Auditing maze of compliance and ethics

A Glossary of Compliance Terms

In a world where ethics and compliance is becoming more important, it is vitally important to have a clear understanding of what these terms mean. A glossary of ethics and compliance terms is a list of definitions that can be used to help with this comprehension. In many workspaces, it becomes very difficult for people who are not in the field to understand what these words actually mean. This glossary will give definitions as well as examples on why they are important.

What are compliance terms in risk management?

Compliance terms are rules or regulations that must be followed to ensure organizational integrity, adherence to ethical standards and laws. Because that is what makes a business sustainable and worth a look for ethical investors. It is important to note that these terms are not always defined in the same way, but the most common definitions are as follows:

Compliance covers both internal compliance (with company standards) and external compliance (with laws and regulations). Internal compliance may also be referred to as compliance with company standards, conduct codes or policies.

These terms are used throughout the world in various industries and organizations. For example, if you work for a bank or insurance company, you will likely recognize many of these terms from your own organization’s code of conduct.

Compliance is imperative to ensure ethical standards are upheld. Without this adherence, an organization will not have the proper foundation to conduct business or deliver services.

Unethical Decision Making:

A decision that will likely result in something…

What are ethics terms?

These are words that fall under the ethics umbrella. They are used to signify things like what is right, wrong, or even that which does not fit within the realm of normal (i.e. unethical). As with any term in business or mathematics, there are always exceptions to rules; however, using these terms can help define both an individual’s perception of good and bad, right or wrong.

The ethics terms in this glossary are used in the context of business, although they can have other applications as well. For example, it is possible to be ethical outside of a business setting. However, if you are asked by your boss whether something is ethical or not, these definitions may come in handy.

Why is ethics and compliance important?

Ethics and compliance work together to make sure that a business is operating in an honest and ethical manner.

A code of ethics is a set of rules for acceptable : within the company, while compliance might be defined as those actions required by law to ensure honesty. Compliance refers to those actual requirements that must be followed as dictated by government regulation or internal policy.

The scope of ethics has grown over the years to include not only actions that are legal or illegal, but also additional factors that focus on business practices. This includes social responsibility and environmental protection. When companies adhere to these newer sets of rules, they are operating in an ethical manner.

How do you ensure ethical compliance?

To ensure ethical compliance, it is important to have a firm understanding of what those terms mean as well as specific details on how they are defined. The following is a list of the most common definitions, along with some examples so you can better understand how they work together.

1) Ethics: The study or practice of morals or principles concerning right and wrong behavior; moral conduct. An ethical person has high standards for personal behavior and makes decisions based on conscience rather than self-interests. They avoid breaking the rules because they know there may be consequences such as fines or imprisonment.

2) Compliance: Cooperation with or obedience to laws, rules, regulations, etc.; adherence to requirements (as those of a code of conduct); acquiescence; submissiveness; as, compliance with the terms of the settlement. Compliance is part of ethical behavior because ethics are defined by obeying rules and making sure things are right.

3) Compliance Officer: To ensure that an organization’s policies are followed, employers may assign a compliance officer or someone in similar role to make sure everyone is doing what they are supposed to do. A compliance officer will likely have the task of training staff on how they should conduct themselves at work and will also be responsible for ensuring staff follow through on what they have learned. A compliance officer will also ensure that policies are being followed and any issues are addressed in a fair manner.

4) Whistleblower: Someone who exposes something secret or wrong within an organization, especially by passing information to the media or government authorities. Typically this is used when referring to exposing unethical behavior, such as fraud, negligence or other illegal practices. Whistleblowers may be outsiders to the organization such as sources that pass information to media such as newspapers and television news programs, or they can also be employees within the organization who inform those outside of it about what is going on.

5) Discrimination: Unfair treatment of a person or group based solely on prejudice. For instance, if someone is dismissed from a position based only on the fact that they are in the same ethnic group as another person who has recently been fired for no apparent reason, this would be discrimination. Discrimination can also apply to sex-based discrimination where women or men are treated unfairly because of their gender.

