I'm very pleased to be with you today and have the opportunity to share ideas about ethics and compliance with the business community of Singapore.
We all know that it is an important subject. Recent years have illustrated all too well that strong ethics must be the foundation for performance. We have seen what happens when the focus is "numbers" or "winning," without having an ethical foundation. The results have been bogus numbers - a mirage, if you will - and, in some cases, collapse of the enterprise. In the U.S., we think most frequently about Enron, WorldCom, Tyco, and Adelphia. But it's not been exclusively a U.S. issue, as Ahold in the Netherlands, Parmalat in Italy and China Aviation Oil here in Singapore also have suffered from management who seem to have relied on cheating instead of managing.
A few months ago, I came upon some interesting data. The data are U.S.-centric, because the source was U.S. print media, but the data are fascinating and I think revealing. It was gathered by the Compliance and Ethics Leadership Council, an ethics think tank in Washington DC. They found, between 1999 and mid-2005, that the median loss flowing from misconduct by senior management was $500 million; they found that the median loss flowing from misconduct by others (but where senior management was aware of the misconduct) was $140 million; and they found that the median loss flowing from compliance issues where senior management was neither involved nor aware was $22 million.
Two other interesting tidbits: First, CELC's data reflected that an astonishing 89 percent of these losses were caused by intentional misconduct, not negligence, and second, CELC learned from survey data that 70 percent of senior managements believed that their respective companies take compliance more seriously than average. Indeed, only 3 percebt believed that their respective companies take compliance less seriously than average.
To this, let me add data recently published by Business Week: since 2002, a Justice Department task force pursuing corporate crime has helped to secure over 700 corporate fraud convictions, including more than 100 CEOs and presidents, more than 80 vice presidents, and more than 30 CFOs.
So you could conclude from the data (1) that the biggest problems come from biggest people, (2) that temptations to cheat are strong, (3) that the traditional corrective action of "more training" is wholly inadequate as a remedy to address intentional misconduct, (4) that compliance efforts have been wanting insofar as their utility in preventing misconduct, and (5) that even deterrence flowing from threats of prison or other punishment are not wholly effective.
And who is paying attention to these problems with business? Let's start with the auditors. Some months ago, I found a Wall Street Journal article covering a civil lawsuit against the accounting firm, Arthur Andersen. I like to start with the article because, of course, Arthur Andersen doesn't exist anymore, having disappeared almost overnight. After 100 years as a top accounting firm, Andersen disappeared from the planet for being insufficiently vigilant. Keep in mind also that all of the major accounting firms have been consistently included in the first line of defendants in lawsuits for failing to detect corporate misconduct, paying collectively in excess of $2.5 billion during the past 10 years. So the accountants are paying attention.
Let's go the board of directors. Did you notice the settlement in the WorldCom suit filed against the members of its board of directors? The institutional investors were so upset over the WorldCom meltdown that they would not allow payment of damages to come exclusively from directors and officers liability insurance. Those investors instead insisted that any settlement include payments from the directors' personal assets, to the tune of about $2 million each. Essentially the same thing happened to the directors of Enron. So the directors are paying attention.
And the markets are paying attention too, because a whiff of a problem drives the share price down almost instantly. Very recently, a company in Japan, Livedoor, was implicated in some Enron-like behaviors of using a related entity to generate share-price gains that were converted to cash. According to the Wall Street Journal, within a week's time, the market cap of Livedoor dropped from $6 billion to $2 billion.
There you have the backdrop - a mix of greed, fear, and a lack of management skill that can lead to misconduct - which harms shareowners, which destroys trust, which in turn ratchets up regulation, and which drives up costs and business complexity.
For the past 25 years in the U.S., the answer to such issues has been the development of formal ethics and compliance programs. Indeed, many of the "leaders" in developing these programs have been those companies who found themselves in trouble.
UTC's formal program began in the mid-1980's, and evolved in two phases in the aftermath of problems in its defense businesses. First, UTC developed a government contract compliance program, targeted at the "source" of its issues. Second, and a few years later, UTC moved beyond a set of narrow rules and adopted a wider-ranging Code of Ethics in the hopes of creating an overlay of ethical decision-making.
When I came to my present job in Business Practices, a little over a year ago, after serving in UTC's legal department for almost 25 years, I inherited what had long been considered a model program for ethics and compliance. But hearing it characterized as a model program always made me slightly uneasy, because I remembered all too well the sage words of an old friend whose wife had referred to him as a "model husband". He told me of the pride he felt every time she made the reference, until, as he said, he took the trouble to look up the definition of "model" in the dictionary and found out that it meant a small, non-working imitation of the real thing. That's what I want to avoid. Instead, I want UTC to have a model program in the sense that it is something exemplary and something to be emulated. And I have been working diligently over the past year to give our programs a boost and take them to the next level.
