Is your code of ethics good enough? A quick way to answer that is to look at when it was last reviewed. If that date is before November 2019, then the answer will almost certainly be no. And if your firm has been making some strategic moves recently, I would move that date to November 2020.
Those dates have meaning because change is happening across the insurance market, and within most firms in it. And over the last few years, it’s a market that has had one or two significant challenges placed before it. A good code of ethics won’t make those challenges go away, but it will shape and guide how your firm should respond. And in particular, it will show the firm’s people what to expect from their firm.
Another way to think about the need to review your code of ethics is in relation to your business continuity plan. They should both be kept up-to-date in relation to the firm and its business. If they’re not, then their value to the business collapses pretty quickly. So if your firm reviews it BCP on a particular cycle, the same needs to be done for its code of ethics.
Time for a Template?
You’d be surprised just how different codes of ethics are across the insurance sector. Not only do they come in all shapes and sizes, but some firms who you’d expect to have a top notch code turn out to have long neglected it. One or two insurers don’t even have one. What this points to is a wide range of approaches to managing ethics. That’s fine, so long as insurers know how effective their particular approach is in relation to the ethical challenges facing their firm and the sector.
I once came across a ‘model code of ethics’, produced by Lloyds of London for use by firms operating in its market. The message was clear – don’t bother to think it through; just copy this, fill in a few blanks and the ‘got a code’ box can be ticked. If your firm wouldn’t want to use a generic business continuity plan, then it won’t want to do likewise for its code of ethics. Your code of ethics need to reflect your firm, which in turn gives it meaning for your people, which in turn increases the likelihood of it being used by them.
A few years ago, I reviewed the codes of ethics of several insurers active in the UK sector. It provides a useful benchmark against which to gauge what your own review reveals (feel free to contact me for a copy). If you’d like to read about the key themes that I saw emerging from that review, read these three posts (post 1, post 2 and post 3).
So how much does it matter what you say in your code of ethics? In some jurisdictions, it really does matter. US insurers expect to have their code gone through with a fine toothcomb, should the Department of Justice or the Securities and Exchange Commission come visiting with questions.
Here in the UK, the regulator doesn’t spell out their expectations with the same detail as their US counterparts. Nevertheless, the regulator will undoubtedly use a code of conduct/code of ethics to assess a firm on issues such as ethical culture, purpose, speaking up and leadership.
Part of My Checklist
To help you answer that question ‘is my code good enough’, I’ve put together the following list of questions you should be asking of your code and firm. It’s drawn from my own checklist (which is longer) and has helped several insurers find those particular aspects of their code that needed to be addressed. So, here goes…
- How easily can employees access the code?
- How accessible is it in terms of the way in which it is written?
- What languages is the code available in? Does that reflect your employee base?
- Is there a communications plan for bringing the code to employees’ attention?
- Does your firm ask employees to confirm their understanding of the code? How often?
- Is the code accessible to the public? And how easily can it be found?
- What does the firm’s web analytics tell you about engagement with the code?
- How many pages and words long is the code?
Leadership and Culture
- Does the code articulate and explain the firm’s purpose?
- Does the code communicate the firm’s ethical values? Have any business values been included?
- Is it clear in the code who has ownership of it?
- Does the code carry a statement by the CEO?
- Does the code make clear to whom is it applicable? And what exceptions are mentioned?
- Does the code encourage employees and others to raise questions and concerns? And is it clear how they can do this?
- Does the code explain how it is supported by other policies and programmes? And is the code clear on where those other policies can be found?
- Does it explain the firm’s arrangements for speaking up? And does it reference anonymous reporting, non-retaliation and investigations?
- Does the code reference what training is available in the issues covered by the code?
The Code Content
- Does the code reference the firm’s more significant ethical risks?
- Does the code support those references with information about how they are to be handled?
- Is the code written in the first, second or third person?
- What level of subordination is used in the code’s wording?
- What keywords occur in the wording, and do these relate to risks, and do they make sense to readers?
- How local is the code? Are the boundaries clear?
Compliance with the Code
- Does the code reference how performance against the code is monitored?
- Does the code spell out the consequences of non-compliance with the code? And how seriously is this expressed?
- Does the code reference how non-compliance is recorded and reviewed?
- Is the code clear on how waivers of compliance with the code are managed?
Keeping the Code Relevant
- When was the code last reviewed? And is this clear in the code itself?
- Does the code reference how revisions are approved?
There are a fair number of questions here, but they shouldn’t take long to run through for a typical code. What is then required is a lot of judgement, about the scope, depth and reasonableness of what you’ve found. And those judgements need to be made in the context of what your firm is doing, planning to do, and may have thrust upon it.
The Question that Rules Them All
Let’s end by stepping back for a minute. The one question that overrides all of the ones above is this one: what is my code there for? And after running through the questions above, what you should then ask yourself is: does the code deliver that?
There are firms who ask themselves those two questions (what’s it for and is it being delivered), but then struggle. Some are nervous about putting too much weight behind a code of ethics, even while speaking openly about rebuilding trust in their sector. Some worry about giving others too much of a rod to beat them with, yet put professionalism at the centre of their brand.
Sure, codes of ethics need a bit of work to be kept relevant and fresh, but they give back too. I recall some research several years ago about the contribution ethics can make to building a culture of innovation within an insurance firm.
I expect codes of ethics to vary across the sector, but be uniform on commitment and delivery of results. Now is the time, more than any other, when your firm needs its code of ethics to capable of supporting its response to the ethical challenges facing the sector.