To succeed in the market today, a company must pay attention to several variables, including investments, control of revenues and expenses, customers, competitors, suppliers, innovative production processes and compliance with applicable legislation.
Another element that has been gaining importance for organisations that wish to have business continuity is ethical and transparent behaviour in commercial relationships.
The development of this behaviour occurs by incorporating an ethical culture in the company’s employees, from senior management to professionals working in the production and services areas. One way to implement such a culture in an organisation is through the structuring of a compliance (or integrity) programme. This parallels the management systems already known by organisations in quality, environment and occupational health and safety, considering that the resulting actions resulting are aimed at the prevention, detection and correction of potentially harmful acts.
The most well-known standards that regulate ethical business conduct necessitate implementing an effective compliance programme to satisfy particular requirements. The most important international standards include the following:
In Latin America, specifically, there are also some important standards.
The implementation of a compliance programme is not only a fulfilment of a legal requirement but is also seen as a considerable competitive advantage for a company that carries out operations with international customers.
When structuring a compliance programme, an organisation must demonstrate that it is prepared to comply with international anti-corruption standards, including those applicable to its customers and partners. This can make the organisation attractive as compared with competitors who do not have this type of structure, since customers or partners often want to do business with companies that generate less compliance and reputational risk.
Another benefit brought by a compliance programme is the minimisation of failures and nonconformities linked to acts of corruption. As previously stated, a compliance programme is similar to a quality management system, having as its main objective its continuous improvement, the development of employees through training, process integration, risk mitigation and alignment of the understanding of all professionals with regard to ethical culture within the company.
Under the bias of legal compliance with anti-corruption rules, companies that have a structure based on a compliance programme are less susceptible to the application of penalties and fines. This point deserves particular attention, given that fines can be relatively high and may directly affect a company’s strategy or business continuity.
In addition to minimising the incidence of penalties on its activities, a company that is in compliance also exercises its social role in the country where it operates, since it generates jobs, pays taxes, and preserves the environment and the safety and health of its employees. When this compliance extends to the supply chain, the positive effects are even greater, given that the company requires that its service providers have the same lawful posture as its own.
Last, the absence of a structure aimed at preventing and combating corruption within the company makes it more vulnerable to involvement in illegal acts, bringing immeasurable consequences, such as loss of credibility in the market before partners, customers, suppliers and supervisory bodies, among others.
The creation of a compliance programme, by itself, does not guarantee the existence of an ethical culture in a company. It is necessary that the actions foreseen in the programme are carried out continuously and effectively, and are experienced by all employees in their daily working life.
To develop a continuous and effective compliance programme it is necessary to constitute a specific, independent and autonomous area within the organisation that is responsible for the management of the following pillars:
Bruno Carneiro Maeda puts this in the following terms:
To be effective in fulfilling its purpose, a company’s compliance area must be able to: 1. inhibit and reduce the probability of committing any breach of laws, internal ethical and regulatory standards of the corporation; 2. detect any undue activity or exposure to unacceptable levels of risk; and 3. react appropriately to verified deviations, allowing the application of administrative and, if applicable, judicial punishments, always quickly and fairly.
Although there are some differences between the guidelines issued by the United States, the United Kingdom, Brazil, Argentina, Chile, Peru and Colombia, all principles permeate the concepts of prevention, detection and correction, which are found in management system methodologies. For these guidelines, an effective programme must establish standards and procedures to prevent and detect criminal conduct, demonstrate the commitment of the company’s senior management and not include in the body of senior management any people who have been involved in illegal activities or have acted contrary to a compliance programme. They also provide that the company must conduct effective training and communication, monitor the effectiveness of the programme through defined auditing procedures, establish defined and effective disciplinary mechanisms, and define processes for internal investigations and correction of nonconformities.
Regarding the differences, some of these guidelines establish that to develop an effective compliance programme, the company must perform due diligences in the corporate sectors and in partner companies or acquired companies, as well as implement internal channels for denouncing irregularities, which are open to third parties and properly disseminated. Some of them also provide that a policy for the protection of whistle-blowers against reprisals must also be implemented.
Notwithstanding that the above is only established in some of these guidelines, in all countries, even in those that have no legal provisions for it, these are seen as good practices and may be implemented by companies.
On the other hand, a survey conducted in 2018 by the non-governmental organisation Transparency International reveals that the continued failure of most countries to significantly control corruption is contributing to a crisis of democracy around the world. That is to say, even though some companies have created an awareness of compliance, the data show that most organisations have not yet heeded the risk of not having a culture of compliance.
