State:

National
Ethics is a standard of acceptable behavior or a set of rules by which to judge decisions and conduct. In the workplace, ethics may be referred to as business ethics or corporate responsibility, but the overall idea is that of instilling a sense of values and knowledge of what is right and wrong throughout the organization.
First, of course, there are the negative consequences of unethical conduct to consider. Many corporate leaders have been prosecuted and incarcerated for their unethical behavior. Furthermore, federal laws have set strict guidelines for required conduct in areas where unethical behavior is particularly risky—for example, in financial reporting. The Sarbanes-Oxley Act of 2002 (SOX) and the Federal Sentencing Guidelines have placed strict legal requirements on covered employers.
But there are also positive rewards for engaging in ethical conduct. Ethical conduct is good for business and is the basis for long-term success in any organization. It promotes a strong public image for the organization because people respect an organization that makes ethical choices. Customers like doing business with an organization they can trust.
Ethical conduct also makes the best use of resources. Money, time, and effort are put into productive activities rather than diverted for questionable purposes or personal gain. Ethical conduct on the part of all employees also helps maintain quality and productivity. When employees follow ethical standards, they do not cut corners or shortchange the company or its customers.
Ethical behavior assists the organization to comply with laws and regulations, because what is ethical is also legal. Last, ethical conduct boosts morale and promotes teamwork. When employees can trust one another and management, they can work together more harmoniously and effectively.
Making ethical choices on the job, even for the ethically minded, is not always easy. Many ethical problems fall in a “gray area,” where what is right or wrong is not obvious. There may be many reasons that drive people to cross the line and act unethically. Here are a few examples:
• Conflicts of interest force employees to choose between self-interest and the interests of coworkers, the department, or the organization. Sometimes the choice is between the interests of a customer and the interests of the organization, or between the community and the organization.
• Sometimes it is hard to draw a line between personal and business relationships. Employees forge friendships with coworkers, yet may have to make professional choices that do not seem very friendly. For example, if a coworker does something wrong, an employee may have to report the situation. If a customer with whom an employee has a good relationship tries to use the relationship in some unethical way, the employee is in a difficult situation.
• Massaging the truth, telling “little white lies,” and failing to tell the whole story can all have an effect on the outcome of a situation.
• Confidential information is exactly that—confidential and privileged. Ethically, employees cannot use any confidential business information for self-gain or pass along such information to benefit friends or family, whether that information is about the organization or its customers.
• Laws and regulations are another problem area. There are many confusing laws. Even if an employee understands the law, he or she may not agree with it. It can be tempting to cut corners or forget about the details.
• Pressure to succeed, pressure to get ahead, pressure to meet deadlines and expectations, and pressure from coworkers, bosses, customers, or vendors to engage in unethical activities or at least look the other way can drive people to do things they would not normally do.
• Some people make unethical choices because they are not really sure what is the right thing to do. Ethical problems are often complicated, and the proper choice may be far from obvious.
• Self interest, personal gain, ambition, and downright greed are at the bottom of a lot of unethical activity in business. Also, there are those who simply never learned or do not care about ethical values. Because such individuals have no personal ethical values, they do not have any basis for understanding or applying ethical standards in business.
• Misguided loyalty can cause employees to lie because they think that, in doing so, they are being loyal to the organization or to their bosses.
Foundations of Ethical Conduct. Ethics policies and codes are built on basic ethical values that apply to any job. These values include the following:
Integrity. Being honest, keeping promises.
Loyalty. Supporting the organization’s mission and policies, protecting privileged information, and cooperating with others in the organization to promote common goals.
Respect. Treating others professionally, with courtesy and tolerance.
Accountability. Taking responsibility for one's actions and requiring the same of coworkers.
Fairness. Acting consistently and impartially at all times.
Responsibility. Obeying laws and regulations and acting appropriately toward the community where business takes place and the public in general.
Effective ethics programs consist of many moving parts. However, the basic elements of an effective ethics program are:
• An ethics policy, including written standards of conduct;
• An ethics training program;
• Reliable resources for ethics consultation and advice;
• A confidential and effective system for reporting ethics violations;and
• An established policy and practice of investigating and disciplining or discharging employees found guilty of ethical violations.
Employees must be highly familiar with each element of the ethics program and feel comfortable using the various resources available to them. These elements are discussed in more detail in the following sections.
Strong ethics policies cover five elements: responsibility, respect, fairness, honesty, and compassion. A company’s code of ethics should define these elements and set the appropriate behavioral standard. Ethics policies often vary by company as different organizations have different values and concerns.
In order to form a comprehensive and effective policy, consider enlisting a policy committee and involve management. Any list of prohibited behaviors should be clearly identified as not all-inclusive. Don't be too specific. Other policies that govern ethical behavior in the workplace are workplace romance, e-mail appropriateness, Internet use, confidentiality, security, and harassment.
Issues to consider. Most employers don't have to look very far to discover potential areas of unethical activity. It's a good idea to sit down with the members of an organization's policy committee and ask them to compile a list of what they regard as "unethical" in their particular areas. The lists should be combined with similar examples grouped into broader categories of forbidden activities. Remember:
• The goal of any policy on business ethics should be to make supervisors (and through them, employees) aware of the responsibility they must all share for promoting and protecting the company's best interests. Many times employees engage in questionable activities without even thinking that they might be endangering the company's profits or reputation. But once an organization has established a formal policy statement outlining exactly what is considered unethical behavior and what steps will be taken, there is no excuse for violations.
