ecs-eng-hdoc1

Documents Download Area

Menu

Ethics Compliance Management Systems
ECS2000 Ethics Compliance Standard 2000

June 30th 1999

Business Ethics Research Project
Reitaku Centre for Economic Studies

Return to Reitaku Homepage
ECS2000 Main page
Document Download
Contacts & members

Table of Contents

Introduction

Scope

Normative references

Definitions

Ethics compliance management system requirements

General requirements

Ethics compliance policy and manual making

Ethics compliance policy making

Disclosure of ethical-legal compliance policy and manual making

Planning

Implementation plan

Legislation and other related regulations and rules

Internal regulations

Implementation and operation

Structure and responsibility

Training and education

Communication

Ethics compliance management system documents

Document control

Operational control

Emergency preparedness and response

Auditing (checking) and corrective action

Monitoring and evaluation

Correction and preventative action

Records

Ethics compliance management system auditing

Management review

Drastic system reform following emergency situations

0. Introduction

0.1 The world economy has entered an age of globalisation. With this, the actions of organisations will require greater integrity and transparency than in the past. This requires that organisations establish internal structures to ensure the propriety of these actions. It is through these actions, and by establishing the structures for their realisation, that organisations gain the trust and recognition of the market, and are able to contribute to the further, sound growth of the global market.

0.2 Mr. Kofi Annan, secretary general of the United Nations, speaking to leaders of global corporations at the 1999 World Economic Forum in Davos, Switzerland, called for corporations to implement ethical systems covering a comprehensive range of issues including human rights, labour and the environment. This statement comes as yet another indication of the growing demand throughout international society for the establishment by corporations of systems of ethics, through-going legal compliance, and social accountability.

0.3 In addition to developments in the market and international society, individuals working in corporations and other organisations are seeking jobs of which they can be proud. Most people do not want to work while being involved in wrongful activities. They will question and seek the reform of any illegal dealings and business practices in their own workplaces that violate their sense of good conscience. In principle the workplace should be a place of "self-realisation" and not one where individuals must suffer from the emotional conflict of acting against their own consciences.

0.4 Predicated upon the above, this international standard represents a structured management system designed from the perspective of ethics with the aim of improving the work environment of the individuals who constitute organisations, complying with the demands of international society, and ensuring that corporations and other organisations are able to attain the trust and recognition of the market.

0.5 This international standard makes it possible for an organisation to undertake proactive discovery and independent resolution of wrongful business conduct, unethical trading practices, and illegal activities. This standard allows organisations to achieve this by means of voluntary initiative not by a dependence upon external whistle blowing or legal prosecution. In this way the standard enables an organisation to construct effective management systems which prevent the occurrence of unethical conduct. The standard also makes it possible for an organisation to create an organisational climate wherein individuals feel free to express their opinions and ideas so as to realise ethical norms and ideals. In actual practice the application of this standard facilitates the creation within the organisation of a "procedure for compliance" (by negative feedback) and a "procedure for enhancement," (by positive feedback).

0.6 The basic framework of this international standard is illustrated in Exhibit One. In the first stage the policy of ethics to be pursued by each organisation is clarified and the code of ethics (or legal compliance manual), planning and internal regulations required to realise this policy are developed. Following this, in the second stage, an individual or administration to bear the prime responsibility in ethical-legal compliance is identified, and training and communication initiatives are carried out under their direction. Third, the organisation undertakes independent audits to ensure that the organisation's members correctly understand the ethics policy and code of ethics, and that the office of ethical-legal compliance and the reporting/consulting system are functioning in an appropriate manner. Fourthly, based upon the results of this audit, potential areas of reform are identified and implemented. This would include, for example, revisions of the code of ethics, improvement of education programmes and responses to suggestions received through the reporting/consulting system.

Exhibit One: Ethical-legal compliance management system framework

The efficacy of such an ethical-legal compliance management system is dependent upon all departments and levels within the organisation complying with and implementing the organisation's ethics policy and code of ethics, and in the initiative taken by all members to jointly resolve the organisation's problems. A factor of particular importance is the commitment of executive management.

0.7 This international standard outlines a general framework for an ideal management system, however, its aim is to promote the performance of ethical-legal compliance - this being the creation of an organisation with effective compliance and enhancement procedures. It is therefore important to avoid constructing a complex system, which ignores the actual level of integrity. The individual or administration in charge should focus their attention upon level of integrity achieved and regard the ethical-legal compliance management system itself as being a means by which to pursue this over-riding goal.