UTC's ethics and compliance programs have included the traditional building blocks: standards and controls (in the form of rules); communications to alert people to the rules; training to better describe the rules; monitoring to determine adherence to the rules; reporting mechanisms to report possible problems; investigations of alleged violations; risk assessments; corrective actions; and an organization (which at UTC is called the Business Practices office) that is intended to administer the program.
Like most other ethics and compliance programs, UTC for 20 years relied heavily on training, a fine-tuning of rules, basic monitoring, and disciplinary action, believing that clear understanding of expectations when coupled with deterrence would lead to compliance.
In general, this approach has been effective, but it did not stop collusive activities by local subsidiaries of a UTC unit on certain contracts in Germany and the Benelux countries. In fact, for this intentional misconduct, training had the unintended consequence of showing the perpetrators how to conceal their misdeeds. As confirmed by studies, education is a necessary element for compliance efforts but rarely is sufficient, standing alone. This is particularly true when detection and punishment for compliance violations appear to be more remote and less certain than the adverse consequence of a nearer-term problem, such as missing a sales target.
To combat complacency and to augment training and deterrence as preventative techniques, UTC has embarked on a plan to employ more standard business process and standard business review in the ethics and compliance realm. We want ethics and compliance to be ingrained and not be seen merely as an appendage. In this regard, three principal changes were adopted for 2006.
First, the annual objectives for the leadership of each UTC business now include requirements for reducing compliance lapses. We have accumulated data on compliance going back to 1986, and these objectives are intended to encourage the use of our process tools (akin to Six Sigma), to understand root cause, drive down "escapes", and improve performance. Because the metrics are untested, this objective will not be mechanically applied but will be a point of reference for the exercise of judgment in determining annual bonuses. In the past, ethics lapses have resulted in dismissals and reduced bonuses. Now, instead of a downside-only proposition, good behaviors can lead to improved bonus performance. These metrics will be reviewed annually with the CEO.
Second, an expanded and more rigorous process for risk assessment has been adopted. In essence, it builds on and broadens the effort undertaken with respect to accounting risks and controls in responding to U.S. Sarbanes-Oxley requirements. It cuts across the enterprise, includes cross-functional inputs, begins with a risk catalog, evaluates the likelihood and severity of an occurrence, identifies priorities of risks, and calls for the creation of mitigation plans. One input to the risk assessment is the past experience revealed by compliance "escapes", and the output of the risk assessment will be improvements in standards, controls, training, and monitoring. On an annual basis, the risk assessment (prospectively) and risk reduction activities (retrospectively) will be reviewed with senior leadership of the corporation and with the Audit Committee of the Board of Directors.
Third, a "competency" for business ethics has been added to the annual personnel appraisal process. It is complementary to other UTC competencies, such as strategic leadership, customer focus and teamwork. Some might ask whether a competency for business ethics makes sense - whether ethics is better understood as a personal quality, rather than as a skill-based competency. For UTC, at least, a competency is defined as a behavior which leads to good business results.
So the ethics competency was fleshed out by describing preferred behaviors, and in doing so, UTC relied heavily on the research of the Ethics Resource Center (the ERC), another ethics think tank based in Washington D.C. In doing survey research over the course of more than 10 years, ERC learned that better-scoring companies had leadership that displayed four behaviors: (1) good communications, including communications on ethics, (2) modeling ethical behavior, (3) keeping commitments, and (4) maintaining accountability among employees at all levels. And for such companies, the levels of observed misconduct were lower, and employee morale was higher. Within UTC, the competencies are the basis for the annual Leadership Development Review, which includes a review of the senior leadership of the company with the CEO.
These three business processes will take the next steps and augment the traditional tools of education and deterrence. Hopefully, these processes will help to shape positive behaviors, which in turn will help to reinforce a positive culture of ethics and compliance. These processes are built on mainstream tools used by UTC; they further a UTC strategy of continuous improvement; and they focus on the people dimension.
As I have heard it described by academics, the combination of strategy and people is leadership. And to me, the language of ethics - comprising good communication, keeping commitments, and maintaining accountability - is also the language of leadership. As I also have heard from the academics, the best leaders share power, encourage personal growth, and instill a sense of team, and the best leaders seek to inspire their people with a positive view of the future and then organize their people to pursue great goals.
The threat of punishment is a necessary component for an ethics and compliance program because it demonstrates accountability. While the deterrent effect of punishment can be powerful, sometimes it is merely translated into a cost/benefit analysis coupled with a probability assessment. Pro-social behavior is more likely when there is a combination of factors - education, monitoring, deterrence, and strong leadership - where leadership seeks to tap the innate drive toward a sense of purpose and achievement.
That brings me to a discussion of ethics at UTC, as distinct from compliance (or adherence to rules). This is hard - because it is a "softer" subject - something equated at times with morals - and because many skeptics describe business ethics as an oxymoron.
Most in business analyze business issues with reference to data, but ethics generally draws its sustenance from philosophy which seems driven more often by reasoning and general observation. Although I took philosophy courses in college, I have difficulty in keeping track of the various schools of thought, and I am far from being any kind of expert on ethics. As expressed so aptly by my mother, "Aren't you just a lawyer?"