• Consider conducting an annual review of the policy. A policy may need to be revised to reflect changes in the company. An organization also may want to periodically appoint a group of employees to rewrite the policy. That process may serve as a reminder of the policy.
Sample ethics policies are available on HR.BLR.com under the Timesavers tab. One such policy is available here.
HR Internal Controls. When working toward an ethical workplace, HR can help set the example by establishing an honest, ethical HR department. The following is a list of some of the controls that may be implemented to ensure the accuracy of HR operations:
Compensation:
• Ensuring security of payroll systems, computer security systems
• Verification of payroll records, balances
• Proper processes for verifying paid employees, identities
• Ensuring proper timekeeping
Benefits:
• Proper, accurate systems for recording and reporting pension balances, expenses
• Controls to oversee third-party outsourced services, ensure proper, consistent oversight
• Systems to ensure that records of employee contributions and stock options are accurate
• Processes to ensure control and accuracy of workers’ compensation claims and to decrease or limit losses
Operations:
• Establishing adequate screening procedures to eliminate high-liability employees
• Proper, legal procedures for discipline and termination of employees to comply with the law
• Establishing effective and well-publicized procedures for receiving and addressing whistleblower claims (ethics and safety), reports of harassment, and other complaints
Confidentiality:
• Establishing proper controls to protect privacy and ensure the confidentiality of employee's individual information
(Source: Robert Yanak, Jefferson Wells International)
SOX was adopted in the wake of the Enron, WorldCom, and other corporate scandals, as well as reforms adopted by the New York Stock Exchange. Section 406 of the Act specifically addresses corporate codes of ethics and disclosure requirements in corporations.
Under Section 406, publicly traded companies are required to disclose whether they have a code of ethics for senior financial executives, including a principal financial officer and a comptroller or principal accounting officer. Section 406 defines a "code of ethics" as standards that are reasonably necessary to promote:
• Honest and ethical conduct, including in dealing with conflicts of professional and personal interests;
• Full, fair, accurate, and timely disclosure in required reports; and
• Compliance with federal rules and regulations.
Publicly traded companies also must file their code of ethics, or any change to the code, as an exhibit in their annual report or on their website and provide a free copy on request. If a covered company does not have an ethics code, it must explain why. SOX applies to companies that are publicly traded and also to private subsidiaries of publicly traded companies.
Although only publicly traded companies are required to abide by SOX's ethical standards, many private and not-for-profit organizations are voluntarily following suit as a matter of good business practice.
In addition to the ethics provisions specifically included in SOX, the law requires covered employers to comply with several other key requirements. SOX Sec. 404 requires that public companies and their independent auditors show the Securities and Exchange Commission (SEC) that their financial numbers are accurate and that they have processes in place to ensure that accuracy.
If an organization is covered by SOX, it must comply with these requirements. If an organization is not covered by SOX, it still may be wise to consider implementing some or all of these measures as part of a good-faith effort to build an ethical and safe business environment:
Internal controls. SOX Sec. 404 requires that covered organizations establish "internal controls" for financial reporting, management’s assessment of those controls, and an auditor's report. These internal controls are subject to regular auditing. Registered public accounting firms that perform audits must attest to, and report on, the management's internal controls assessment. The requisite internal controls focus on several areas, including mitigating the possibility of financial restatement, providing for security of assets (i.e., preventing paying employees who don't exist), providing for approval processes over transactions, and providing for record retention and financial disclosures.
Whistleblowers. SOX makes it illegal for a public stock company to discharge or in any way discriminate against an employee because the person provides information or assists in an investigation by a federal regulatory or law enforcement agency, member of Congress, company supervisor, or investigator regarding conduct the employee reasonably believes violates federal fraud law or SEC rules and regulations.
The civil whistleblower provisions of the Act also extend liability to any officer, employee, contractor, subcontractor, or agent of the company. SOX does neither preempt state whistleblower laws nor does it prevent employees from pursuing rights under a collective bargaining agreement.
The Dodd-Frank Wall Street Reform and Consumer Protection Act created new whistleblower protections and expanded those in existing law. The Dodd-Frank Act provides significant financial incentives for employees to disclose to government officials what they believe may be illegal conduct by their employers. Please see the national Termination (with Discharge) section.
Responsibility for financial reports. SOX requires that both the chief executive officer and chief financial officer of a publicly traded corporation must certify the accuracy of financial statements that are filed as periodic reports with the SEC. A corporate officer who certifies the information but knows that the report does not comply with the law is subject to a fine up to $1,000,000 or imprisonment for 10 years, or both. A corporate officer who willfully certifies information but knows that the report does not comply with the law is subject to a fine up to $5,000,000 or imprisonment for 20 years, or both. The law also prohibits the chief executive officer and chief financial officer from attempting to influence or mislead auditors.
Blackout periods. SOX mandates that no officer, director, or other insider may buy or sell company stock during pension fund blackout periods. It also requires 30 days' notification to employees in advance of blackout periods. This applies to 401(k) plans as well as other retirement plans. Please see the national Retirement Savings/401(k) section.