0.8 The basic stance of this international standard is to realise the values of human rights and freedoms, and zenpozen within the market economy. Human rights and freedoms are the basic principles of democracy, without which a capitalist economy is impossible. However the pursuit of human rights and freedoms alone is not sufficient to create a fair society. Human rights and freedoms are a way of thinking derived from the awareness that the individual is alive. It is important, however, that these rights be seen from the standpoint of the individual as enjoying a standard of living which would be unattainable independently. The way of thinking derived from an awareness of being interdependent is referred to here using the term zenpozen. Zenpozen is the principle whereby organisations respect the interests of themselves and of other parties in their decision making and actions, and whereby organisations strive to promote the welfare of third parties. At the same time, zenpozen requires the organisation to take positive measures to limit the unnecessarily detrimental effects of its actions in the market and society.

0.9 This international standard requires that organisations, taking these two values as fundamental principles, abide by their own ethical standards and comply with all relevant laws, regulations and other rules which may be applicable. The legal compliance component of the ethics policy should be based upon laws and regulations which are of particular importance to the organisation in light of its respective scale, industry, and condition.

0.10 This international standard is not meant to compel organisations to make social contributions or sacrifices. Organisations which formulate their own ethical ideals or standards should also strive to develop organisational climates which promote the free discussion of methods for their implementation. These initiatives are referred to here as enhancement procedures, and they are intended to support the compliance procedures.

0.11 It is not obligatory that the ethical legal compliance management system set out in this international standard be established separately from existing management systems. Where the use of existing management systems is deemed appropriate by the organisation, the organisation may use these systems as they are or modify them in order to suit this international standard.

1. Scope

This international standard sets out the requirements for establishing an ethical-legal compliance management system aimed at ensuring compliance with applicable laws and appropriate industrial rules, as well as with the pursuit of the ethical standards and ideals held to be important by the organisation.

The requirements of this international standard should be adopted by the following organisations.

Organisations which are attempting to undertake their business in a fair and just manner, and are aiming to administer, maintain and improve their own policy of ethics, action plan, internal regulations and other procedures.

Organisations whose policy of ethics, code of ethics and other ethical-legal compliance management systems are in accordance with the requirements of this international standard and which are willing to publicly declare this fact.

Organisations which, in consideration of the scope of their social influence, are willing to increase their transparency and social accountability.

All the requirements detailed in this international standard are applicable to corporations and any other form of organisation regardless of location, scale or activities.

2. Normative references

No normative references are set at this time.

3. Definitions

3.1 Ethics are defined here as including all activities carried out within an organisation in order to ensure the fair and responsible behaviour of that organisation. As defined here, this meaning extends beyond laws and regulations, and represents instead an encompassing, superordinate concept.

3.2 Ethical standards (ethical norms, ethical principles, etc.) are defined here as the system of values which an organisation pursues under its own volition, and not to the unilateral and external demands of laws and regulations. For example, an expression of values such as "to behave with responsibility in society as a public institution" will be taken as an ethical standard.

3.3 Legal compliance is defined here as all the internal activities of an organisation made in order to comply with the laws and regulations applicable to their business and to the goods and services in which they deal.

3.4 Ethical-legal compliance is defined here as the compliance with applicable laws and regulations and all internal activities made in order to implement the ethical standards which an organisation has established upon its own volition.

3.5 Policy of ethics (ethical-legal compliance policy, etc.) is defined here as the ethical objectives established by an organisation in consideration of its work content, scale, and the nature of the materials, goods and services which it handles. Included in this are the organisation's own ethical standards, and the laws and regulations which must be observed according to the nature of the organisation's activities.

3.6 Code of ethics (code of conduct, conduct guideline, etc.) is defined here as the standards of behaviour set by an organisation in order to apply the organisation's policy of ethics in practice. The contents of this code must be readily understandable by those concerned, and of a realistically applicable nature.

3.7 Legal compliance manual (ethics compliance manual, etc.) is defined here as a more concrete handbook based upon the contents of the code of ethics and guidelines as applied to specific workplaces and occupations. This manual may be produced if necessary.

