient
Approval before
employees accept an
offer of gifts or
entertainment
Cumulative gift and
entertainment tracking
per recipient
organization
Approval before
employees offer gifts or
entertainment
Your gift and entertainment tracking tool allows for: (selectall that apply)
-
7/24/2019 Ce Pe Report
55/141
2014, SCCE | NYSE Governance Services, all rights reserved
Among organizations that only track gifts, 38 percent utilize an automated tracking tool, while slightly
under one-third use a centralized spreadsheet (31 percent) or email (31 percent).
Most tools allow for retroactive notification and/or disclosure (54 percent) or cumulative tracking per
recipient (38 percent). Fewer organizations gift tracking tools allow for approval before acceptance (23
percent), approval before an offer (8 percent), and cumulative tracking per recipient organization (8percent).
38%
31% 31%
0%0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Automated tracking tool Centralized Excel
spreadsheet
Emails sent to compliance
and ethics function
Business unit/department-
specific Excel spreadsheets
What method of gift tracking do you use?
54%
38%
23%
8% 8%
0%
10%
20%
30%
40%
50%
60%
Retroactive notification
and/or disclosure
Cumulative gift tracking
per recipient
Approval before
employees accept an
offer of gifts
Approval before
employees offer gifts
Cumulative gift tracking
per recipient
organization
Your gift tracking tool allows for: (select all that apply)
-
7/24/2019 Ce Pe Report
56/141
2014, SCCE | NYSE Governance Services, all rights reserved
Forty percent of organizations only track gifts received by employees that exceed a specific monetary
threshold. Slightly over one-third (36 percent) track all gifts given by employees, and one-third track all
gifts received by employees.
8%
13%
13%
15%
27%
33%
36%
40%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
We track honoraria offered by employees
Gifts offered (but not accepted) to employees
are only tracked if they exceed a specific
monetary threshold
We track honoraria received by employees
All gifts offered (but not accepted) to employees
are tracked
Gifts given by employees are only tracked if they
exceed a specific monetary threshold
All gifts received by employees are tracked
All gifts given by employees are tracked
Gifts received by employees are
only tracked if they exceed a specific monetary
threshold
For gift tracking, which of the following apply to your
organization? (select all that apply)
-
7/24/2019 Ce Pe Report
57/141
2014, SCCE | NYSE Governance Services, all rights reserved
With respect to entertainment tracking, 42 percent of organizations track all entertainment provided by
employees, and 24 percent only track entertainment provided by employees that exceeds a specific
monetary threshold. One-third (34 percent) only track entertainment provided to employees that
exceeds a specific monetary threshold, while 30 percent track all entertainment provided to employees.
13%
20%
24%
30%
34%
42%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
All entertainment offered (but not accepted) to
employees is tracked
Entertainment offered (but not accepted) to
employees is only tracked if it exceeds a specific
monetary threshold
Entertainment provided by employees is only
tracked if it exceeds a specific monetary
threshold
All entertainment provided to employees istracked
Entertainment provided to employees is only
tracked if it exceeds a specific monetary
threshold
All entertainment provided by employees is
tracked
For entertainment tracking, which of the
following apply to your organization? (select all
that apply)
-
7/24/2019 Ce Pe Report
58/141
2014, SCCE | NYSE Governance Services, all rights reserved
ETHICS AND COMPLIANCE TRAINING
Ninety-six percent of organizations reportedly offer ethics and compliance training. Of these
organizations, 81 percent invest the time and resources to measure its effectiveness. The top four
methods of measuring effectiveness are tracking misconduct trends (50 percent), administering
comprehension tests directly after training (47 percent), obtaining feedback from managers (43
percent), and performing culture of ethics assessments (39 percent). In addition, 73 percent of
organizations offer risk-specific training.