Restrictions on loans. Under SOX, public stock companies may not make loans to their executive officers and directors. The prohibition is designed to limit hidden compensation offered to executives but not disclosed to shareholders. It does not apply to home improvement and manufactured home loans, credit and charge cards issued by businesses to their employees, or margin loans for personal securities brokerage accounts held by employees of a brokerage firm. The prohibition on loans does not apply retroactively to loans made before July 30, 2002. Please see the national ERISA section.
Destruction of documents. SOX makes it a felony to knowingly alter, conceal, destroy, or create documents to impede, obstruct, or influence a federal investigation. The Act includes white-collar crime penalty enhancements, including hefty fines and imprisonment for up to 20 years for tampering with records. Accountants who audit companies that issue securities must keep all audit records and papers for 5 years from the end of the fiscal year in which the audit was conducted. Accountants who knowingly and willfully fail to maintain the documents for the specified time period are subject to fines and imprisonment for up to 10 years.
Public Company Accounting Oversight Board. SOX established the Public Company Accounting Oversight Board to supervise the audits of public companies governed by securities laws. Among other duties, the Board is responsible for:
• Registering public accounting firms that audit issuers of securities;
• Creating auditing, ethics, quality control, and similar standards concerning the preparation of audit reports;
• Promoting high standards of quality and professionalism;
• Inspecting registered public accounting firms; and
• Investigating improper actions and imposing sanctions upon registered public accounting firms.
Audit committees. The law requires public companies to have audit committees to establish procedures for receiving and investigating complaints regarding internal controls, accounting, and auditing, and to oversee the work of the company’s auditors.
Although SOX applies predominantly to publicly traded companies, some SOX sections dealing with pensions, 401(k) plans, and whistleblower protection also apply to companies that are contractors or subcontractors of public companies.
Whistleblowing. The whistleblowing provisions of SOX prohibit “any officer, employee, contractor, subcontractor, or agent of” a public company from discharging, discriminating, or otherwise retaliating against “an employee” because of that employee’s whistleblower activities.
The Department of Labor (DOL), which enforces federal whistleblower protections under SOX, has interpreted these provisions to also protect employees of private contractors and subcontractors when the contractors perform work for public companies. In a recent decision, the U.S. Supreme Court confirmed that "an employee" as protected by the SOX whistleblowing provisions also includes employees of the officers, employees, contractors, subcontractors, and agents of the public company (Lawson v. FMR LLC., 571 U. S. ____ (2014)).
Voluntary compliance. An organization also should consider the implications of SOX requirements if it is planning to go public or to be acquired by a public company. Many organizations choose to voluntarily comply with SOX's requirements in order to make the organization more marketable to future investors. Finally, many nonprofit organizations are choosing to follow SOX voluntarily in order to create an ethical and stable business environment.
Initially, it was believed that SOX's requirements created more work for accountants and attorneys. However, closer examination of the law shows that human resources professionals at publicly traded organizations (especially smaller companies with fewer resources) also shoulder much of the responsibility for SOX compliance. Specifically, human resources professionals are often called on to:
• Conduct or arrange for training to educate directors, officers, employees, and auditors about their legal obligations under SOX.
• Create procedures for addressing SOX complaints and preventing retaliation for such complaints.
• Establish record retention protocol for SOX-related documents.
• Create or review and revise the organization's code of conduct.
• Establish and/or review executive pay practices and stock options policies.
• Create internal controls for accurate financial reporting of HR-related costs (see below for details).
In 2004, the United States Sentencing Commission's Federal Sentencing Guidelines were amended to specify seven requirements for ethics policies that apply to corporations, partnerships, associations, unions, trusts, pension funds, unincorporated organizations, governments, and nonprofit organizations. The Sentencing Guidelines require that organizations establish an “effective program” to prevent and detect violations of law. A company facing criminal penalties would likely face smaller penalties if it has met the seven requirements. The seven requirements are as follows:
1. Establishing standards and procedures to prevent and detect criminal conduct.
2. Assigning a specific high-level person to oversee the compliance program. The person must be knowledgeable about the content and operation of the compliance and ethics program and exercise reasonable oversight of the compliance and ethics program.
3. Taking due care in the delegation of substantial discretionary authority to individuals (i.e., being careful to select an objective, high-level person to investigate any violations). Give adequate resources to compliance and ethics officers to carry out their jobs.
4. Communicating standards and procedures to all employees through training and through printed and electronic materials.
5. Monitoring and auditing the operation of the compliance program and establishing a help line to report possible wrongdoings.
6. Consistently enforcing discipline for violations by employees.
7. Responding promptly to any wrongdoing and remedying any deficiencies.
Meeting the requirements. The requirements do not provide specific details for the implementation of an effective program, thus allowing organizations to have flexibility and independence in creating programs appropriate to their business or situation. To determine what specific steps should be taken to satisfy the requirements of the Sentencing Guidelines, an organization should consider:
• Applicable practice within the industry or standards required by any applicable governmental regulation. A company or organization that fails to adhere to proper industry practice or governmental regulations may not have implemented an effective compliance and ethics program.