3.8 Planning is defined here as an annual plan for the application of the policy of ethics. For example, this would constitute an overall plan covering such issues as the timing and participants of educational programmes, workplaces to receive specific intensive training, staged reform of the reporting/consulting system, and communications aimed at raising the awareness of ethics.

3.9 Internal regulations are defined here as internal operating rules introduced by the organisation in order to ensure the appropriate functioning of the ethical-legal compliance management system. This would include a specification of the authority and responsibility of an office for ethical-legal compliance (ethics office, compliance office, etc.).

3.10 Stakeholders are defined here as individuals or groups who are either directly or indirectly influenced by the actions of the organisation. Among others, these would include: consumers, employees, stockholders, trading partners, related organisations, community members, and government agencies.

3.11 Unless otherwise specified, organisations are defined here as corporations, educational institutions, medical institutions, public bodies, religious organisations, government agencies, political groups and other parties.

3.12 Review by management is defined here essentially as reviews that are initiated and carried out under the leadership of the organisation's chief executive officer. However, in cases of emergency when the chief executive officer is unable to carry out this function, this review by management may be initiated and carried out by an individual or an internal body specifically appointed to the task.

3.13 Cases of emergency are defined here as a situation where management or executive officers are involved in activities of an illegal or irresponsible nature. Because a general ethical-legal compliance management system will not function adequately in such a situation, the organisation must establish and maintain a procedure for managing such cases of emergency as may occur.

4. Ethics compliance management system requirements

4.1 General requirements

The organisation must establish, apply, maintain and consistently improve an ethical-legal compliance management system. The requirements for this are set out in the whole of Section Four.

4.2 Ethics compliance policy and manual making

4.2.1 Ethics compliance policy making

Executive management must define, implement and maintain an organisation's basic ethical-legal compliance policy which includes the following features.

A set of ethical standards which the organisation will implement according to its own tradition and management beliefs.

A body of rules and regulations of specific relevance and importance to the organisation considering its work content, scale, and the materials and services in which it deals.

A written statement to the effect that the organisation will actively engage in the establishment of a structure of accountability, prevention of unethical or illegal acts, and the strengthening of its integrity.

4.2.2 Disclosure of ethical-legal compliance policy and manual making

The organisation must document its policy of ethics, inform its members of this policy, and disclose this document making it available to direct and indirect stakeholders as well as to the general public. As part of making this policy public, documented versions of the policy of ethics and code of ethics - or at least one of them - must be made available.

Furthermore, where the need arises, an ethical-legal compliance manual based upon the content of the code of ethics, in a form appropriate to specific workplaces, should be produced, administered, and maintained.

4.3 Planning

4.3.1 Implementation plan

The organisation must develop a process by which to spread the policy of ethics throughout the organisation. This procedure should include the following.

A plan for ethical-legal compliance education and training. This should include such tasks as the development of educational materials for use in training.

A plan for improving the reporting/consulting procedures.

A plan for an internal auditing system for ethical-legal compliance. This should include follow-up audits of responses to problems which have been identified and redressed in the past.

Other points including adjustments to changes in the social environment and legal framework, and suggestions for reforms from executive management and related departments.

4.3.2 Legislation and other related regulations and rules

The organisation should establish and maintain a procedure to identify and have access to all the relevant laws, regulations and other rules, that are applicable to its activities, products, or service. This procedure should be maintained along with, but separate from the written code of ethics or compliance manuals.

4.3.3 Internal regulations

The organisation must develop and maintain a system of internal regulations in order to ensure ethical-legal compliance. These internal regulations must include the following.

Regulations concerning an office to manage problems relating to ethical-legal compliance. Education and training, reporting/consulting, audits, regular correction and document control functions can be centralised on a single office or divided among several separate offices. These offices must be designed to suit the needs of the respective organisation and to function in a realistic and effective manner.

Regulations outlining and stipulating the relationship between the office responsible for ethical-legal compliance and the organisation's highest decision making body or individual.

Regulations concerning the organisation's use of third party and independent specialists. This regulation should be designed to suit the situation in each organisation and to function in a realistic and effective manner.

Regulations concerning the authority and responsibility for each office and level of the organisation for ethical-legal compliance.

Regulations concerning education and training for ethical-legal compliance. This should include regulations concerning the subjects and frequency of, and office responsible for, education.

Regulations concerning ethical-legal compliance and reporting/consulting procedures. This should include regulations to protect confidentiality and privacy concerning the office responsible for ethical-legal compliance and reporting/consulting systems.