So, in looking at business ethics, and considering ethics to represent a discipline for making good choices, let's start with the purpose of business. And the purpose of business is obtaining a fair return on investment. If you don't believe that you will obtain a fair return, then you will not invest. Investment thus is built on a belief that commitments will be kept - on the basis of mutuality - and frequently on the basis of mutual dependence.
In the U.S., a favorite comic strip is "Peanuts." One of the recurring scenarios is hapless Charlie Brown attempting to kick an American football while Lucy is the placeholder. Lucy pulls the football away every single time, and poor Charlie Brown ends up on his back with his leg thrust into the air. Who besides Charlie Brown would continue to trust in such a situation? In places and industries where unpredictability reigns and where commitments are routinely set aside, investment lags. To me, therefore, trust is the basic building block for business ethics.
Now, let's look at some recent research by the Ethics Resource Center. They found, first, that creating a structure of compliance improved employee perceptions of performance with respect to ethics. Second, they found that having a structure of compliance would begin to instill a culture of ethics. Interestingly, however, they discovered that a compliance structure with perfunctory support led a plateau. Only when a culture of ethics took root did employee perceptions of ethical performance continue to improve. And, you will recall, other ERC research revealed that a culture of ethics could be built by good communication, modeling good behavior, keeping commitments, and maintaining accountability.
If you examine those behaviors, you will see that each represents a link in creating a correspondence between words and actions. The academics say that a correspondence between words and actions creates trust. But these behaviors also suggest respect coming from open and good communications, and fairness coming from accountability.
Within UTC, accordingly, we encourage people to evaluate actions on four levels. First, determine whether a proposed action complies with the law. For us, legal compliance is a must. Second, evaluate whether a proposed action builds the trust of our stakeholders (shareowners, customers, employees, suppliers and communities). Third, ask whether a proposed action creates respect among our stakeholders. And fourth, ask whether a proposed action promotes integrity. This last element has a broad range of impact, connoting honesty, fairness, and coherence in approach. Issues regarding ethics and making good choices frequently have more than one answer; accordingly, we encourage discussions among a range of people, because we think it generates better decisions.
And that's the UTC approach in attempting to simplify the complexities of good business practices, as related both to compliance with rules and the ethical overlay. You might ask how effective these efforts have been and how we measure effectiveness. These are the questions constantly raised with respect to ethics and compliance programs, and generally the answers are less than fully satisfying, because most measures have been linked with activities or inputs (e.g., how many calls to a help line), where numbers do not directly reveal good or bad outcomes.
With our new initiatives, we're hoping that measurements will be more useful as we examine outcomes more directly (e.g., amounts of compliance losses suffered) in addition to activities. To those, we add a measurement drawn from employee surveys, where questions on ethics and management practices are embedded.
At least for today, as a bottom-liner, I can report that UTC's defense business, the catalyst for developing our Code of Ethics and broader ethics program, has encountered no serious issues since the adoption of the code in 1990. And I can report that UTC's conservatism in accounting has served it very well. But we have one major blemish, that being the collusion to which I earlier referred in Germany and the Benelux countries. In any event, with respect to the efficacy of our new initiatives, we must await the passage of time.
One final question that can be asked is whether the costs of compliance are greater than the costs of noncompliance. This goes to the law and economics model of assessing all issues within a cost versus benefit equation. For UTC, we know from other applications that using our process improvement tools to address problems leads to cost reduction and quality improvement. Certainly, costs avoided (in the form of damages, fines, penalties, and disruption to business) by following laws scrupulously can be very substantial. Based on available information, I believe that the costs of compliance represent a worthwhile investment.
And in the broader economic context, UTC firmly supports the operation of free and open markets where quality of product, commercial terms, and customer service determine the winners and losers. Where markets are influenced by other factors, such as corruption, there is a compelling argument that investment and innovation decline - either as unnecessary (for those who will make payments), or as futile (by those who won't make payments).
In summary, in today's world, UTC structures its ethics and compliance programs increasingly around standard business process and standard business review. These are intended to focus the attention of management, encourage positive behaviors, and inculcate a culture of ethics. We must be ever mindful that a corporation's objectives are translated into actions through the adoption and use of systems and processes which shape and control behavior. Our new management objectives, our augmented processes for risk assessment, and our new ethics competency for personnel appraisals are all designed to improve compliance performance and to reinforce the right culture. We must remember also that corporations work through people, and people seek meaning through the ability to make a contribution, through personal growth, and through affiliation with others.
So, UTC emphasizes the overlay of ethics to avoid the mentality of searching for loopholes in the rules and to appeal to the higher motivations of people to be a part of an organization where they can feel good and confident that it will be sustained.
As I've heard our chairman say repeatedly with respect to ethics and compliance, "We must be perfect, period." And perfection is our unwavering goal.
