We have an update this week on the ethics and compliance transformation happening at Commonwealth Edison, the Chicago-based utility that suffered a huge corruption scandal in 2020 and pledged to release a series of progress reports on its journey back into good corporate graces.
ComEd released its 2023 report on Wednesday, and it’s a fascinating glimpse into how a huge company with complex compliance obligations tries to address them all. The report describes how ComEd’s program is structured, what management does to emphasize the importance of compliance, and how the company handles infractions that might arise. It also describes what ComEd is doing to recover from its massive compliance failure, a subject any compliance officer could benefit from studying.
First, the history. ComEd had been accused of offering lucrative lobbying contracts and no-show jobs to associates of former Illinois House Speaker Michael Madigan. In exchange for those bribes, federal prosecutors said, Madigan shepherded legislation beneficial to ComEd into law. Madigan was subsequently forced to resign, hit with bribery charges in 2022, and now awaits trial. Four former ComEd executives, including the former CEO, were convicted of corruption charges just this week.
In addition to the $200 million penalty, ComEd agreed to a three-year deferred-prosecution deal and a raft of compliance program improvements the company would have to make. It also agreed to file annual progress reports with the Illinois Commerce Commission. This week’s report is the second one filed.
Last year’s report provided an overview of how ComEd and its parent company, Exelon Corp., structure the ethics, compliance, and audit functions. It also discussed how ComEd revamped its approach to compliance risk assessments, and improved its tone at the top and disciplinary efforts.
So what’s new in this year’s report? Several things.
Attention to the Supply Chain
Supply chain compliance comes up numerous times in the report. For example, the company created a supplier code of conduct that applies to both Exelon and ComEd. Prior to that, suppliers were subject to Exelon’s general code of conduct, which wasn’t specifically tailored to suppliers and their unique issues. Suppliers now receive the new code of conduct at the time of onboarding and then every two years after that. (And yes, the language in Exelon’s contracts was modified to incorporate the supplier code rather than the general code.)
Exelon also established a dedicated supply chain compliance team within its supply chain function. This team’s responsibilities include compliance with reliability standards dictated by North America power regulators, supply chain cybersecurity risk assessments, and suppliers’ compliance with policies regarding interactions with public officials (a huge bribery risk for power companies). And the company performed a review of its policies and procedures for trade sanctions compliance.
A few thoughts come to mind here. First, kudos to Exelon for trying to establish a comprehensive supply chain risk management program: one that encompasses everything from reliability, to cybersecurity, to ethical conduct, to trade sanctions. That’s not easy, but supplier risks are now so abundant and diverse that companies really do need a single, unified approach to tracking them all.
My questions are how a company (1) consolidates all those various risks into a single overall risk score for each supplier; and then (2) brings that analysis into the procurement function, to assure that when you cull high-risk suppliers from your supply chain you don’t derail critical operations along the way.
I mean, I’m sure Exelon has thought about and tried to answer those questions; the progress report just doesn’t go into that level of detail. But other companies seeking to try something similar with supply chain risks will need to answer those questions too.
Embedding Compliance Into HR Processes
Another new theme in this year’s report is how Exelon and ComEd integrated ethics and compliance concerns into standard HR processes and performance management overall.
For example, Exelon’s compliance function worked with HR to add five compliance-related questions to the company’s annual employee engagement survey. (The company already asked three compliance-related questions, so starting in 2022 the total rose to eight.) After the survey was conducted, the compliance team shared the results with business leaders and HR teams. The information shared included trends from the data, as well as information about supervisory groups that scored relatively low ethics topics and might need a follow-up visit from compliance and HR.
Along those lines, Exelon also modified its performance standards “to more explicitly link annual performance appraisals, which are a factor in employee compensation, to compliance and ethics considerations.” I’d love to see a practical example of that linkage, but alas, the report doesn’t include one. Still, applause to Exelon for tying performance reviews and compensation to compliance considerations.
My next question: have those new standards been put into practice yet? That is, when the employee engagement survey identified problematic supervisory groups, did those supervisors then see their compensation trimmed? (If anyone out there wants to pass along any answers confidentially, email me at [email protected].)
Next up, Exelon says, is adjusting its exit interview process to capture concerns about compliance and ethics issues that employees might raise only as they’re heading out the door; and defining a clear process for escalating to such exit-interview intel to the compliance team.
So overall, ComEd and Exelon are hitting all the right notes as they sing their song of compliance redemption. There’s also much more in the report about financial controls, investigation processes, and compliance training that management undertakes to strengthen the control environment. If you have the time, dig into the full report; it’s worth the effort.
And ComEd — we’ll see you next year.