However, organizations often struggle with gaining training completions. Specifically, only 88 percent of
organizations reach 90 percent completion for Code training. Only 74 percent of organizations achieve
this benchmark for risk-specific training. The most common methods cited for achieving this goal include
using direct email reminders (71 percent), incorporating rollout and reminder emails for all training
participants into the communication plan (55 percent), holding department heads accountable for
completion rates within their departments (50 percent), and holding managers accountable for the
completion rates of their direct reports (46 percent).
Not surprisingly, the majority of organizations (69 percent) offer Code training on an annual basis. Code
training proved to cover a wide range of risk topics, including most often conflicts of interest, gifts and
entertainment, and company assets. In terms of targeted, standalone risk topic training, respondents
indicated that anti-corruption/bribery, antitrust/competition, and financial accuracy/fraud are the most
common topics.
More than half of respondents (55 percent) engage in pre- and post-training testing to gauge employee
knowledge.
Thirty-nine percent of organizations provide targeted ethics and compliance training on manager
responsibilities to all managers, while an additional 11 percent offer such training to senior managers
only. The most common topics for training include handling reports and concerns (80 percent),
encouraging employees to raise concerns (78 percent), maintaining an open-door environment (74
percent), establishing tone from the middle (70 percent), and preventing and spotting retaliation (66
percent).
Thirty-four percent of organizations reportedly distribute compliance and ethics communications to the
entire employee population at least once per month.
Two-thirds of organizations (65 percent) provide compliance and ethics resources to managers to help
them promote compliance and ethics within the organization.
The majority of respondents (81 percent) indicated that all employees receive compliance and ethics
training. Eighty three percent of organizations deliver the training in an online format, while 71 percent
choose to do so in person. A modest amount of respondents (nine percent) utilize mobile platforms.
-
7/24/2019 Ce Pe Report
59/141
2014, SCCE | NYSE Governance Services, all rights reserved
4%
4%
9%
22%
71%
81%
83%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
C&E training is not offered within my
organization
Other
C&E training is delivered on mobile platforms
C&E training is delivered to managers and above
C&E training is delivered in person
C&E training is delivered to all employees
C&E training is delivered in an online format
Select which of the following statements apply to
your ethics and compliance training program. (select
all that apply)
-
7/24/2019 Ce Pe Report
60/141
2014, SCCE | NYSE Governance Services, all rights reserved
Organizations measure the effectiveness of their ethics and compliance programs in many ways. The top
four methods include tracking misconduct trends (50 percent), administering comprehension tests
directly after training (47 percent), obtaining feedback from managers (43 percent), and performing
culture of ethics assessments (39 percent).
9%
13%
19%
21%
39%
43%
47%
50%
0% 10% 20% 30% 40% 50% 60%
Other
Knowledge assessments (performed separately
from training)
My organization does not measure effectiveness
of the training program
Tracking reporting frequency against training
rollout timing
Culture of ethics assessments
Feedback from managers
Comprehension tests delivered immediately
following training
Tracking misconduct trends
How do you measure the effectiveness of your
compliance and ethics training program?(select all that
apply)
-
7/24/2019 Ce Pe Report
61/141
2014, SCCE | NYSE Governance Services, all rights reserved
The most common frequency for reviewing and measuring the effectiveness of a compliance and ethics
training program was on an ongoing basis (41 percent), followed by annually (32 percent), and on an ad
hoc basis (15 percent).
Well over half of organizations with an ethics and compliance function (58 percent) maintain a formally
documented compliance and ethics curriculum. Not surprisingly, more than four out of five
organizations (82 percent) offer Code training.
41%
32%
15%
6%
3% 3%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Ongoing basis Annually Ad hoc basis Every two
years
Every three
years
Other
How frequently do you measure the effectiveness ofyour compliance and ethics training program using
the selected measurements?
-
7/24/2019 Ce Pe Report
62/141
2014, SCCE | NYSE Governance Services, all rights reserved
58%
42%
Does your compliance and ethics function maintain a
formally documented compliance and ethics
curriculum?