• The size of the organization. The formality and scope of the steps taken to comply with the requirements depend on the organization's size. Large organizations often need to use more formal procedures and more resources than smaller companies to meet the requirements. They also should encourage smaller companies with which they do business to have effective programs in place. While small organizations must meet the same requirements as large organizations, small companies may achieve this by using less formal procedures and fewer resources. For example, small companies may use informal meetings to train employees on ethics policies, assign available staff (rather than hire new personnel) to oversee the compliance and ethics program, or model their program on the proven ethics programs and best practices of similar companies.
• Recurrence of similar misconduct. If similar acts of misconduct continue to occur, an organization's compliance with the requirements is called into question.
Training required. Under the Sentencing Guidelines, compliance and ethics training is a requirement in all levels of an organization. Such training should be ongoing, requiring periodic updates.
Criminal penalties. For federal laws that include criminal penalties (i.e., the Fair Labor Standards Act, OSH Act, pattern of violations under the Immigration Reform and Control Act, or resisting Equal Employment Opportunity Commission investigations in age discrimination and Title VII investigations), the Guidelines would be used to assess individual criminal liability.
Both SOX and the amended Federal Sentencing Guidelines require ethics training to prevent and mitigate employer liability for unethical or criminal conduct. The amended Guidelines state that training must occur periodically, so onetime training is not enough. Instead, employers may choose to use a multiyear program that features core training topics and a rotating menu of supplemental topics. These training programs should be reviewed regularly for effectiveness, relevance, and the impact of new laws.
The Guidelines distinguish between what training is required of large versus small organizations, because the resources available to create compliance and ethics programs will vary by the size of the company. As discussed earlier, small organizations are required to train their employees with less formality and fewer resources than large companies. For instance, in small companies, employees may be trained in informal staff meetings. Monitoring can be accomplished during regular walk-throughs or by continual observation during the general management of the company. In addition, personnel on staff may conduct the training, rather than hiring trainers outside the company.
Getting started. To establish an ethics training program, first set standards for ethical behavior in the organization and determine what training is needed to reach the standards. Companies should outline the training steps and goals and provide a written copy of the company's code of ethics. To be effective, training must be mandatory for all employees. In addition, the training program should include an open discussion of relevant employment laws, a framework for resolving ethical dilemmas in the workplace, the organization's system for reporting ethical violations, "you-make-the-call" role-playing exercises, and a list of resources for help with ethical decision-making.
Understanding the law. In order to ensure that employees act ethically and comply with applicable laws, employers must first make sure that the employees know which laws apply to their workplace behavior. For example, managers must know what questions they may and may not ask during applicant interviews, managers must understand leave and disability laws so as not to discriminate, and employees must understand limits on vendor gifts. See topics for training, below, for more details.
Framework for resolving dilemmas. In order to give employees a concrete vision of what constitutes an ethical dilemma and how to decide what to do when they encounter an ethical dilemma, consider providing a basic framework for decision making. For instance, train employees to ask the following questions if they are in doubt when faced with an ethical dilemma at work:
• Is the action legal?
• Does it comply with our values?
• If you do it, will you feel bad?
• How will it look in the newspaper, or if family and friends know about it?
• If you know it’s wrong, don’t do it!
• If you’re not sure, ask.
• Keep asking until you get an answer.
Reporting ethics violations. Key provisions of SOX and the Federal Sentencing Guidelines prohibit retaliation or discrimination against whistleblowers. In order to prevent illegal discrimination or retaliation, employers must establish systems for reporting ethics violations and teach employees how to report such violations or ask about questionable activity. The most effective means are confidential and occur outside the "chain of command" within an organization; for example, a toll-free telephone number with voice mail, an e-mail address, and a physical drop box.
Topics for training. Specific issues that should be covered in ethics training include, but are not limited to, holding a second job; authority of employees to grant discounts to customers; gifts (there may be a limitation on receiving all gifts or gifts over a certain value); whether employees may have personal financial dealings with or invest in companies that supply materials to or buy materials from your company; office romances; confidential information; how to use company funds; privacy policies; whether employees' families may take advantage of employee discounts; whether employees may use fictitious names while conducting business; harassment of all types; employees performing acts of hospitality toward public officials; bribery; prohibitions on all illegal activity; kickbacks; performing 'outside' work that competes with the company; insider information; borrowing or lending money; recruiting employees to work for another organization not related to the company; conflicts of interest; campaign contributions; investigations of ethics violations; and disciplinary action for ethics violations.
Under the revised Federal Acquisition Regulation (FAR), contractors and subcontractors who enter into a contract with the federal government for a period of 120 days or more and that is expected to exceed $5 million must have a written code of business ethics and conduct, promote compliance with the code, establish an awareness program, establish an internal control system, and must post the Office of the Inspector General (OIG) Fraud Hotline poster. Please see the national Government Contractors section.
For additional information on SOX, as well as contact information for SEC's national and 11 regional offices, employers may visit http://www.sec.gov.
For additional information on the Federal Sentencing Guidelines, employers may visit http://www.ussc.gov.
Last reviewed on October 31, 2016.
