Warren Buffet once said that smart people do not learn from their mistakes; they learn from other people’s mistakes. This is true!
Last week we were lecturing to a group of clients in Warsaw and we introduced the topic of whistleblowing. One of the question from the audience was: ‘surely a company’s executives want to know about any irregularity in the company and any misconduct; why whistleblowing happens in practice so rarely?’
Someone mentioned the VW case, so we took it as an example. We discussed why no one had challenged the cheating devices in such a large, multinational corporation. There was no doubt that Volkswagen had extensive policies and procedures in place for anti-corruption, bribery, antitrust and whistleblowing. Yet the deception still occurred, only being discovered by accident, during the routine control by an external researchers. It was the researchers who passed on their discovery to the regulators. Something failed at Volkswagen, so what are the lessons learned?
It could be really an interesting case study. VW had confidence in its technological prowess. They were headed up by a group of extraordinary executives, who had been driving the organisation to become the largest company in the market. With a workforce of almost 600,000 employees, the company had exhibited the kind of pride that often comes before a fall. Hubris had given wings to what can only be described as a regulatory heist.
In closing the lecture, we suggested that the current narrative of ‘if you see something, say something’ is hopeful at best. We all want to believe we will and can speak out when observing misconduct. We want to believe our message will be received and acted upon. We want to believe in a fair and just world. Whilst whistleblowing presents the best and sometimes only solution to many cases of organisational wrongdoing, we need to better understand the conditions that encourage and discourage it in order for it to be a robust avenue to mitigate corruption.
So, what are the lessons learned?
Currently, due to the global business and international transactions development, each company (even the leaders and the–larger-than-life-ones) should follow various multiplied compliance regulations. The global nature of the companies’ operations implicates that their activities are subject to a wide regulatory issues, inter alia, code of professional conduct, data protection, antitrust and unfair competition regulations.
The wide statutory regulations make compliance, understood as an integrity and complexity, a particularly important topic. Compliance is no longer just an abstract idea. Such traditional approach in understanding compliance is losing effectiveness and needs to be verified.
To understand the compliance concept correctly, we need to focus on two key words:
- compliance risk
- compliance activities.
The compliance risk means legal and economic risk leading to damage to company’s reputation, legal or regulatory sanctions (financial loss). It is also often defined as integrity or reputation risk which may cause company damage or negative legal consequences. In this respect, the main role of the compliance is to minimize that risk and introduce specific tools and solutions to protect the company from the regulatory bodies’ allegations.
The compliance activities are all steps which are taken by the company to avoid the compliance risk and keep integrity, such as:
- adoption of a well-thought-out strategy to be globally followed,
- development of compliance rules and guidelines,
- identification and assessment of the compliance risk,
- conducting an antitrust audit,
- implementation of the global compliance policy,
- appointment of a global and local compliance officers,
- implementation of a complex personal data processing policy.
The scope of the compliance activities includes also educating and training the company’s employees in order to keep and observe the company’s rules of conduct and adhere to the implemented standards.
The above-mentioned set of compliance solutions, after proper implementation, should be scrupulously followed and updated. Once adopted, the company should ensure it effectiveness and integrity with the adopted global standards which refers to the lawful and proper conduct of the company’s business.
What principles should be adopted and followed in the company’s compliance?
- commitment to the integrity in business dealing,
- commitment to the adopted well-thought-out strategy and standards,
- commitment to clarity and transparency,
- commitment to the fair and respectful competition,
- commitment to the respect of the individuals’ rights and interests, and
- commitment to compliance with the statutory regulations.
What are the negative legal consequences of lack or breach of the company’s compliance standards?
- financial loss,
- criminal charges and penalties,
- civil claims and damages,
- administrative fines,
- harm on the company’s image and prestige,
- harm on the company’s internal and external contacts,
- exclusion from contracts.
Back to list
September 23, 2021
The data protection landscape is changing constantly. The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018....Read more
September 22, 2021
We describe below how to establish a private limited company in Poland (sp z o.o). Private limited companies are one of the types of companies...Read more
September 21, 2021
The Polish Parliament (Sejm) will soon adopt significant changes to the Commercial Companies Code (the Act). Among other things, the Act would...Read more