Yes
No
82%
18%
Does your compliance and
ethics function offer Code training?
Yes
No
-
7/24/2019 Ce Pe Report
63/141
2014, SCCE | NYSE Governance Services, all rights reserved
Nearly three-quarters of respondents (73 percent) offer risk-specific training to employees.
73%
27%
Does your compliance and ethics function offer
risk-specific training?
Yes
No
-
7/24/2019 Ce Pe Report
64/141
2014, SCCE | NYSE Governance Services, all rights reserved
When asked to characterize their organizations documented compliance and ethics curriculum, more
than two-thirds (69 percent) indicated that it includes multiple risk areas. Other common aspects
include defined target audiences (53 percent), specified training frequency by topic (47 percent), one-
year time span (47 percent), specified modality for each topic/audience (45 percent), creation through
cross-functional collaboration (44 percent), and use of a rollout schedule (44 percent).
4%
29%
40%
44%
44%
45%
47%
47%
53%
69%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Takes a multi-year approach
Includes target completion rates
Includes a training rollout schedule
Created through cross-functional collaboration
Addresses modality for each topic/audience
Covers one year of training
Includes training frequency by topic
Includes defined target audiences
Includes multiple risk areas
Which of the following apply to your documented
compliance and ethics curriculum? (select all that
apply)
-
7/24/2019 Ce Pe Report
65/141
2014, SCCE | NYSE Governance Services, all rights reserved
Completion rates are higher on average for Code training than risk-specific training (based on those
organizations offering risk-specific training). This is most evident at the 96-100 percent completion
interval (71 percent versus 53 percent). These rates indicate that organizations are struggling to achieve
the goal of 100 percent training completion.
71%
17%
6%3% 2% 1% 1% 0%
0%
10%
20%
30%
40%
50%
60%
70%
80%
96 100% 90 95% 88 89% 40 59% 70 79% 20 39% 60 69% 0 19%
On average, what is the completion rate for your Code
training?
53%
21%
11%
4% 4% 3% 2% 1%
0%
10%
20%
30%
40%
50%
60%
96 100% 90 95% 80 89% 40 59% 70 79% 60 69% 20 39% 0 19%
On average, what is the completion rate for risk-specific
training?
-
7/24/2019 Ce Pe Report
66/141
2014, SCCE | NYSE Governance Services, all rights reserved
The most common audience for Code training is all employees (85 percent), followed by employees with
computer access (seven percent).The overwhelming majority (93 percent) of respondents indicate thatCode training is mandatory.
0%
1%
1%
2%
2%
2%
7%
85%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
All vice presidents and above
All directors and above
All managers and above
All salaried employees and some hourly
employees
All salaried employees
Other
All employees with computer access
All employees
Which best describes your Code training audience?
-
7/24/2019 Ce Pe Report
67/141
2014, SCCE | NYSE Governance Services, all rights reserved
93%
6% 1%
Is Code training mandatory?
Yes, for all employees
Yes, for some employees,
but not for other employee
groups
No
-
7/24/2019 Ce Pe Report
68/141
2014, SCCE | NYSE Governance Services, all rights reserved
Code training reportedly has a number of key characteristics. Eighty-four percent of respondents
indicated that the training is part of the new employee orientation process, 76 percent track completion
rates, 67 percent review and refresh content on a regular basis, 48 percent include comprehension
testing, 35 percent track and maintain testing results, and 34 percent include training as a component of
performance evaluations.
34%
35%
48%
67%
76%
84%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Completion of training is part of employee
performance evaluation
Testing results are tracked and maintained
Includes comprehension testing
Content is reviewed and refreshed on a regularbasis
Tracked for completion rates
Part of the new employee orientation process
Select the characteristics that best describe your Code
training. (select all that apply)
-
7/24/2019 Ce Pe Report
69/141
2014, SCCE | NYSE Governance Services, all rights reserved
More than two-thirds (69 percent) of organizations deliver Code training on an annual basis, while 12
percent deliver the training upon hire only. Nine percent deliver it every two years.