Related Topics:
National
Ethics is a standard of acceptable behavior or a set of rules by which to judge decisions and conduct. In the workplace, ethics may be referred to as business ethics or corporate responsibility, but the overall idea is that of instilling a sense of values and knowledge of what is right and wrong throughout the organization.
First, of course, there are the negative consequences of unethical conduct to consider. Many corporate leaders have been prosecuted and incarcerated for their unethical behavior. Furthermore, federal laws have set strict guidelines for required conduct in areas where unethical behavior is particularly risky—for example, in financial reporting. The Sarbanes-Oxley Act of 2002 (SOX) and the Federal Sentencing Guidelines have placed strict legal requirements on covered employers.
But there are also positive rewards for engaging in ethical conduct. Ethical conduct is good for business and is the basis for long-term success in any organization. It promotes a strong public image for the organization because people respect an organization that makes ethical choices. Customers like doing business with an organization they can trust.
Ethical conduct also makes the best use of resources. Money, time, and effort are put into productive activities rather than diverted for questionable purposes or personal gain. Ethical conduct on the part of all employees also helps maintain quality and productivity. When employees follow ethical standards, they do not cut corners or shortchange the company or its customers.
Ethical behavior assists the organization to comply with laws and regulations, because what is ethical is also legal. Last, ethical conduct boosts morale and promotes teamwork. When employees can trust one another and management, they can work together more harmoniously and effectively.
Making ethical choices on the job, even for the ethically minded, is not always easy. Many ethical problems fall in a “gray area,” where what is right or wrong is not obvious. There may be many reasons that drive people to cross the line and act unethically. Here are a few examples:
• Conflicts of interest force employees to choose between self-interest and the interests of coworkers, the department, or the organization. Sometimes the choice is between the interests of a customer and the interests of the organization, or between the community and the organization.
• Sometimes it is hard to draw a line between personal and business relationships. Employees forge friendships with coworkers, yet may have to make professional choices that do not seem very friendly. For example, if a coworker does something wrong, an employee may have to report the situation. If a customer with whom an employee has a good relationship tries to use the relationship in some unethical way, the employee is in a difficult situation.
• Massaging the truth, telling “little white lies,” and failing to tell the whole story can all have an effect on the outcome of a situation.
• Confidential information is exactly that—confidential and privileged. Ethically, employees cannot use any confidential business information for self-gain or pass along such information to benefit friends or family, whether that information is about the organization or its customers.
• Laws and regulations are another problem area. There are many confusing laws. Even if an employee understands the law, he or she may not agree with it. It can be tempting to cut corners or forget about the details.
• Pressure to succeed, pressure to get ahead, pressure to meet deadlines and expectations, and pressure from coworkers, bosses, customers, or vendors to engage in unethical activities or at least look the other way can drive people to do things they would not normally do.
• Some people make unethical choices because they are not really sure what is the right thing to do. Ethical problems are often complicated, and the proper choice may be far from obvious.
• Self interest, personal gain, ambition, and downright greed are at the bottom of a lot of unethical activity in business. Also, there are those who simply never learned or do not care about ethical values. Because such individuals have no personal ethical values, they do not have any basis for understanding or applying ethical standards in business.
• Misguided loyalty can cause employees to lie because they think that, in doing so, they are being loyal to the organization or to their bosses.
Foundations of Ethical Conduct. Ethics policies and codes are built on basic ethical values that apply to any job. These values include the following:
Integrity. Being honest, keeping promises.
Loyalty. Supporting the organization’s mission and policies, protecting privileged information, and cooperating with others in the organization to promote common goals.
Respect. Treating others professionally, with courtesy and tolerance.
Accountability. Taking responsibility for one's actions and requiring the same of coworkers.
Fairness. Acting consistently and impartially at all times.
Responsibility. Obeying laws and regulations and acting appropriately toward the community where business takes place and the public in general.
Effective ethics programs consist of many moving parts. However, the basic elements of an effective ethics program are:
• An ethics policy, including written standards of conduct;
• An ethics training program;
• Reliable resources for ethics consultation and advice;
• A confidential and effective system for reporting ethics violations;and
• An established policy and practice of investigating and disciplining or discharging employees found guilty of ethical violations.
Employees must be highly familiar with each element of the ethics program and feel comfortable using the various resources available to them. These elements are discussed in more detail in the following sections.
Strong ethics policies cover five elements: responsibility, respect, fairness, honesty, and compassion. A company’s code of ethics should define these elements and set the appropriate behavioral standard. Ethics policies often vary by company as different organizations have different values and concerns.
In order to form a comprehensive and effective policy, consider enlisting a policy committee and involve management. Any list of prohibited behaviors should be clearly identified as not all-inclusive. Don't be too specific. Other policies that govern ethical behavior in the workplace are workplace romance, e-mail appropriateness, Internet use, confidentiality, security, and harassment.
Issues to consider. Most employers don't have to look very far to discover potential areas of unethical activity. It's a good idea to sit down with the members of an organization's policy committee and ask them to compile a list of what they regard as "unethical" in their particular areas. The lists should be combined with similar examples grouped into broader categories of forbidden activities. Remember:
• The goal of any policy on business ethics should be to make supervisors (and through them, employees) aware of the responsibility they must all share for promoting and protecting the company's best interests. Many times employees engage in questionable activities without even thinking that they might be endangering the company's profits or reputation. But once an organization has established a formal policy statement outlining exactly what is considered unethical behavior and what steps will be taken, there is no excuse for violations.
