Monitoring and improving performance
Dealing with breaches when they occur is essential for ensuring we do business with integrity – but we believe that preventing wrongdoing by encouraging a culture in which everyone feels confident in raising concerns is equally important.
Assessing our risk profile
This year we deepened and strengthened our reporting in a number of ways. Each of our markets must now report compliance to the board’s audit and risk committee against a consistent set of key performance indicators. Moreover, each must now carry out a compliance risk assessment, including consideration of human rights and corruption, and develop mitigation plans for the greatest risks. They did so for the first time this year.
With these market assessments, we were able to build up a risk profile of the company as a whole. Although risks differ by market, certain general themes were common to all. These were to do with anti-corruption and money laundering, working with third parties, conflicts of interest, regulatory issues, anti-trust and competition, health and safety, quality, and alcohol consumption by employees.
Following the analysis of these risks, we will be working with local compliance and ethics managers in our markets to develop training and communications relevant to their particular issues.
Reporting breaches of our Code and policies
Making sure that everyone feels confident about reporting breaches is essential if we are to ensure that unethical behaviour does not go unchallenged and unpunished at Diageo. One part of that lies in people’s confidence in speaking to their managers. As reported in the Values Survey, 84% of employees said: 'I would feel comfortable raising any concerns about compliance or ethics with my line manager, or through SpeakUp'.
The other is the use that is made of our whistleblowing service, SpeakUp. During the last year we saw a large increase in the number of cases now being reported through SpeakUp, with 242 calls this year, compared with 119 in 2011. We believe this is due to our work to promote SpeakUp, which has helped increase people’s trust in the service. This number is now in line with EthicsPoint Inc’s global benchmark of 1% of the total employee population reporting concerns through a helpline. The other breaches were reported via line managers, legal, HR or our network of controls, compliance and ethics managers.
Responding to incidents
On 27 July 2011 Diageo agreed settlement of the previously disclosed US Securities and Exchange Commission (SEC) investigation into potential violations of the US Foreign Corrupt Practices Act (FCPA). The investigation related to payments involving Diageo’s subsidiaries in India, South Korea and Thailand. Under the settlement Diageo agreed to pay $13.374 million (£8.464 million) to the SEC in disgorgement of profits and pre-judgment interest, to pay a $3 million (£1.899 million) penalty to the SEC, and to cease and desist from committing any further violations of the books and records and internal controls provisions of the FCPA.
We regret this matter and take the SEC's findings seriously. We have enhanced our systems and controls in an effort to prevent such issues recurring, and to reinforce, everywhere the company operates, a culture of compliance and commitment to the principles embodied in our Code of Business Conduct.
Following the ruling, our chief executive officer sent a communication to all employees drawing their attention to the incident and reinforcing our Code and the importance of behaving in accordance with our values. All employees were then taken through training by the senior leaders in their part of the business to understand what they needed to do to ensure they protect the company’s reputation.
All breaches of our Code and policies are investigated and taken very seriously. Any actions by employees that would violate our anti-discrimination and human rights would result in the termination of the perpetrator’s contract.
We also work with third parties to try to ensure that they uphold the same high levels as we do. For more information on our approach to monitoring social and ethical risk in our supply chain, see the section on our suppliers.
Dealing with breaches fairly
When a breach does occur, employees need to feel confident that Diageo has a consistent approach, and that internally it’s a level playing field for everyone.
In previous years there have been discrepancies in the way that breaches of our Code have been dealt with, depending on the location and the individuals involved. In February 2011, we revised our breach disciplinary framework to make sure that everyone, everywhere had the same model to follow; this year we’ve been working to ensure that it is followed consistently. Of course, the framework allows for individual circumstances to be taken into consideration – in the same way that the principles of justice are applied in a court of law – but now everyone can be confident of fair treatment as well as a fair hearing.
We have qualified and experienced investigators who handle every breach reported to us that requires investigation. This year we improved how we handle them, ensuring all were dealt with within our 30-day target period. We deal with them in different ways, depending on the severity of the breach.
Our aim is to help employees improve, through individual coaching and training, but we will take formal disciplinary action when necessary. This year 105 people exited the business as a result of breaches of our Code or policies.
Learning from experience
A big change this year, which we believe is helping people’s understanding and confidence in reporting breaches, is that we now share information about those that do occur.
Historically Diageo kept confidential all breaches of our Code. However, we decided that to improve transparency and enhance our ethical culture we needed to be more open with employees about breaches and their consequences, so that they could be better prepared to avoid them. By publishing relevant (anonymous) examples of breaches locally when they happen, and globally every quarter through our intranet, we alert our employees to potential issues that might arise given external trends or events and hopefully prevent further breaches. These articles are regularly in the top ‘most read’ on our intranet, and have had very positive feedback from employees.
It’s not just a negative programme, however. We also share examples of where employees have been in circumstances in which they have been asked – or tempted – to do the wrong thing, and yet have made the right decision.
We have also developed a new, more rigorous breach reporting database, which will give us far better insights into what is happening and why, allowing us to analyse issues and come up with plans for dealing with problem areas. Subject matter experts for each policy receive reports on breaches in their areas so they can tailor training accordingly.