69%
12%
9%
5%5%
For employees who receive Code training, how
frequently is it delivered?
Annually
Upon hire only
Every two years
Every three years
Other
-
7/24/2019 Ce Pe Report
70/141
2014, SCCE | NYSE Governance Services, all rights reserved
Respondents indicated that anti-corruption/bribery, antitrust/competition, and financial accuracy/fraud
are the most common standalone risk topics targeted for training. Information security, equal
employment opportunity/discrimination/diversity, workplace harassment, and confidential information
were the most common risk topics for which training was provided to all employees. Moreover, Code
training proved to cover a wide range of risk topics led by conflicts of interest, gifts and entertainment,
and company assets.
Please indicate which of the following applies to the following risk topics as it
relates to training: (select all that apply)
Delivere d as targeted,
standalone tr aining to a
targeted group of
employees
Delivered as targeted,
standalone training to all
employees
Covered within Code
training
My organization does not
currently provide training
on this topic
Anti-corruption/Bribery 30% 9% 39% 22%
Antitrust/Competition 31% 4% 36% 28%
Company assets 14% 12% 60% 14%
Confidential information 18% 24% 53% 5%
Conflicts of interest 19% 16% 63% 2%
Equal employment
opportunity/Discrimination
/Diversity 18% 27% 48% 6%
Fair dealing (fair business
practices) 16% 9% 53% 22%
Financial accuracy/Fraud 27% 14% 52% 7%
Gifts and entertainment 19% 15% 63% 4%
Information security 20% 29% 46% 5%
Insider trading 20% 7% 31% 41%
Intellectual property 19% 9% 47% 26%
Money laundering 16% 5% 24% 55%
Records management and
retention 22% 19% 46% 13%
Social media 16% 15% 47% 21%
Workplace harassment 20% 26% 48% 5%
Risk Topic
Training Aspects
-
7/24/2019 Ce Pe Report
71/141
2014, SCCE | NYSE Governance Services, all rights reserved
Organizations utilize a variety of tools to assess and assign their training curriculum. These tools include
but are not limited to pretests and post tests (offered by 55 percent of respondents) to gauge employee
knowledge progress, progressive course difficulty based on employee job responsibilities (28 percent),
and pretests to gauge employee baseline knowledge (12 percent).
6%
6%
7%
12%
28%
55%
0% 10% 20% 30% 40% 50% 60%
Pretests to assess baseline knowledge and assign
individual curriculum accordingly
Progressive course difficulty based on employee
tenure
Pretests to provide employees an opportunity to
test out of training
Pretests to gauge employee baseline knowledge
Progressive course difficulty based on employee job
responsibilities
Pretests and post tests to gauge employee
knowledge progress
Which of the following training practices does your
organization utilize? (select all that apply)
-
7/24/2019 Ce Pe Report
72/141
2014, SCCE | NYSE Governance Services, all rights reserved
Achieving training completion goals is often quite challenging. Consequently, organizations rely on
several methods to encourage and enforce training completion. The top five most prevalent methods
used include using direct email reminders (71 percent), incorporating rollout and reminder emails into
the communication plan for all training participants (55 percent), holding department heads and
business unit leaders accountable for completion rates of all individuals within their
department/business unit (50 percent), holding managers accountable for the completion of their direct
reports (46 percent), and factoring completion into performance evaluations (37 percent).