• Consider conducting an annual review of the policy. A policy may need to be revised to reflect changes in the company. An organization also may want to periodically appoint a group of employees to rewrite the policy. That process may serve as a reminder of the policy.
Sample ethics policies are available on HR.BLR.com under the Timesavers tab. One such policy is available here.
HR Internal Controls. When working toward an ethical workplace, HR can help set the example by establishing an honest, ethical HR department. The following is a list of some of the controls that may be implemented to ensure the accuracy of HR operations:
Compensation:
• Ensuring security of payroll systems, computer security systems
• Verification of payroll records, balances
• Proper processes for verifying paid employees, identities
• Ensuring proper timekeeping
Benefits:
• Proper, accurate systems for recording and reporting pension balances, expenses
• Controls to oversee third-party outsourced services, ensure proper, consistent oversight
• Systems to ensure that records of employee contributions and stock options are accurate
• Processes to ensure control and accuracy of workers’ compensation claims and to decrease or limit losses
Operations:
• Establishing adequate screening procedures to eliminate high-liability employees
• Proper, legal procedures for discipline and termination of employees to comply with the law
• Establishing effective and well-publicized procedures for receiving and addressing whistleblower claims (ethics and safety), reports of harassment, and other complaints
Confidentiality:
• Establishing proper controls to protect privacy and ensure the confidentiality of employee's individual information
(Source: Robert Yanak, Jefferson Wells International)
SOX was adopted in the wake of the Enron, WorldCom, and other corporate scandals, as well as reforms adopted by the New York Stock Exchange. Section 406 of the Act specifically addresses corporate codes of ethics and disclosure requirements in corporations.
Under Section 406, publicly traded companies are required to disclose whether they have a code of ethics for senior financial executives, including a principal financial officer and a comptroller or principal accounting officer. Section 406 defines a "code of ethics" as standards that are reasonably necessary to promote:
• Honest and ethical conduct, including in dealing with conflicts of professional and personal interests;
• Full, fair, accurate, and timely disclosure in required reports; and
• Compliance with federal rules and regulations.
Publicly traded companies also must file their code of ethics, or any change to the code, as an exhibit in their annual report or on their website and provide a free copy on request. If a covered company does not have an ethics code, it must explain why. SOX applies to companies that are publicly traded and also to private subsidiaries of publicly traded companies.
Although only publicly traded companies are required to abide by SOX's ethical standards, many private and not-for-profit organizations are voluntarily following suit as a matter of good business practice.
In addition to the ethics provisions specifically included in SOX, the law requires covered employers to comply with several other key requirements. SOX Sec. 404 requires that public companies and their independent auditors show the Securities and Exchange Commission (SEC) that their financial numbers are accurate and that they have processes in place to ensure that accuracy.
If an organization is covered by SOX, it must comply with these requirements. If an organization is not covered by SOX, it still may be wise to consider implementing some or all of these measures as part of a good-faith effort to build an ethical and safe business environment:
Internal controls. SOX Sec. 404 requires that covered organizations establish "internal controls" for financial reporting, management’s assessment of those controls, and an auditor's report. These internal controls are subject to regular auditing. Registered public accounting firms that perform audits must attest to, and report on, the management's internal controls assessment. The requisite internal controls focus on several areas, including mitigating the possibility of financial restatement, providing for security of assets (i.e., preventing paying employees who don't exist), providing for approval processes over transactions, and providing for record retention and financial disclosures.
Whistleblowers. SOX makes it illegal for a public stock company to discharge or in any way discriminate against an employee because the person provides information or assists in an investigation by a federal regulatory or law enforcement agency, member of Congress, company supervisor, or investigator regarding conduct the employee reasonably believes violates federal fraud law or SEC rules and regulations.
The civil whistleblower provisions of the Act also extend liability to any officer, employee, contractor, subcontractor, or agent of the company. SOX does neither preempt state whistleblower laws nor does it prevent employees from pursuing rights under a collective bargaining agreement.
The Dodd-Frank Wall Street Reform and Consumer Protection Act created new whistleblower protections and expanded those in existing law. The Dodd-Frank Act provides significant financial incentives for employees to disclose to government officials what they believe may be illegal conduct by their employers. Please see the national Termination (with Discharge) section.
Responsibility for financial reports. SOX requires that both the chief executive officer and chief financial officer of a publicly traded corporation must certify the accuracy of financial statements that are filed as periodic reports with the SEC. A corporate officer who certifies the information but knows that the report does not comply with the law is subject to a fine up to $1,000,000 or imprisonment for 10 years, or both. A corporate officer who willfully certifies information but knows that the report does not comply with the law is subject to a fine up to $5,000,000 or imprisonment for 20 years, or both. The law also prohibits the chief executive officer and chief financial officer from attempting to influence or mislead auditors.
Blackout periods. SOX mandates that no officer, director, or other insider may buy or sell company stock during pension fund blackout periods. It also requires 30 days' notification to employees in advance of blackout periods. This applies to 401(k) plans as well as other retirement plans. Please see the national Retirement Savings/401(k) section.