6) Harassment: Inappropriate and unwanted behavior by one person towards another. It is a form of discrimination if it results in an adverse effect on the work environment or creates a hostile working environment for the victim. This harassment could be carried out by a number of people but would have to be based on discriminatory grounds that are not related to their professional activities.

7) Bullying: This is defined as repeated aggressive behavior in order to intimidate others, typically involving a real or perceived power imbalance. It can include verbal harassment, physical assault or coercion and may be directed repeatedly towards particular victims, perhaps on grounds of race, religion, gender, sexuality, disability or other characteristic.

8) Diversity: A range of differences in any society, such as ethnic or cultural diversity; the inclusion of people with different backgrounds (such as age, race, sexual orientation, religion, class) into an organization.

9) Conflict of Interest: A situation that arises when someone’s private interests are incompatible with their professional obligations. For example, if a public relations officer is also a freelance journalist and they write an article that gives good publicity to their organization, this may seem like a conflict of interest because it might be thought that he or she has written the article to help their own private interests rather than the public’s.

10) Privilege: A special right, advantage, or immunity granted to one person or group of people; the opposite of discrimination.

11) Insider Trading: Illegal trading by someone using privileged information before it is made public. For example, if an investment banker is told about a merger between two companies and he or she buys stocks in one company (the target company that will be bought out), then sells it after they have gone up in value, this would be insider trading and is likely to result in investigation and prosecution. 12) Whistleblower: Someone who exposes something secret or wrong within an organization, especially by passing information to the media or government authorities. Typically this is used when referring to exposing unethical behavior, such as fraud, negligence or other illegal practices.

Compliance covers both internal compliance with company standards and external compliance with laws and regulations.

13) Affirmative Action: The practice of favoring members of a disadvantaged group in order to promote equal opportunity. The goal is to compensate for past injustice. An example is if more women are recruited into a certain job position just because they are female, this would be affirmative action although it is often viewed as being unfair.

14) Gag Order: A court order that prohibits someone from speaking or writing about something that was said or written during a court case. This is to ensure that the trial will not be influenced by outside sources and participants cannot claim that what they said or wrote was “not intended as testimony” should they need to change their original story after seeing someone else’s account of events.

15) Whistleblower Protection: Legislation designed to protect anyone who exposes wrongdoing, such as a corporation defrauding the government or an individual committing a crime.

16) Sexual Harassment: This is a form of gender discrimination and a violation of Title VII of the Civil Rights Act that addresses employment discrimination involving sex, race, color, national origin or religion. It occurs when someone in authority subjects another to unwelcome sexual advances, requests for sexual favors, or other verbal or physical conduct of a sexual nature that creates an intimidating, hostile, or offensive work environment. This behavior is considered illegal even if the victim does not consider it harassment. The law forbids any form of sexual discrimination in the workplace regardless of whether the harasser is male or female and regardless of whether the victim is male or female.

17) Whistleblower Retaliation: When an individual who has reported misconduct risks losing their job, being demoted or otherwise suffer negative consequences as a result of reporting the misconduct.

18) Organizational Ethics: The set of moral principles, values and standards that guide behavior within organizations. An organization’s culture and climate of norms and attitudes heavily influence the development of an organizational ethic.

19) Unethical Decision Making: A decision that will likely result in something morally wrong happening, even if the individual making the decision does not see anything wrong with it. For example, an unethical decision might arise when someone overcharges a client because they feel the client can afford the difference, or when someone claims more expenses than they actually incurred in order to get more money.

20) Unethical Leadership: A type of leadership that causes individuals within an organization to act unethically, especially when the individual is in a powerful role and expects compliance. An unethical leader might make promises of gifts or promotions if their subordinates give them information about other employees who are breaking rules.