Regulations covering internal audits of ethical-legal compliance. This should include regulations regarding the procedure for administering audits and the independence of the office responsible for conducting the audits.

Regulations covering penalties for violations of ethical-legal compliance.

Regulations concerning the procedure to be followed in the event of uncovering illegal or unethical activity within the organisation.

Regulations covering procedures to be followed in regular corrective procedures.
In order to ensure that the ethical-legal compliance management system actually functions in a real and effective manner, the organisation must review its internal regulations, aligning them with changes in organisational activities, the demands of society and legal or regulatory reforms.

4.4 Implementation and operation

4.4.1 Structure and responsibility

The organisation, in order to establish an effective ethical-legal compliance management system, must set up an internal office (or a number of offices) to deal exclusively with matters relating to ethical-legal compliance. The organisation must define the role, responsibility and authority of the office, which must then be documented and communicated to all members of the organisation. The general manager of this office must be an executive officer or a person of equivalent or higher rank within the organisation.
The office must fulfil the following functions.

Management and amendment of the policy of ethics

Administration, and where necessary, revision of the implementation plan.

Administration of laws and other applicable regulations.

Administration, and where necessary, amendment of internal regulations.

Administration of ethics education and training, reporting/consulting duties, and coordination with related offices and departments such as the legal department, finance and accounts, auditors office, personnel management, general affairs, and planning office.

Document control in order to clarify lines of responsibility within departments.

Communication among those responsible for ethical-legal compliance within each respective department and level of the organisation.

Public relations and external communication regarding the organisation's ethical-legal compliance.The office will also, where necessary, propose amendments and reforms of these functions to the executive officers of the organisation. Such suggestions must be documented and stored.

The organisation must provide the office with the resources necessary for the management of ethical-legal compliance. Upon consultation with the manager of the office, several capable managers must be appointed and delegated the authority and responsibility of managing the ethical-legal compliance system. These managers will constitute the core of the organisation's official ethics compliance initiative.

4.4.2 Training and education

In accordance with internal regulations, the organisation must undertake the systematic administration of ethical-legal compliance education and training.

The organisation must provide education designed for departments with considerable social impact, departments which - by the nature of their function - are at greater risk of unethical practices and behaviour than other departments, and for members of the organisation who are currently engaged in duties which have been related to problems in the past.

The organisation must establish and maintain education and training procedures with which to educate and increase awareness of the following among its members.

The meaning and necessity of following the requirements of the ethical-legal compliance management system, policy of ethics and code of ethics.

The detrimental influence brought to bear upon the organisation as a result of unethical and irresponsible behaviour, as well as the nature and extent of social trust which can accrue as a result of ethical and responsible behaviour.

The function and responsibility of each individual member of the organisation in following the requirements of the ethical-legal compliance management system, policy of ethics and code of ethics.

The penalties and sanctions which apply to members of the organisation whose actions represent a violation of the code of ethics and the ethical-legal compliance manual.

4.4.3 Communication

In addition to communication for the purpose of education and training, the organisation must establish a system to facilitate internal and external reporting and consultations regarding ethical-legal compliance. This system must fulfil and maintain the following functions.

The establishment of a reporting/consulting system in order to promote communication regarding ethical-legal compliance.

Regular surveys of the opinions of the organisations members in order to augment the function of the reporting/consulting system.

The documentation of the results of the survey and reporting/consulting system.

The documentation of, and response to enquiries or requests for information from external stakeholders.

To respond to internal enquiries or requests for information in order of their priority and to document each such request and action.

Where necessary, to inform the individuals or departments (including external organisations) of the nature of all actions taken in response to their enquiries or requests.

To protect the privacy of individuals or departments (including external organisations) submitting reports or enquiries, unless the other party expressly forgoes this right.

4.4.4 Ethics compliance management system documents

The organisation must produce and maintain a written record (either physical or electronic) of the main documents constituting the ethical-legal compliance management system and all documents relating to it. This record should indicate the location of all relevant documents. The term "main documents" refers to the policy of ethics, code of ethics, compliance manuals and internal regulations.

4.4.5 Document control

The organisation must establish and maintain a document management method covering the main and related documents which fulfils the following functions.

Ensure that the location of each respective document is known.