Restrictions on loans. Under SOX, public stock companies may not make loans to their executive officers and directors. The prohibition is designed to limit hidden compensation offered to executives but not disclosed to shareholders. It does not apply to home improvement and manufactured home loans, credit and charge cards issued by businesses to their employees, or margin loans for personal securities brokerage accounts held by employees of a brokerage firm. The prohibition on loans does not apply retroactively to loans made before July 30, 2002. Please see the national ERISA section.
Destruction of documents. SOX makes it a felony to knowingly alter, conceal, destroy, or create documents to impede, obstruct, or influence a federal investigation. The Act includes white-collar crime penalty enhancements, including hefty fines and imprisonment for up to 20 years for tampering with records. Accountants who audit companies that issue securities must keep all audit records and papers for 5 years from the end of the fiscal year in which the audit was conducted. Accountants who knowingly and willfully fail to maintain the documents for the specified time period are subject to fines and imprisonment for up to 10 years.
Public Company Accounting Oversight Board. SOX established the Public Company Accounting Oversight Board to supervise the audits of public companies governed by securities laws. Among other duties, the Board is responsible for:
• Registering public accounting firms that audit issuers of securities;
• Creating auditing, ethics, quality control, and similar standards concerning the preparation of audit reports;
• Promoting high standards of quality and professionalism;
• Inspecting registered public accounting firms; and
• Investigating improper actions and imposing sanctions upon registered public accounting firms.
Audit committees. The law requires public companies to have audit committees to establish procedures for receiving and investigating complaints regarding internal controls, accounting, and auditing, and to oversee the work of the company’s auditors.
Although SOX applies predominantly to publicly traded companies, some SOX sections dealing with pensions, 401(k) plans, and whistleblower protection also apply to companies that are contractors or subcontractors of public companies.
Whistleblowing. The whistleblowing provisions of SOX prohibit “any officer, employee, contractor, subcontractor, or agent of” a public company from discharging, discriminating, or otherwise retaliating against “an employee” because of that employee’s whistleblower activities.
The Department of Labor (DOL), which enforces federal whistleblower protections under SOX, has interpreted these provisions to also protect employees of private contractors and subcontractors when the contractors perform work for public companies. In a recent decision, the U.S. Supreme Court confirmed that "an employee" as protected by the SOX whistleblowing provisions also includes employees of the officers, employees, contractors, subcontractors, and agents of the public company (Lawson v. FMR LLC., 571 U. S. ____ (2014)).
Voluntary compliance. An organization also should consider the implications of SOX requirements if it is planning to go public or to be acquired by a public company. Many organizations choose to voluntarily comply with SOX's requirements in order to make the organization more marketable to future investors. Finally, many nonprofit organizations are choosing to follow SOX voluntarily in order to create an ethical and stable business environment.
Initially, it was believed that SOX's requirements created more work for accountants and attorneys. However, closer examination of the law shows that human resources professionals at publicly traded organizations (especially smaller companies with fewer resources) also shoulder much of the responsibility for SOX compliance. Specifically, human resources professionals are often called on to:
• Conduct or arrange for training to educate directors, officers, employees, and auditors about their legal obligations under SOX.
• Create procedures for addressing SOX complaints and preventing retaliation for such complaints.
• Establish record retention protocol for SOX-related documents.
• Create or review and revise the organization's code of conduct.
• Establish and/or review executive pay practices and stock options policies.
• Create internal controls for accurate financial reporting of HR-related costs (see below for details).
In 2004, the United States Sentencing Commission's Federal Sentencing Guidelines were amended to specify seven requirements for ethics policies that apply to corporations, partnerships, associations, unions, trusts, pension funds, unincorporated organizations, governments, and nonprofit organizations. The Sentencing Guidelines require that organizations establish an “effective program” to prevent and detect violations of law. A company facing criminal penalties would likely face smaller penalties if it has met the seven requirements. The seven requirements are as follows:
1. Establishing standards and procedures to prevent and detect criminal conduct.
2. Assigning a specific high-level person to oversee the compliance program. The person must be knowledgeable about the content and operation of the compliance and ethics program and exercise reasonable oversight of the compliance and ethics program.
3. Taking due care in the delegation of substantial discretionary authority to individuals (i.e., being careful to select an objective, high-level person to investigate any violations). Give adequate resources to compliance and ethics officers to carry out their jobs.
4. Communicating standards and procedures to all employees through training and through printed and electronic materials.
5. Monitoring and auditing the operation of the compliance program and establishing a help line to report possible wrongdoings.
6. Consistently enforcing discipline for violations by employees.
7. Responding promptly to any wrongdoing and remedying any deficiencies.
Meeting the requirements. The requirements do not provide specific details for the implementation of an effective program, thus allowing organizations to have flexibility and independence in creating programs appropriate to their business or situation. To determine what specific steps should be taken to satisfy the requirements of the Sentencing Guidelines, an organization should consider:
• Applicable practice within the industry or standards required by any applicable governmental regulation. A company or organization that fails to adhere to proper industry practice or governmental regulations may not have implemented an effective compliance and ethics program.