8%
13%
35%
37%
46%
50%
55%
71%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Completion is factored into raise and/or bonus
Robust chase programs
Completion is factored into performance e valuation
Managers are held accountable for completion rates of direct
reports
Department heads/business unit heads are held accountable forcompletion rates of all individuals within their department/business
unit
Rollout and reminder emails are incorporated into the
communication plan for all training participants
Direct email reminders
How does your organization encourage/enforce completion of
training? (select all that apply)
-
7/24/2019 Ce Pe Report
73/141
2014, SCCE | NYSE Governance Services, all rights reserved
An emerging best practice is to provide additional training to managerial-level employees on the
compliance- and ethics-related responsibilities and obligations specific to their role. Thirty-nine percent
of survey participants provide targeted training to managers with direct reports on their special ethics-
and compliance-related responsibilities. An additional 11 percent provide such training to senior
managers only. The most common topics for manager training include handling reports and concerns
(80 percent), encouraging employees to raise concerns (78 percent), maintaining an open-door
environment (74 percent), establishing tone from the middle (70 percent), and preventing and spotting
retaliation (66 percent).
39%
11%
50%
Does your compliance and ethics function provide targeted
training to management with direct reports on their special
responsibilities related to compliance and ethics?
Yes, to all managers
Yes, to senior managers only
No
-
7/24/2019 Ce Pe Report
74/141
2014, SCCE | NYSE Governance Services, all rights reserved
5%
33%
42%
50%
66%
70%
74%
78%
80%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Other
Conducting employment interviews
Manager accountability for misconduct by subordinates
How to incorporate ethics in business decision making
Preventing and spotting retaliation
Establishing the tone from the middle (how to promote a
culture of integrity)
Maintaining an open door environment
How to encourage employees to raise concerns and reports
Handling employee reports and concerns
Specify which topics are included in the management-specific
compliance and ethics training. (select all that apply)
-
7/24/2019 Ce Pe Report
75/141
2014, SCCE | NYSE Governance Services, all rights reserved
The most prevalent characteristics of manager-specific compliance and ethics training include requiring
completion for managers (68 percent), tracking for completion rates (53 percent), reviewing and
refreshing content on a regular basis (49 percent), and being conducted as part of new hire manager
orientation (47 percent).
18%
27%
28%
47%
49%
53%
68%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Testing results are tracked and maintained
Includes comprehension testing
Completion of training is part of manager performance
evaluation
Conducted as part of new manager orientation (upon
hire or promotion)
Content is reviewed and refreshed on a regular basis
Tracked for completion rates
Completion is mandatory for all managers with direct
reports
Identify which of the following characteristics applies to your manager-specific compliance and ethics training. (select all that apply)
-
7/24/2019 Ce Pe Report
76/141
2014, SCCE | NYSE Governance Services, all rights reserved
The results are fairly even when it comes to maintaining a documented communication plan, with
slightly more than half of respondents (53 percent) maintaining such a plan. For organizations that do
have a communication plan, nearly two-thirds (64 percent) address multiple risk areas and nearly as
many (63 percent) include a rollout schedule and specify the communication frequency (58 percent).
47%53%
Does your compliance and ethics function maintain a documented
communication plan?
Yes
No
-
7/24/2019 Ce Pe Report
77/141
2014, SCCE | NYSE Governance Services, all rights reserved
2%
25%
27%
42%
50%
52%
53%
53%
58%
63%
64%
0% 10% 20% 30% 40% 50% 60% 70%
Other
The communication plan takes a multi-year approach
The communication plan calls for implementation by
different business functions (e.g., finance, HR, sales)
The communication plan is created through cross-functional
collaboration
The communication plan includes defined target audiences
The communication plan covers one year of communications
The communication plan addresses the modality of
communication for each topic/audience
The communication plan utilizes message delivery by various
internal leaders (e.g., CEO, Chief Compliance Officer, managers)
The communication plan includes communication frequency
The communication plan includes a rollout schedule
The communication plan addresses multiple risk areas
Which of the following apply to your documented communication plan? (select all
that apply)
-
7/24/2019 Ce Pe Report
78/141
2014, SCCE | NYSE Governance Services, all rights reserved
Respondents use a wide variety of avenues to communicate compliance and ethics messages within
their organizations. The most commonly used options include emails (79 percent), printed materials (66
percent), intranet site/portal (59 percent), senior executive meetings (44 percent), and newsletters (42
percent).
