What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.”
This was expanded in the DOJ’s 2020 Guidance, in the section entitled “D. Confidential Reporting Structure and Investigation Process,” with the following language, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Prosecutors should assess whether the company’s complaint-handling process includes proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for submitting complaints, and processes to protect whistleblowers.”
Three Key Takeaways:
- Internal reporting systems indicate a working, operationalized compliance program.
- There must be a solid communication line between the people doing the investigation and those leading the remediation.
- Your internal reporting mechanism must be trusted.