• The size of the organization. The formality and scope of the steps taken to comply with the requirements depend on the organization's size. Large organizations often need to use more formal procedures and more resources than smaller companies to meet the requirements. They also should encourage smaller companies with which they do business to have effective programs in place. While small organizations must meet the same requirements as large organizations, small companies may achieve this by using less formal procedures and fewer resources. For example, small companies may use informal meetings to train employees on ethics policies, assign available staff (rather than hire new personnel) to oversee the compliance and ethics program, or model their program on the proven ethics programs and best practices of similar companies.
• Recurrence of similar misconduct. If similar acts of misconduct continue to occur, an organization's compliance with the requirements is called into question.
Training required. Under the Sentencing Guidelines, compliance and ethics training is a requirement in all levels of an organization. Such training should be ongoing, requiring periodic updates.
Criminal penalties. For federal laws that include criminal penalties (i.e., the Fair Labor Standards Act, OSH Act, pattern of violations under the Immigration Reform and Control Act, or resisting Equal Employment Opportunity Commission investigations in age discrimination and Title VII investigations), the Guidelines would be used to assess individual criminal liability.
Both SOX and the amended Federal Sentencing Guidelines require ethics training to prevent and mitigate employer liability for unethical or criminal conduct. The amended Guidelines state that training must occur periodically, so onetime training is not enough. Instead, employers may choose to use a multiyear program that features core training topics and a rotating menu of supplemental topics. These training programs should be reviewed regularly for effectiveness, relevance, and the impact of new laws.
The Guidelines distinguish between what training is required of large versus small organizations, because the resources available to create compliance and ethics programs will vary by the size of the company. As discussed earlier, small organizations are required to train their employees with less formality and fewer resources than large companies. For instance, in small companies, employees may be trained in informal staff meetings. Monitoring can be accomplished during regular walk-throughs or by continual observation during the general management of the company. In addition, personnel on staff may conduct the training, rather than hiring trainers outside the company.
Getting started. To establish an ethics training program, first set standards for ethical behavior in the organization and determine what training is needed to reach the standards. Companies should outline the training steps and goals and provide a written copy of the company's code of ethics. To be effective, training must be mandatory for all employees. In addition, the training program should include an open discussion of relevant employment laws, a framework for resolving ethical dilemmas in the workplace, the organization's system for reporting ethical violations, "you-make-the-call" role-playing exercises, and a list of resources for help with ethical decision-making.
Understanding the law. In order to ensure that employees act ethically and comply with applicable laws, employers must first make sure that the employees know which laws apply to their workplace behavior. For example, managers must know what questions they may and may not ask during applicant interviews, managers must understand leave and disability laws so as not to discriminate, and employees must understand limits on vendor gifts. See topics for training, below, for more details.
Framework for resolving dilemmas. In order to give employees a concrete vision of what constitutes an ethical dilemma and how to decide what to do when they encounter an ethical dilemma, consider providing a basic framework for decision making. For instance, train employees to ask the following questions if they are in doubt when faced with an ethical dilemma at work:
• Is the action legal?
• Does it comply with our values?
• If you do it, will you feel bad?
• How will it look in the newspaper, or if family and friends know about it?
• If you know it’s wrong, don’t do it!
• If you’re not sure, ask.
• Keep asking until you get an answer.
Reporting ethics violations. Key provisions of SOX and the Federal Sentencing Guidelines prohibit retaliation or discrimination against whistleblowers. In order to prevent illegal discrimination or retaliation, employers must establish systems for reporting ethics violations and teach employees how to report such violations or ask about questionable activity. The most effective means are confidential and occur outside the "chain of command" within an organization; for example, a toll-free telephone number with voice mail, an e-mail address, and a physical drop box.
Topics for training. Specific issues that should be covered in ethics training include, but are not limited to, holding a second job; authority of employees to grant discounts to customers; gifts (there may be a limitation on receiving all gifts or gifts over a certain value); whether employees may have personal financial dealings with or invest in companies that supply materials to or buy materials from your company; office romances; confidential information; how to use company funds; privacy policies; whether employees' families may take advantage of employee discounts; whether employees may use fictitious names while conducting business; harassment of all types; employees performing acts of hospitality toward public officials; bribery; prohibitions on all illegal activity; kickbacks; performing 'outside' work that competes with the company; insider information; borrowing or lending money; recruiting employees to work for another organization not related to the company; conflicts of interest; campaign contributions; investigations of ethics violations; and disciplinary action for ethics violations.
Under the revised Federal Acquisition Regulation (FAR), contractors and subcontractors who enter into a contract with the federal government for a period of 120 days or more and that is expected to exceed $5 million must have a written code of business ethics and conduct, promote compliance with the code, establish an awareness program, establish an internal control system, and must post the Office of the Inspector General (OIG) Fraud Hotline poster. Please see the national Government Contractors section.
For additional information on SOX, as well as contact information for SEC's national and 11 regional offices, employers may visit http://www.sec.gov.
For additional information on the Federal Sentencing Guidelines, employers may visit http://www.ussc.gov.
Last reviewed on October 31, 2016.
CT-WEB06
Copyright © 2017 Business & Legal Resources. All rights reserved. 800-727-5257
This document was published on http://Compensation.BLR.com
Document URL: http://compensation.blr.com/analysis/HR-Administration/Workplace-Ethics/