Ensure that the latest versions of all documents essential for the administration of the ethical-legal compliance management system are available in all departments where they are needed.

Ensure that documents which are outdated or have been annulled for any other reason are removed from all departments where they have been produced or are being used. Or to otherwise ensure that outdated documents which are not to be removed or destroyed are not used.

Ensure that all outdated documents which are stored because of legal obligations or for the purpose of information collection are suitably categorised and filed.

Ensure that documents are designed for clarity, that all dates are clearly marked, and that all documents are preserved for the period required.

4.4.6 Operational control

In the event that the organisation receives a report or consultation indicating that an action in violation of the code of ethics, or the ethical-legal compliance manual has occurred, it must make every effort to expeditiously consult the related departments, investigate the alleged violation, and propose an action appropriate to redress the problem.

The problematic action here can be classified into two groups: one which can be handled within the organisation, and one which should be reported to a relevant regulatory agency. Procedures to determine which category the problematic action belongs to must be established and maintained. The processes involved here in investigation and redress must be thoroughly documented and these documents subsequently preserved.

Where claims are made suggesting that the individuals or departments initiating a report have become the subject of retaliation, the situation must be investigated and action to redress this problem must be taken where these claims are proven to be valid.

4.4.7 Emergency preparedness and response

The organisation must develop and maintain a procedure for use in the event that an emergency situation arises in which an unethical act involving the executive officers (the organisations highest levels) of the organisation occurs. In the event that the organisation receives information indicating that an emergency situation has arisen, this information must be officially reported to the organisation's executive officers and recorded as such.

4.5 Auditing (checking) and corrective action

4.5.1 Monitoring and evaluation

The organisation must establish and maintain a standing procedure for the monitoring and evaluation of matters pertaining to jobs with a potentially high social impact, and matters derived from consultations and reports from members of the organisation, as well the level and extent of compliance within the organisation to relevant laws and rules.

4.5.2 Correction and preventative action

Where the organisation's actions do not comply with the policy of ethics, code of ethics or the ethical-legal compliance manual, and where the administration is found to be in conflict with the plans and internal regulations, the organisation must initiate an investigation of the conditions leading up to this situation. The organisation must then reform the ethical-legal compliance management system in order to prevent the further occurrence of such problems.

Reforms and preventive measures, taken with the intention of resolving such actual and potential mismatches within the system, must reflect the scope of the gravity of the problems involved.

4.5.3 Records

The organisation must develop and maintain a procedure for the production, classification, storage and disposal of records concerning events and achievements which occur in the process of ethical-legal compliance activities including education, reporting/consulting, redress of and response to problems, audit results, opinion surveys, corrections and reforms. Where issues of individual privacy and confidentiality are involved, appropriate recording procedures must be developed and maintained.

4.5.4 Ethics compliance management system auditing

The organisation must develop and maintain a procedure for auditing the ethical-legal compliance management system. These internal audits must be carried out with the intention of ensuring that the ethical-legal compliance management system meets with requirements of this international standard, and that it is appropriately set-up and maintained. Audit reports must be submitted to both the executive officers of the organisation and to the office of ethical-legal compliance.

In order to ensure that the audit is comprehensive in nature, the audit procedure must clearly outline the scope, frequency and method of audits. The audit procedure must also specify the authority and responsibility involved in conducting the audit and reporting the audit results. The requirements for internal auditing do not preclude the outsourcing of the audit function to external and third parties.

4.6 Management review

In order to ensure that the ethical-legal compliance management system is appropriate and effective, the organisation's executive officers must review this system at regular, pre-determined intervals. The organisation must collect and manage the information needed by executive officers in their evaluations and reviews of the management system. These managerial reviews must be made upon the basis of data collected in a systematic manner.

From the viewpoint of the continuous improvement of the system, taking into consideration the results of the ethics compliance management systems audit and changes in conditions, the executive officers should, if necessary, modify the policy of ethics, code of ethics, internal regulations, education programmes, and reporting/consulting system.

4.7 Drastic system reform following emergency situations

In the event of an emergency situation wherein executive officers of the organisation are involved in unethical behaviour, or where the organisation has acted in violation of the law, the organisation must co-operate in official investigations from the earliest stage possible. Upon conclusion of the emergency the organisation must submit to consultation by an external body and initiate a through-going reform of the organisation.

Public Domain 1999 - Design by Arafuka Daisuke