21) Corporate Citizenship: The relationship between a business and the local community it operates in. It can include philanthropic activities, such as providing support for charities, encouraging staff to volunteer time to help social causes etc., ensuring compliance with environmental laws, paying taxes etc. It can also manifest itself in socially-responsible investment by a company.

22) Gag Clause: A clause in a contract that prevents one party from disclosing the terms of the agreement or speaking negatively about it to others. It is also known as a confidentiality clause and a restrictive covenant. This could be seen in an employment contract where a worker agrees not to disclose information about their employer’s business practices, suppliers etc. to anyone else.

23) Unethical: Acting in a way that is not right and/or moral, against the law, or against specific rules and regulations. This usually arises from motives such as greed, self-interest or prejudice.

24) Compliance Program: A set of policies, processes and procedures designed to help an organization achieve compliance with rules and regulations. This may include policies on how to report illegal activity or perform due diligence when dealing with third parties, for example.

25) Ethics Officer: An individual in an organization who is responsible for setting the tone of ethics throughout the company, dealing with any breaches that arise and helping employees understand what the right behavior is.

26) Audit: A thorough examination of something for the purposes of evaluating it. For example, an independent organization might audit a business to determine whether or not they are meeting all legal and ethical requirements.

27) Attestation: A statement that something is true or accurate, or that someone has the knowledge and skills required to perform a task. An attestation may take the form of an affidavit, which is legal verification in writing.

28) Chief Privacy Officer: The senior executive in an organization who is responsible for ensuring that the company complies with all laws and regulations regarding the processing of personal data. This person will often be in charge of formulating a proper information security strategy and determining how to protect any sensitive data belonging to users, clients etc.

29) Cyber Security: The practice of protecting a company’s information against the threat of hackers, vandals or thieves. This can include practicing good computer security practices on mobile computing devices and servers, maintaining strong passwords etc.

30) Bug Bounty Program: A reward scheme for discovering vulnerabilities in an organization’s computer system, often offered by software companies to encourage individuals to find bugs and help them improve the security of their systems.

31) Benchmarking: The act of comparing resources, performance or capabilities with those of other organizations for the purpose of achieving improvements. This is used in many different industries, but is especially common in sectors such as manufacturing and technology where competition can drive businesses to improve processes and develop better products etc.

32) Compliance Program: A set of policies, processes and procedures designed to help an organization achieve compliance with rules and regulations. This may include policies on how to report illegal activity or perform due diligence when dealing with third parties, for example.

33) FCPA: The Foreign Corrupt Practices Act is a law that prohibits American companies from paying bribes to foreign officials to gain an unfair business advantage. The Organization for Economic Co-operation and Development (OECD) defines bribery as “the giving or receiving of payments, money, goods and services, to influence the actions of public officials in their official capacity.” Most countries have anti-corruption laws on the books.

34) Blockchain: A technology that allows data to be shared across multiple sites or networks in a way that improves security and privacy. The blockchain was originally designed to power the bitcoin cryptocurrency, but is now being tested by many other organizations because it can be used to secure any digital information (including customer records, contracts etc.)

In a world where ethics and compliance are becoming more important, it is vitally important to have a clear understanding of what these terms mean.

35) Chief Risk Officer: The chief executive in an organization who is responsible for minimizing the risks it faces. This person will often develop a risk management strategy, conduct regular risk assessments and make sure that all employees are aware of the company’s policies on acceptable behavior.

36) ISO 37001: The International Organization for Standardization has developed this voluntary standard to help organizations improve their data protection measures.

37) Due Diligence: The process of investigating another company or individual before entering into a relationship with them. This is most often done by businesses to help minimize the risk of dealing with dishonest people or companies, but can also be used in the context of international relations and litigation etc.

38) Bribe: In legal terms, a bribe is a form of corruption where one person gives money or goods to another public official in exchange for preferential treatment. The OECD defines this as being any transaction that “improperly influences the recipient’s behavior.” This may include giving money, gifts, office equipment etc.