2%
2%
5%
9%
19%
24%
27%
30%
30%
33%
42%
44%
59%
66%
79%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Podcasts
Other
No communication initiatives are currently in place
Blogs
Annual organization-wide kickoff meetings
Videos
Town hall meetings
Interactive scenarios, games and/or quizzes
Periodic compliance road show
Organization-wide initiatives (e.g., compliance week)
Newsletter
Senior executive meetings
Intranet site/portal dedicated to compliance and ethics
Printed materials (e.g., posters, wallet cards, table tents,
guidebooks, brochures)
Emails
Which communication initiatives (aside from formal training) are utilized tocommunicate compliance and ethics messages within your organization?
(select all that apply)
-
7/24/2019 Ce Pe Report
79/141
2014, SCCE | NYSE Governance Services, all rights reserved
Twenty-nine percent of organizations send compliance and ethics communications to the entire
employee population on an annual basis, while 24 percent send such communications quarterly. A
significant amount of respondents (27 percent) send quarterly communications to a partial employee
population (limited based on translations), and another 27 percent send such messages quarterly to a
partial employee population (limited based on computer access).
How frequently are compliance and ethics communications utilized within your
organization? (select all that apply)
Entire employee population
Partial employee
population (limited based
on translations)
Partial employee
population (limited based
on computer access)
Ongoing (at least twice per
month) 15% 16% 11%
Monthly 19% 18% 16%
Quarterly 24% 27% 27%
Biannually 7% 13% 10%
Annually 29% 15% 21%
Less frequent than annually 6% 12% 14%
Frequency
Audience
-
7/24/2019 Ce Pe Report
80/141
2014, SCCE | NYSE Governance Services, all rights reserved
Three-quarters of respondents (75 percent) incorporate real life examples of compliance issues,
breaches, or unethical behavior into their communications. Of those who do, more than half (51
percent) share these communications via learning aids within training sessions. Other common methods
of sharing include emails (41 percent), newsletters (38 percent), and the compliance intranet and town
hall meetings at 26 percent each.
75%
25%
Does your compliance and ethics function utilize real life examples (from
within your organization and scrubbed for detail) of compliance issues,
breaches or unethical behavior in communications?
YesNo
1%
2%
11%
21%
26%
26%
38%
41%
51%
0% 10% 20% 30% 40% 50% 60%
Podcasts
Blogs
Other
Comprehension aids within the Code and/or
policies
Town hall meetings
Dedicated area on the compliance and ethics
intranet site
Newsletters
Emails
Learning aids within training sessions
How are these real life examples shared with the employee
population? (select all that apply)
-
7/24/2019 Ce Pe Report
81/141
2014, SCCE | NYSE Governance Services, all rights reserved
Organizations reportedly utilize a wide array of communication avenues. Nearly six out of ten
respondents (59 percent) feature an introductory letter within the Code, while 58 percent distribute
emails to the workforce. Other well-used avenues include a training introduction or video letter (46
percent), town hall meetings (30 percent), annual or organization-wide meetings (26 percent), and
company newsletters (24 percent).
1%
3%
7%
8%
8%
14%
15%
20%
24%
26%
30%
46%
58%
59%
0% 10% 20% 30% 40% 50% 60% 70%
Podcasts
Other
Blogs
Interactive Q&A (e.g., internal message board, chat f unctionality)
No senior executive communication methods are utilized
Videos
Onboarding video(s)
Intranet site video(s)
Newsletter
Annual kickoff or other organization-wide meetings
Town halls or brown bag lunches
Compliance and ethics training introduction video or letter
Emails to workforce
Code of Conduct introduction letter
Select which types of communication coming from executive leadership are used within
your organization to discuss compliance and ethics. (select all that apply)
-
7/24/2019 Ce Pe Report
82/141
2014, SCCE | NYSE Governance Services, all rights reserved
Compliance and ethics communications from senior management are featured with varying frequency;
however, annually (38 percent) and quarterly (19 percent) were the most prevalent. An emerging best
practice in these communications is to include examples of personal ethical decisions. Twenty-nine
percent of respondents opt to do so.
