Corporate Responsibility Policies

“In determining the right people, the good-to-great companies placed greater weight on character attributes than on specific educational background, practical skills, specialized knowledge, or work experience” — Jim Collins

Introduction

In our childhood, we have been taught that ‘Honesty is the best policy.’ Apart from that, in our day-to-day, knowingly and unknowingly, we follow many policies like doing prayer in the morning, feeding the poor/needy every day, being on time and many more such things.

Objective

All organization whether small or big have their Corporate Policies in place. These may be documented or verbal. In many organizations, Policies are well documented, but implementation is hardly evident. Whereas in many, there is no documented policy, but the essence of policy deployment is observed.

Any organization’s policy reflects the thought process and maturity of the top management. By clearly stating and documenting the 3 corporate responsibility policies (Code of Conduct, Anti-bribery and Ethics escalation), the management reflects their commitment towards their relevant stakeholders.  

Definitions (ISO 9000: 2015)

Top Management (Cl 3.1.1): A person or group of people who directs and controls an organization at the highest level

Policy (Cl 3.5.8): Intentions and direction of an organization as formally expressed by its top management

Detailed Information

As per IATF 16949: 2016, Clause 5.1.1.1

The organization shall define and implement corporate responsibility policies. including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy (“whistle-blowing policy”).

Two important points:

• Define and Implement: The organization should define the policies and ensure that it is implemented. It means every employee of the organization should be aware of and understand the management policies.
• Minimum: There can be more than 3 corporate responsibility policies like POSH (Prevention of Sexual Harassment), Information Security Policy, Safety Policy etc.

3 Corporate Responsibility Policies:

1.    Anti-Bribery Policy: An anti-bribery policy demonstrates a company’s commitment to preventing bribery and corrupt activities, and all staff should be instructed to familiarize themselves with the information it contains.

Recent Examples: 2G bribery case, Renault Nissan CEO Carlos Ghosn case in 2018, Chanda Kochhar of ICICI in a financial fraud case in 2018.

ISO 37001:2016 is a Standard that is related to the Anti-bribery Management System. It sets out requirements and guides a management system designed to help an organization prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.

2.    Code of Conduct: A code of conduct is the most common policy within an organization. This policy lays out the company’s principles, standards, and moral and ethical expectations that employees and third parties are held to as they interact with the organization.

A code of conduct is an integral part of compliance efforts as it provides documentation that an employee or third party has violated company policy if illegal activity arises.

Examples related to the Code of Conduct include

·       Company's values

·       Employee behaviours

·       Dress code

·       Leave policy

·       Conflicts of interest

·       Communication

·       Harassment

·       Abuse or assault

·       Bullying

·       Intoxication

·       Illegal activity

·       Discrimination

·       Confidentiality

·       Use of company property

·       Use of technology

·       Plagiarism

Recent Example: Flash Electronics files patent case against Royal Enfield in US court in 2019, Requirement related to REACH, IMDS, RoHS

3.    Ethics Escalation Policy: Ethics escalation is the process of allowing an employee or an interested party to report unethical conduct above and beyond their direct line managers. Typically, an escalation process also requires that any alleged violation is communicated to appropriate personnel, e.g., the head of the legal compliance function. To preserve the anonymity of the employee, many companies have an ombudsman that serves the purpose of receiving information on alleged ethical breaches.

Recent Examples: Volkswagen Case related to the Diesel Vehicle Emission Test in 2015, the Takata Air Bag issue resulting in major recall and bankruptcy in 2013, the Satyam Computers scandal for falsification of company accounts in 2009

ISO 37002: 2021: Whistleblowing Management System-Guidelines

Hope these Corporate Policies do not go in vain as has happened with the quality policy, which only the quality manual and MR are aware of!

How these policies can be communicated?

• Annual appraisal
• During the induction of new employees
• Distribution of the policy documents
• Display of the policies at appropriate places like the company gate, reception, conference room, manufacturing site, intranet

Present Challenges

1. Who drafts the Corporate Policies: Top Management, the Management Representative (MR) or the Consultant?
2. Who is aware of these policies apart from MR and Consultant in an organisation?
3. What effort does top management make to ensure effective communication and understanding of these policies? Is the effectiveness of these policies reviewed in the management review?
4. For the Ethics Escalation policy, if the employees are aware, whom should they escalate to?

 References:

IATF 16949: 2016

ISO 9000: 2015

ISO 37001: 2016: Anti-Bribery Management Systems-Requirements

ISO 37002: 2021: Whistleblowing Management System-Guidelines

Industry Experts