Compliance Pulse UK

COMPLIANCE PULSE – UNITED KINGDOM

London 2013

About The Red Flag Group

The Red Flag Group is The Compliance Firm™ that helps companies turn compliance into a competitive advantage. We create customised and integrated

compliance solutions that add value to your business. For more information, go to www.redflaggroup.com

Contents

1. Introduction

1.1 The importance of compliance

1.2 Our approach

1.3 Scope of review

2. Executive Summary

3. Our Findings

3.1 Public disclosure of codes of conduct

3.2 Identification of chief compliance officers

3.3 Compliance committees

3.4 Reporting of anti-corruption and compliance issues

3.5 Compliance in annual reports

3.6 Whistleblowing policies

3.7 United Kingdom–based companies versus foreign companies

3.8 Large companies versus smaller companies

3.9 Best and worst performing sectors

4

4

5

5

6

7

7

8

9

9

10

11

12

13

14

Page 4 The Red Flag Group

1. Introduction

1.1 The importance of compliance

There has never been more attention on corporate compliance. Companies are finding it increasingly challenging to obtain the trust and confidence of stakeholders as the seemingly never-ending wave of corporate scandals hits markets across the world. What has become apparent is that companies which fail to properly implement a sound compliance system pay serious penalties for their unawareness and negligence, regardless of the rich history, prestigious brands or celebrated reputations these companies may possess.

The world was stunned when it was revealed in summer 2012 that traders from leading banks had been regularly manipulating the London Interbank Offered Rate (LIBOR). The anchor for financial contracts – accumulatively worth hundreds of trillions of dollars – was shaken. Employees of these banks had been submitting fabricated LIBOR estimates on a daily basis while traders from the same banks profited from the colluded manipulations. This went beyond trading on insider information as even the information itself was fictitiously made up by traders. While the group of banks and individuals stood to directly benefit or lose from the estimates they posted, there were blatant conflicts of interest. Nonetheless, it was the lack of systems and controls that had ultimately led to these outrageous scandals.

Page 5Compliance Pulse – UK

Over the past years, companies in the United Kingdom have evidently struggled to recover public confidence after the unveiling of cases such as trade sanction violations, money laundering, deception of consumers into purchasing unwanted services, and other corrupt and fraudulent practices. These cases unreservedly exposed the very weak corporate governance and compliance frameworks that even some of the largest companies have had, as well as highlighting the potential dire consequences of not having robust compliance procedures in place. To regain the public’s and investors’ trusts, companies must now prove that their businesses are built upon a solid foundation of ethics, compliance and strong corporate governance.

This study identifies the criteria of the best practices of corporate compliance today, as well as setting benchmarks for evaluating the current state of companies’ preparedness for the tightened regulations.

1.2 Our Approach

We took 100 of the largest companies listed on the London Stock Exchange and carried out our review of their overall approaches to compliance.

All 100 companies in our sample group were assessed according to their publicly-projected approach to compliance. The assessment was based on eight different categories:

1. Whether a code of conduct (or similar document) existed and was available to the public

2. Whether the company identified its chief compliance officer (or similar position) and, if so, whether their roles and functions were clearly explained

3. Whether the company had a compliance committee (or similar oversight group) that was devoted to the review and improvement of the approach of the firm to compliance

4. The efforts of the company to publicise its corporate social responsibility, anti-corruption practices and compliance

5. Whether the company had a publicly-available report specifically addressing compliance-related matters

6. Whether the company exhibited any form of whistleblower policy or policies on openness and transparency

7. The level of attention paid to compliance issues in the company annual report

8. The overall approach of the company to ethics, compliance and good governance based on viewing all publicly-available material collectively.

In each of these categories, the companies were given a score from zero to four, based on a clear set of guidelines and instructions. The maximum score was 32. Each score sheet contained comments on how the final score for each category was derived, and all were reviewed independently for consistency.

1.3 Scope of review

The scope of our review covered only publicly-available information, hence it cannot be concluded that the subject companies did not have comprehensive compliance programmes. Rather, it would merely infer that there was no public disclosure to a broader group of stakeholders if these programmes were in place.


Our study shows that almost 80 percent of the sample group made their codes of conduct publicly available. This suggests that companies are recognising that a code of conduct is both an internal and external medium to communicate the core values and standards that guide the company.

Most companies were found to have compliance committees and whistleblowing policies. Furthermore, anti-corruption and compliance issues were found to be reported in the public domain. However, compliance is often absent from companies’ annual reports and chief compliance officers were rarely identified in public documents.

We found that United Kingdom–based companies generally performed better in their compliance programmes than their foreign counterparts. Large companies tended to have invested more in implementing their compliance programmes. Out of all the companies studied, those in the healthcare sector had the best approaches to compliance.

2. Executive summary


3.1 Public disclosure of codes of conduct

A code of conduct is an integral part of the compliance programme of a company. It helps to communicate to employees, as well as external stakeholders, the core values and high standards of integrity and ethics that form the foundation of business.

It is encouraging to know that 79 of the 100 companies in the sample group made their codes of conduct (or similar documents) publicly available. This differed significantly from our previous studies on Hong Kong, Singapore and the United Arab Emirates, where companies rarely recognised the importance of publicly disclosing their codes.