38%
20% 19%
11%
6%
3% 2%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Annually Other Quarterly Biannually Monthly Bimonthly Weekly
How frequently are compliance and ethics communications
from senior executives issued within your organization?
29%
71%
Does senior leadership include examples of personal ethical
decisions in these communications?
Yes
No
-
7/24/2019 Ce Pe Report
83/141
2014, SCCE | NYSE Governance Services, all rights reserved
Sixty-five percent of respondents reportedly offer communications to mid-level managers to discuss
compliance and ethics. The top two communication avenues utilized were holding discussions within
business unit/department meetings (44 percent), and sending emails related to business
units/departments (40 percent). Twenty percent of respondents offer such communications on a
quarterly basis, while 19 percent distribute them annually, and 14 percent offer them on a monthly
basis.
0%
1%
5%
10%
10%
10%
17%
17%
18%
35%
40%
44%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Blogs
Podcasts
Other
Interactive Q&A
Annual kickoff or other organization-wide meetings
Intranet site video(s)
Onboarding discussions
Town halls or brown bag lunches
Newsletter
No mid-level management communication methods are utilized
Emails to related business units/departments
Discussions within business unit/department meetings
Select which types of communications coming from mid-level managers are used
within your organization to discuss compliance and ethics. (select all that apply)
33%
20%19%
14%
7%
4% 3%
0%
5%
10%
15%
20%
25%
30%
35%
Other Quarterly Annually Monthly Biannually Weekly Bimonthly
How frequently are compliance and ethics
communications from mid-level managers issued
within your organization?
-
7/24/2019 Ce Pe Report
84/141
2014, SCCE | NYSE Governance Services, all rights reserved
Additionally, 65 percent of organizations reportedly provide managers with compliance and ethics
promotion resources. Of those respondents, one-third (33 percent) provide intranet resources
dedicated to managers, 29 percent discuss compliance and ethics issues regularly at manager-level
business meetings, and the same amount (29 percent) provide printed materials on compliance and
ethics specifically directed to managers. Twenty-seven percent provide regular communications from
the ethics and compliance function for managers to distribute to direct reports. One quarter (25
percent) of respondents indicate that managersteams are presented with material at
meetings/seminars hosted by the compliance and ethics function. Lastly, one out of five (20 percent)
utilize manager toolkits.
3%
20%
25%
27%
29%
29%
33%
35%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Other
Compliance and ethics communication toolkit (e .g., pre -made
PPTs, speaking guides)
Meetings/seminars with compliance and ethics personnel for
managers teams (e.g., brown bag lunch)
Regular communication from compliance and ethics function
specifically created so managers can send to their employees
Printed materials on compliance and ethics specifically directed
to managers (e.g., guidebooks, reference guides)
Compliance and ethics issues regularly discussed at manager
level business meetings
Intranet resources on compliance and ethics specifically directed
to managers
No compliance and ethics promotion resources are currently
provided to managers
Indicate which of the following compliance and ethics resources
are provided to managers with direct reports in order to help
them promote compliance and ethics within the organization.
(select all that apply)
-
7/24/2019 Ce Pe Report
85/141
2014, SCCE | NYSE Governance Services, all rights reserved
MONITORING AND AUDITING
When it comes to misconduct reporting, the overwhelming majority of organizations (95 percent) use
systems that allow for anonymous communication. In addition, 68 percent of organizations have made a
reporting system available to third parties, such as agents and vendors, and 65 percent allow users to
seek guidance regarding ethics and compliance concerns through their reporting system.
Organizations reportedly offer a wide variety of reporting avenues. Key options include compliance and
ethics