39) HIPAA: The Health Insurance Portability and Accountability Act is a law that protects individuals’ medical information from being shared without their consent. The US Department of Health and Human Services (HHS) regulates this government policy, which covers how healthcare organizations can share information with other parties such as employers or insurance companies etc.

40) Compliance Audit: An analysis of a company’s or individual’s existing policies and procedures that have been set up to help them meet rules, laws and regulations. The goal of a compliance audit is to find areas where these measures could be improved so as to reduce the risk of non-compliance. This type of review may also look for best practices within an organization or industry.

41) Compliance Burden: Refers to the time and effort that it takes for a company or individual to meet compliance regulations. Organizations may try to reduce this burden by implementing policies, processes and procedures designed to make it easier for them to comply with rules etc.

42) Compliance Framework: The structure that an organization uses to ensure it complies with all relevant laws, rules and regulations. The compliance framework is created by the chief executive officer who then shares it with other employees for their input. By doing this, he or she can identify areas where additional procedures are needed etc.

41) Natural Person: Refers to a living person who is not a corporation, partnership or other entity. This type of person is sometimes called a “natural person” as opposed to a legal person who may be an organization etc.

42) Compliance Risk: Refers to the danger of not having policies and procedures in place that allow you to comply with relevant rules, laws and regulations. Most lower tier organizations will focus on minimizing their compliance risk since they do not have enough resources to manage ESG issues properly.

43) GDPR: General Data Protection Regulation is a set of standards designed to help companies comply with European Union data protection rules. It came into effect on May 25th 2018, replacing the Data Privacy Directive 95/46/EC which had been in place since 1995.

44) Corporate Governance: Refers to the act of supervising and controlling the business activities of an organization. This is most commonly done by a board of directors, who are collectively responsible for overseeing all legal aspects of the company.

Ethics and compliance work together to make sure that a business is operating in an honest and ethical manner.

45) Dodd-Frank Act: This law is an Act of Congress, based in the U.S., that helps to regulate financial institutions and different companies that offer consumer products or services. It was created to help prevent another crisis like the one seen during the Great Recession (2008/2009).

46) Governance, Risk and Compliance (GRC): Governance, Risk and Compliance offers companies the opportunity to optimize their risk management. It refers to when an organization has developed policies that help them meet goals in a way that reduces unnecessary risks.

47) Gramm-Leach-Bliley Act (GLB): This law was passed in 1999, and it created the Financial Modernization Act. It also amended the Banking Act of 1933 and created new laws that helped to harmonize financial services that were previously available in different locales.

48) Sarbanes-Oxley Act (SOX): This Act is a law that was passed in 2002 and it has sections related to corporate governance, accounting etc. It also refers to section 302 of the Act which covers investor protection.

49) PCAOB: The Public Company Accounting Oversight Board were created as part of the Sarbanes-Oxley Act. Their goal is to help ensure that public accounting firms are providing quality audits of their clients companies.

50) NIST (National Institute of Standards and Technology): This is a U.S institute that provides quality standards for companies in the private sector, public sector etc. It is most commonly known for its work with cybersecurity, but it also helps to develop systems to ensure supply chain integrity etc.

Caveats, disclaimers & a compliance audit

At ESG | The Report, we believe that we can help make the world a more sustainable place through the power of education. We have covered many topics in this article and want to be clear that any reference to, or mention of corporate executive tasked, mitigating significant competitive personal and professional relationships or moral concepts vs organization’s mission, critical audit matters or if corporate executive charged in the context of this article is purely for informational purposes and not to be misconstrued as investment or any other legal advice or an endorsement of any particular company or service. Neither ESG | The Report, it’s contributors or their respective companies or any of its members gives any warranty with respect to the information herein, and shall have no responsibility for any decisions made, or action taken or not taken which relates to matters covered by ESG | The Report. Thank you for reading, and we hope that you found this article useful in your quest to understand ESG and sustainable business practices. We look forward to living in a sustainable world.