Companies also had to ensure easy access to the document in order to receive a full score. Figure 1 shows that 56 of the subject companies received an excellent rating and were enthusiastic about improving corporate behaviour. One company received a satisfactory rating despite not having a publicly-available code of conduct, as it instead offered similar policies.

These codes of conduct are analysed in more detail in our Code of Conduct Study – United Kingdom.

Figure 1: Publicly available code of conduct

3. Our findings

50

60

40

20

10

0Very poor Poor Satisfactory Good Excellent

30

Nu

mb

er o

f co

mp

anie

s

173

915

56


3.2 Identification of chief compliance officers

Over 70 percent of the subject companies were reluctant to identify a chief compliance officer or equivalent in public documents.

It is important for companies to identify an officer responsible for the overall implementation of the programme to help promote the fact that companies are willing to invest the time and resources of their top-level personnel to ensure compliance and ethical conduct. Clearly identifying individuals also enables employees and other stakeholders to contact them when any concerns arise regarding the practices of the company.

Figure 2: Chief compliance officer

Cheif compliance of�cer score distribution

Excellent

Very poor

Poor

Satisfactory

Good

31%9%

7%

10%

43%


3.3 Compliance committees

Over 85 percent of the subject companies had compliance committees. Some companies had two or more committees responsible for various compliance-related duties.

Figure 3: Compliance committee

3.4 Reporting of anti-corruption and compliance issues

The subject companies regularly disclosed information on corporate citizenship, corruption and compliance issues in the public domain. Companies that ranked well typically dedicated substantial sections of their websites – or even created separate websites – to address compliance.

Many companies also offered corporate citizenship reports or similar publications. Companies that received a full score offered plenty of information outlining their strategies and approaches towards compliance and preventing corruption, in addition to social initiatives.

35

40

30

25

15

10

5


20

Nu

mb

er o

f co

mp

anie

s

0

12

35 35

18


3.5 Compliance in annual reports

The study showed that compliance is rarely reported on on a regular basis. Only a small number of compliance issues were ever mentioned in annual reports, and many of these were only published because they were required to be by laws or regulations.

In better examples companies covered key compliance issues in annual reports so that shareholders and other stakeholders could easily learn of these matters. These included the progress of company wide-rollout of compliance policies, reports received through whistleblowing processes, and statistics regarding code of conduct training.

Figure 4: Including compliance in annual reports

35

40

30

25

15

10

5


20

45

Nu

mb

er o

f co

mp

anie

s

3

24

41

22

10


Figure 5: Whistleblower policy

3.6 Whistleblowing policies

It is important for companies to have direct channels available for all employees, and even external stakeholders, to report misconduct. This allows the board of directors and senior management to be alerted of actual or potential improprieties at a primitive stage so that swift action can be taken to mitigate or eliminate further damage.

The majority of the companies studied had whistleblowing policies. This finding is reassuring as it shows that most companies have appropriate mitigation measures in place.

Cheif compliance of�cer score distribution

Excellent

Very poor

Poor

Satisfactory

Good

1%

8%

13%

18%

60%


3.7 United Kingdom–based companies versus foreign companies

There were clear differences in the results of companies headquartered in the United Kingdom and those headquartered elsewhere but listed in the United Kingdom (“foreign” companies), as shown in Figure 6. United Kingdom–based companies scored much higher (18.3 out of 32) than foreign companies (12.3 out of 32). The company which scored highest, with 29 out of 32, is also based in the United Kingdom.

We conclude that United Kingdom–based companies are responding faster and are more prepared for the tightening United Kingdom regulatory environment.

Figure 6: Compliance scores by country

5

20

15

10

25

30

35

2829

6 7

12.3

United Kingdom Foreign0

Highest score

Average score

Lowest score

18.3


3.8 Large companies versus smaller companies

The 50 largest companies scored an average of 20.4 out of 32 – better than the smaller 50 companies, with their average score of 16 out of 32.

Larger companies generally have a wider stakeholder base and are often more scrutinised. Those that endure the test of the public prevail and attract more investors. There is thus both greater pressure and greater incentive for these companies to consistently keep check of their actions.

Figure 7: Compliance scores by market capitalisation

5

20

15

10

25

30

35

29

9

16

largest 50 companies smallest 50 companies0

29

6

Highest score

Average score

Lowest score

20.4


Figure 8: Average compliance scores by sector

3.9 Best and worst performing sectors

The healthcare sector performed exceptionally well in this study. In addition to having the highest average score among all the sectors, the two highest scoring companies both belonged to the healthcare sector.

The financial services sector and the property sector, which together accounted for 15 percent of the sample group, fell behind, with noticeably lower average scores of 12.1 out of 32 and 12.3 out of 32 respectively.

Health

care

Gener

al re

tail

Prop

erty

Finan

cial s

ervic

es

Aeros

pace

and

def

ence

Bank

ing

Telec

omm

unica

tions

Engi

neer

ing

Utiliti

esSu

ppor

t ser

vices

Min

ing

Consu

mer

pro

duct

sM

anuf

actu

ring

Med

iaTra

vel &

leisu

reTe

chno

logy

0

27.3

23.3

21.6 21.5 21.420.5

19.318.1 18.0 18.0

16.8 16.2 16.0 15.5

12.3 12.1

5

10

15

20

25

30



The Red Flag Group is a truly global company with offices and research centres in the United States, Europe, Asia, Africa and Latin

America. For more information visit www.redflaggroup.com.

Business

Compliance Pulse UK