Ethics and compliance

Ethics & compliance

Our code of conduct, The Way We Work, lays out clear expectations on how we should conduct our business, and ourselves, no matter where we work or where we are from. We want everyone to have the courage to speak up when something is not right, to show integrity and take decisive action when needed. This is not always easy, but being courageous means doing it anyway.

The Way We Work makes it clear that we do not offer, pay or accept bribes , no matter where we operate, no matter what the situation, and no matter who is involved. This position is further supported by our business integrity standard and procedure, which require employees, core contractors and associated persons acting for, or on behalf, of the company to not commit, authorise or be involved in bribery, corruption, fraud or other economic crimes. 

We also provide clear rules regarding third-party benefits, managing conflicts of interest, facilitation payments; sponsorships, donations and community support, mergers, acquisitions and joint ventures, and engaging third parties.

Our business integrity compliance programme, which is managed independent of our business’s operations, is designed to manage our compliance risks and regulatory requirements in the jurisdictions where we conduct our business.

We continuously evolve our monitoring and prevention programme so that it mirrors the risk profile of key assets and business activities and enables targeted intervention and awareness to prevent issues from occurring.

2020 performance

  • Year in Review
  • Year in Numbers

Business Integrity

In 2020, we established a new risk and monitoring forum to monitor the management of Group-level business integrity risks and ensure our key internal compliance controls are effective.

We also engaged external experts and finalised maturity assessments of our data privacy and business integrity compliance programmes. We rated well overall, but there are always opportunities to improve; we are implementing actions as needed.

In 2020, we expanded our business integrity standard and procedure to strengthen controls in areas such as terrorist financing and anti-money laundering, as well as reducing declaration thresholds for giving and receiving benefits and making sponsorships and donations. We also enhanced controls to manage third-party business integrity risks by improving our due diligence and monitoring  processes, adding more controls for high-risk, third-party engagements and payments and providing training for third parties, where needed.

Employees are required to complete annual online compliance training, tailored to suit the risks employees are most likely to encounter in their roles. This year, we also provided additional risk-based training to 4,410 people in 23 countries, and launched enhanced business integrity training online covering integrity-driven decision making, anti-bribery and corruption, anti-money laundering and fraud for higher risk roles.

In 2020 we also developed our ethics ambassadors programme to extend the share and reach of  integrity insights and champion an integrity-driven culture across the business. We also recognised and celebrated nominated employees and groups with “Integrity Honours” for their innovative collaboration in championing the value of integrity.  

Finally, in response to COVID-19, we conducted a Group-level risk assessment and implemented monitoring and due diligence activities, such as supporting compliance reviews of community preparedness and recovery donation  proposals.

Whistleblower Programme

A key change this year was to establish the Business Conduct Office, a dedicated team responsible for the management of the whistleblower programme.

In 2020, we reviewed 748 incidents reported through whistleblower programme channels, 42% of which were substantiated. There were 113 (15%) business integrity cases reported, of which 34 cases (30%) were substantiated. 

Types of cases reported:

  • 55% personnel
  • 15% (133 cases) business integrity
  • 13% information security
  • 9% safety, health and environment
  • 3% communities
  • 1% finance
  • 4% other 

Compliance by design

A major component of our strategy and focus is embedding “compliance by design”, whereby ethics and integrity measures and critical controls are built into existing business processes. As an example, our privacy impact assessments (PIAs) are a key preventative process, working alongside our existing security risk assessments to support transparent, fair and compliant personal data processing across our company.

PIAs are used on all new personal data processing technology, or when new personal data processing or changes to existing processing are likely to result in a risk to the rights of data subjects.

Fostering a culture of integrity

We know that our integrity – and our reputation for strong governance – hangs on the actions and decisions we make each day across our business. We are committed to a culture of transparency and encourage our employees, contractors and other partners, including community members, to speak up about their issues and concerns, either through management, our Human Resources or Ethics & Compliance, through our whistleblower programme or community complaints and grievance mechanisms.

We empower and equip our people to seek guidance when faced with a business integrity dilemma – both to prevent incidents from occurring, and to protect them and others from harm. This includes providing training to help build employees' awareness of possible issues, like bribery and corruption, and to help promote consistent instincts – and decisions – across the business.

myVoice, whistleblower programme

myVoice is our confidential whistleblower programme

It is available to anyone who has concerns or information relating to misconduct or improper circumstances or behaviours connected to Rio Tinto. 

These can include concerns about the business, or behaviours of individuals, including suspicion of violations of our standards, policies and standards, human rights, safety, environmental, financial reporting, fraud or business integrity issues in general. 

myVoice lets you choose to submit a report confidentially or anonymously. It is important to know that the content discussed and the right to anonymity may be subject to local laws.

If you have a concern, let us know.