Compliance at Nokia is about helping to educate and empower business leaders to make sound decisions. Nokia Corporation (“Nokia”), founded in 1865, is a global technology leader and creates technologies that are at the heart of our connected world. It’s Ethics & Compliance program is committed to embedding business integrity at all levels of operations.
Taking a linear approach to discussing operationalization of this ethos for India, let us address the issue by discussing three of the top risks identified for 2019 (in no particular order) viz. (a) culture and awareness; (b) engaging third parties as a go to market strategy; and (c) working with government.
A given paradigm while addressing the above risks effectively is that the India Compliance team must continue to be a trusted business enabler while meeting best practice standards.
At the heart of operationalising compliance is India’s Regional Compliance Council (“RCC”), which is the pivotal body responsible for developing policies, processes and risk mitigation programs. The RCC is headed by Market CEO, who is joined by membership of Heads of Finance, HR, Legal, Global Services and Internal Audit (special invitee as and when required). It meets quarterly and is convened by India Market Compliance Leader with participation of internal investigations team.
The RCC has led discussions on issues such as gifts, entertainment and hospitality with government companies and regulators. Detailed discussions around various laws, rules and guidelines issued by government from time to time has led to a detailed festival gifting guideline. It also meets to take disciplinary actions on serious confirmed investigations and undertakes trend analysis based on pointers such as anonymous reporting, cases per 100 employees, reporting per business, function, percentage of confirmed/not confirmed cases et al.
In India, as across Nokia, Risk Assessment is designed as a 360-degree review, inputting multiple data points from Compliance Control Framework Reviews, Investigations, Internal Audit Reports and other internal and external data parameters. Some of the vehicles used for determining top market risks:
- The Compliance Control Framework Program (“CCF Program”), which requires site/business vertical/functional reviews focussed on identifying anti-corruption risks, developing, implementing and monitoring responsive mitigation controls and producing localized risk mitigation plans. For instance, the CCF for 2019 sought responses from Procurement on aspects such as:
- How are local supplier selections made? What objective criteria is followed? Whether such criterial conforms with Nokia Supplier Base Management and other applicable Procurement processes?
- Whether anti-bribery/anti-corruption clauses have been incorporated into such contracts?
- What checks-and-balances have been placed to ensure each purchase requisition is processed according to Procurement Policies, with no exceptions?
- To what extent has e-tendering been adopted? How many transactions went through e-tendering? Which transactions are left and what steps have been taken to cover all tendering digitally?
- Onboarding Third Parties as distributors, resellers, value added resellers etc. as go to market strategy led to Compliance and business leaders working on a holistic and structured approach to managing our commercial third parties, particularly covering life cycle of high risk third parties such as those dealing with government.
Collaborative Business-Compliance interactions focussed on market dynamics, approaches taken by other companies, Nokia’s “go to market” strategy and compliance risks (such as offering higher discount rates, heightened regulatory and reputational risks around tax havens, convoluted ownerships et al) have now led to agreement on issues such as:
- Review of all commercial third parties with focus on regulatory and reputational issues through focussed due diligence.
- Early and continued engagement of legal and compliance teams when finalizing third parties and determining the most appropriate transaction structures for deals.
- Continued training of salesforce on traditional and emerging risks.
Integration with global programs is as much an aspect of our local program. One of the initiatives we adapted to local needs is the “Respect at Nokia” campaign. This campaign primarily arose as a result of the #MeToo movement focussing on interplay of gender diversity with core Nokia values of Respect and Challenge, but it was made more diverse by addressing how we deal with sexual harassment locally and seeking employee answers to questions such as:
- I understand the Company provides different ways to report ethical concerns.
- I am confident that if I raise a potential violation of Nokia’s Code of Conduct or ethical matter, I will not experience retaliation.
- Does your line manager periodically talk about the importance of ethics and compliance?
Feedback from “Respect” sessions led to onboarding more Ombuds in several sites, conducting top and middle level leadership coffee sessions and several other initiatives to improve culture not only in metro cities but in remote locations.
Our compliance program is structured to ensure ethical practice and understanding are essential for our employees in carrying out their responsibilities. We have used web-based and live in-person trainings on topics such as ethical business conduct, Prevention of Sexual Harassment, Dawn Raids, Gifts, Entertainment and Hospitality, Working with Governments etc to educate our employees and raise awareness.
India market spearheaded the “Compliance Connect” initiative in 2015 resulting in focussed emails being sent to all employees on compliance policies, processes, providing simple dos and don’ts, link to local and global policies, investigation trends and indicative corrective actions taken on proven non-compliances. Celebrating Integrity Day across India has been another success with employees doing role plays, creating compliance motifs, posters et al. Last year 800+ employees joined these celebrations.
The above is only a brief exposition of some initiatives which operationalise Nokia’s compliance program in India. The list of initiatives is exhaustive but let me conclude by saying that at Nokia compliance leaders do not stand on the side-line and simply approve or disapprove transactions or third parties. Instead, and consistent with our philosophy of leadership accountability, they’re expected to be solution-minded, expected to think strategically and help achieve outcomes that will satisfy business objectives while responsibly mitigating risks. Compliance at Nokia is about helping to educate and empower business leaders to make sound decisions and working collaboratively with them to help the company reach its long-term objectives and upholding a tradition of unyielding integrity.
About the Author
Sandeep Seth leads the Compliance function at Pfizer in India. He is part of the company’s Executive Leadership Team and provides strategic compliance direction to Pfizer India operations. He is responsible for overall compliance strategy, framework and implementation of Compliance programs & initiatives.