At digital-industrial company General Electric, integrity and compliance are one in the same. A commitment to perform with integrity is instilled in every employee as a non-negotiable expectation of behavior, while compliance is infused into every GE business everywhere they operate in the world—in the way business leaders work together, set standards, and drive the company’s vision.
During a recent Webcast sponsored by EY, compliance officers at GE discussed how they foster a culture of integrity and compliance in a company with more than 300,000 employees in more than 170 countries. The title of GE’s Code of Conduct, “The Spirit & The Letter,” was a “very intentional title,” said Alfred Rosa, GE’s chief compliance director and senior executive counsel. “It captures both the concept of culture and the concept of risk management.”
“Culture is the primary influence on employee behavior.”
Alfred Rosa, Chief Compliance Director, Senior Executive Counsel, GE
At GE, mitigating any type of fraud starts with culture—the shared attitudes, beliefs, and behaviors of the organization. “Culture is the primary influence on employee behavior,” Rosa said.
The following key pillars are part of the foundation upon which GE’s Integrity & Compliance program stands to prevent, detect, and respond to issues:
A leader-directed program. Business leaders at every level, including middle managers, are expected to lead by example to create a culture of integrity. “In a healthy culture, leadership engagement is viewed not just as a concept, but as a process,” Rosa said. “At GE, we are not perfect—far from it—but we believe this is a tenant of healthy compliance programs.”
Quick response time. Issues and investigations are addressed quickly and thoroughly.
Open reporting environment. Employees are encouraged to raise integrity concerns and to feel confident that they can do so without fear of retaliation. GE has approximately 620 ombudspersons around the globe to encourage the reporting of concerns.
Below is an excerpt from GE's Code of Conduct, "The Spirit & The Letter," on what leaders must do.
A leader must: create a culture of compliance in which employees understand their responsibilities and feel comfortable raising concerns without fear of retaliation; encourage ethical conduct and compliance with the law by personally leading compliance efforts; consider compliance efforts when evaluating and rewarding employees; and ensure that employees understand that business results are never more important than ethical conduct and compliance with GE policies.
Leaders must also take the following steps to build an infrastructure to prevent, detect, and respond to compliance issues:
Prevent Compliance Issues
Identify business compliance risks.
Ensure that processes, tailored to address your particular risk areas, are communicated and implemented.
Provide education on GE policies and applicable law to employees and (where appropriate) board members and third parties.
Commit adequate resources to your business’s compliance program.
Detect Compliance Issues
Implement control measures, such as “dashboards” and “scorecards,” to detect heightened compliance risks and/or violations.
Promote an effective ombudsperson system.
Ensure that periodic compliance reviews are conducted, with the assistance of business compliance leaders and/or the corporate audit staff.
Respond to Compliance Issues
Take prompt corrective action to fix identified compliance weaknesses.
Take appropriate disciplinary action.
Consult with GE legal counsel and make appropriate disclosures to regulators and law enforcement authorities.
GE employees remain the company’s first and best line of defense in the early detection of potential compliance issues. Thus, one of the best indications of the overall health of the compliance culture at GE is the degree to which employees are reporting concerns, Rosa said. “We spend a lot of time at GE measuring reporting rates, conducting root-cause assessments, assessing corrective actions, and discussing trends with management,” he said.
Data provided by GE shows that more than 4,470 integrity concerns were reported during 2016 through the open reporting and ombudsperson process (30 percent anonymously), covering a variety of issues. The reported concerns led directly to 1,173 disciplinary actions as of Feb. 1, 2017.
Simpler compliance means effective compliance. During the Webcast, Rosa also discussed the importance of simplifying compliance. Compliance officers sometimes lose sight of the fact that the compliance program is for the benefit of employees to help simplify compliance. Yes, compliance programs should satisfy enforcement authorities, “but the best way to achieve that end is to ensure employees understand the program and their responsibilities with respect to it,” he said.
GE, for its part, has been striving to make integrity policies more readable for employees. Examples include the creation of one-page guides for supplier onboarding, competition law, revenue recognition, and business courtesies, the company states on its Website.
Training and communication. In addition to fostering an open-reporting environment, GE has been exploring more efficient and effective ways to train and communicate with employees about its integrity and compliance program.
For example, 3,500 middle managers at GE were trained last year on how to have discussions with employees about GE’s open reporting environment. Driving the need for this training was the sense that the reporting of concerns too often was being offloaded onto the compliance representatives scattered throughout the enterprise, “because people didn’t necessarily know how to have these kinds of conversations,” said David Handler, deputy general counsel and chief compliance officer at GE Aviation.
For some managers, talking with employees about matters of ethics and the importance of reporting concerns doesn’t always come easily. By giving managers the tools and messages they need to have these kinds of conversations, “we started moving the needle,” Handler said.
In another example, GE last year began incorporating compliance-based gaming options into its mobile compliance application and began piloting the use of compliance-based training within the applications employees use each day to give them the information they need when they need it, Handler explained.
Data analytics. Data is also becoming an increasingly important means in yielding insights into the health of the compliance program. For example, GE has developed a Compliance Executive Dashboard that centralizes compliance data for the business units.
“We are trying to take a better approach to predictive analytics,” Handler said. That involves looking for patterns that are likely to trigger an investigation—insight that ensures resources are deployed where they are needed most and helps mitigate issues before they happen, he said.
Predictive analytics is a way for the company to think globally, but act locally. It’s all about ensuring that plant managers, for example, know which specific risks concern their facility, the likelihood of those risks occurring, and what controls are in place to mitigate them, Handler said. That plant manager can then act locally in collaboration with health and safety, quality, security, compliance, and legal to address those risks, he said.
“The quality of the data in all of this is very important,” Handler said. Companies need to understand the limitations of their data, stitch it together, and harmonize it. “Then you can begin to make better use of it.”
At the end of the day, however, everything boils down to culture. A company can design as many processes, procedures, and controls as it possibly can, but a company’s culture is where everything begins and ends. Concluded Handler, “Without that, it all crumbles.”