To improve this situation, some organisations have been adopting the nomenclature change from compliance programme to integrity programme. This is not just a change of words, as the concept brought by the term ‘integrity’ encompasses both the fulfilment of an organisation’s legal and internal requirements, and the internalisation of a culture of ethics and transparency. To illustrate this understanding, we quote Alexandre Di Miceli da Silveira:
When mismanaged, a company’s culture can become so pernicious that people often take no meaning in internal regulations and laws. The recent scandals in Brazil, evidenced by Operation Lava Jato, for example, were not caused by the absence of governance documents, but by toxic cultures that led ordinary people to omission or illegal behaviour.
In this matter, being compliant is limited to meeting the regulations applicable to the company. Integrity, on the other hand, is to act correctly even if the conduct is not provided for in any regulations. This becomes a competitive differential, since by having integrity as one of its values, an organisation is more solid and secure before its stakeholders.
In conclusion, the effectiveness of a compliance programme, and consequently the effectiveness of an ethical culture, depends on a structure based on well-defined processes, clear responsibilities, comprehensive controls and monitoring, continuous improvement actions, communication and periodic training, and incorporation of the ethics and transparency in the organisation’s values. In addition, the existence of indicators for the compliance programme is extremely important for verifying its evolution and effectiveness, and the adequate measuring of resources (human, financial, material and others).
As mentioned at the beginning of the chapter, integrity programmes are similar to the management systems already used by companies, since their structure is based on the Plan, Do, Check and Action cycle. In this way, and to guarantee the effectiveness of a programme, it is not sufficient just to plan and to take action. It is also essential to measure whether the actions contemplated in the planning are having the desired effect or whether they need to be adapted to achieve the proposed objective.
The most robust tool to assess whether a given action is efficient is through performance indicators, composed of three variables: objective, metric and goal.
The objective of a key performance indicator is what the manager seeks to accomplish in the company (‘why’ measure). The metric would be the methodology used to evaluate the indicator (‘how to’ measure). Finally, the goal is the minimum index to be achieved using the metric, demonstrating whether the indicator has achieved its objective.
In terms of integrity, the main performance indicators could be divided into three pillars:
Finally, and no less important, as a performance indicator signals a positive result, that is, with goals reached or surpassed recurrently, it can be transformed into process control, allowing for the creation of new performance indicators. This is the continuous improvement put into practice.
At first, companies see the implementation of an integrity programme as a need to comply with the rules that regulate anti-corruption actions. However, a structured integrity programme, combined with the management of performance indicators, will result in a company with greater security for its employees, shareholders and stakeholders.
In addition, the methodology used in most integrity programmes brings benefits not only to the compliance area but to the company as a whole. Considering that an organisation will have well-defined processes, more assertive risk management, an ethical and transparent culture rooted in employees and a reduction in expenses for the payment of fines and infractions, this becomes a competitive differentiator, given that solid performance and a good reputation are well regarded in the market for providing safe and long-lasting business for customers.
 Carolina Goldenberg is a senior analyst at Whirlpool Corporation and Jussara Rocha Tibério is senior compliance analyst at Camargo Corrêa Infra.
 The Foreign Corrupt Practices Act of 1977, as amended, 15 U.S.C. §§ 78dd-1, et seq. < https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/11/14/fcpa-english.pdf>.
 UK Bribery Act 2010 < http://www.legislation.gov.uk/ukpga/2010/23/contents>.
 Law 27401 of 8 November 2017 on the Criminal liability regime for legal persons for crimes committed against public administration and transnational bribery < https://www.legiscompliance.com.br/legislacao/norma/124>.
 Law 30424 of 2016 regulating the administrative responsibility of legal persons regarding transnational assets < https://busquedas.elperuano.pe/normaslegales/ley-que-regula-la-responsabilidad-administrativa-de-las-pers-ley-n-30424-1370638-1/>.
 Ellis, Matteson, ‘Peru inclui a Responsabilidade Corporativa por Crimes de Corrupção na Defesa de Empresas que possuem Programas de Conformidade’, FCPAméricas Blog, at https://fcpamericas.com/portuguese/peru-inclui-responsabilidade-corporativa-por-crimes-de-corrupcao-na-defesa-de-empresas-possuem-programas-de-conformidade/.
 Ellis, Matteson, ‘O “ACT”: Nova Lei Anticorrupção decretada na Colômbia’, FCPAméricas Blog, at http://fcpamericas.com/portuguese/act-nova-lei-anticorrupcao-decretada-na-colombia/.
 Carneiro Maeda, B, ‘Programas de Compliance Anticorrupção: importância e elementos essenciais’ in Del Debbio, A; Carneiro Maeda, B; da Silva Ayres, C H (coord.), Temas de Anticorrupção & Compliance (Rio de Janeiro: Elsevier, 2013), p. 171.
 Silveira, Alexandre Di Miceli da, Ética Empresarial na Prática – Soluções para Gestão e Governançca no Século XXI (2018), p. 174.