Categories
Greetings and Felicitations

Compliance Lessons from Venice – Episode 3, How the Lion’s Mouth Informs Hotlines

Welcome to a short podcast series on doing compliance with a Venetian twist. This week, we will examine three areas where Venice’s time-honored methods inform modern compliance practices. Over the next 3 episodes, we will consider going back to basics in your compliance regime, the use of incentives and consequences to drive a culture of compliance, and how the Lion’s Mouth informs your modern-day whistleblower program. In this concluding Episode 3, we look at how the historical governance of Venice informs modern compliance programs by looking at Venice’s prototype whistleblower program, the Lion’s Mouth.

In this episode, Tom highlights Venice’s early whistleblower systems, symbolized by the lion of St. Mark, and their implications for creating effective and trustworthy hotline programs. This series also offers best practices for setting up and maintaining robust hotline systems to ensure confidentiality, avoid retaliation, and comply with legal standards. You will draw valuable lessons from Venice’s rich history to enhance your organization’s compliance framework.

Key highlights:

  • Historical Context of Venice’s Whistleblower System
  • Best Practices for Hotline Reporting Systems
  • Additional Tips for Effective Hotline Implementation

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Blog

Compliance Lessons from Venice – Part 3: Straight from the Lion’s Mouth and Whistleblower Programs

In the final part of the Compliance Lessons from Venice series, we focus on one of Venice’s earliest tools for addressing misconduct: a reporting system predating modern whistleblower programs. Known as the Lion’s Mouth, this system encouraged citizens to report wrongdoing by placing written complaints in the mouths of lion-head statues stationed around the city. The symbolism is potent: Venice’s emblematic lion acted as a protector, allowing citizens to expose corruption and misconduct while contributing to the Republic’s stability. Check out the companion podcast series on the Compliance Podcast Network.

Today, a robust whistleblower program is one of the most essential components of a best-practices compliance program. The DOJ and SEC have clarified that effective compliance programs must include reliable, confidential, and trusted internal reporting mechanisms. Venice’s Lion’s Mouth reminds the modern-day compliance professional that encouraging transparency and protecting those who speak up has been crucial for centuries. In this blog post, we will explore some best practices for modern whistleblower hotlines and reporting mechanisms, along with insights from Venice’s historical approach.

Venice’s Lion’s Mouth: An Early Whistleblower System

The Lion’s Mouth of Venice functioned as an anonymous drop box where citizens could submit grievances and report misconduct. Initially designed to offer anonymity, this system later required that the complainant’s name be included, balancing confidentiality with accountability. Citizens could report fraud, bribery, and other forms of misconduct, trusting that their submissions would be considered seriously.

The modern equivalent of this system is the whistleblower hotline, an invaluable tool for compliance departments to detect and address issues early. Companies can foster a culture of openness and accountability by enabling employees and stakeholders to report suspicious or unethical behavior without fear of retaliation. This practice is essential for organizations subject to laws like the Foreign Corrupt Practices Act (FCPA), where transparency can mean the difference between compliance and liability.

Key Elements of an Effective Whistleblower Hotline

Building an effective whistleblower system means going beyond merely setting up a hotline. It is about creating a trusted channel that employees feel safe using, knowing their concerns will be handled with discretion and integrity. Here are seven best practices to establish or enhance your whistleblower program, inspired by the Lion’s Mouth and aligned with the DOJ’s most recent guidance from the 2020 FCPA Resource Guide, 2nd edition, and the recently released 2024 Evaluation of Corporate Compliance Programs(2024 ECCP). The 2024 ECCP states, “Another hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct.”

  • External Management of the Hotline

Many organizations find that outsourcing their hotline to a third party adds a layer of impartiality and anonymity. Employees are often more comfortable reporting through an externally managed system than an internal one. An external provider typically brings specialized expertise in handling confidential reports, ensuring compliance with local laws and regulations. This neutrality encourages employees to come forward with concerns, knowing the system is transparent and managed independently.

  • Detailed Information Collection

A hotline should support collecting detailed information from the first report to the resolution stage. By maintaining a consolidated record of each complaint, compliance teams can analyze data trends across departments, locations, and types of issues reported. This visibility helps the organization proactively identify and address potential risk areas, ensuring the compliance team has a complete, chronological view of each complaint to support thorough investigations and better decision-making.

  • Compliance with Data Retention Policies

With data privacy regulations such as GDPR, it is essential to ensure that all whistleblower reports adhere to the company’s data retention and privacy policies. Hotlines should offer secure, report-only access to data, ensuring that information is stored correctly and compliant with regulatory requirements. This reduces the risk of sensitive data breaches and ensures compliance teams can retrieve reports for future audits or legal inquiries.

  • Inspiring Employee Confidence in the Hotline

A hotline will be ineffective if employees lack confidence in it. Retaliation, or the perception of it, can quickly destroy trust in a whistleblower program. Employees should feel assured that they can report concerns without fear of retaliation and that their complaints will be handled fairly and objectively. The hotline should offer privacy, allowing employees to file reports from locations outside of their immediate workplace or chain of command. These features create an environment where employees feel safe and protected when reporting misconduct.

  • Support from Subject Matter Experts

A hotline is only as effective as the follow-up on each report. Once a complaint is entered, it’s crucial to ensure that subject matter experts or designated compliance officers address it promptly. Ignoring or delaying response times can damage trust in the hotline. Additionally, under the Dodd-Frank whistleblower provisions, there’s a short timeframe for internal resolution before an employee can seek benefits under the program, making prompt attention to complaints a legal and ethical priority.

  • Litigation Support and Document Retention Tools

A well-configured hotline should offer tools to meet the legal requirements for document retention and protect whistleblower submissions as attorney work product or under attorney-client privilege, if applicable. Implementing these legal protections within the hotline system mitigates potential legal risks and strengthens the organization’s ability to defend its actions should litigation arise. Outsourcing these functionalities to a third-party provider can save costs and ensure compliance with all necessary legal protections.

  • Direct and Transparent Communication with Whistleblowers

Employees need to feel their voices are heard at the highest levels of the company. A hotline that allows for direct, private, and anonymous communication with compliance officers gives employees confidence that their concerns are receiving appropriate attention. This visibility signals that the organization values transparency and accountability, even when uncomfortable. Providing employees with status updates on their reports can also reinforce trust in the system.

Additional Tips for Maintaining an Effective Whistleblower Program

Building a whistleblower program that employees trust requires ongoing effort. Here are a few additional considerations for making the program effective and trusted across your organization:

  • Publicize the Hotline. Ensure all employees know the hotline’s existence, how to use it, and the protections in place. This can be achieved through regular training, informational posters, and reminders from senior management.
  • Encourage Reporting Without Fear of Retaliation. It’s crucial to communicate a zero-tolerance retaliation policy and enforce it when necessary. When employees see that the company protects and respects whistleblowers, they’re more likely to trust the system.
  • Analyze and Act on Data Trends. The absence of certain reports may indicate areas where employees feel unsafe or unwilling to report. Use hotline data to understand the company’s culture and identify areas where additional support or training may be needed.

Lessons from Venice’s Lion’s Mouth for Today’s Compliance Programs

The Lion’s Mouth system exemplifies the importance of giving citizens, whether in Venice or within a modern corporation, a way to report misconduct. Venice’s willingness to create a system where concerns could be voiced without fear of reprisal, while imperfect, reflects an early understanding of the importance of accountability and transparency. Today, we see this principle in the FCPA’s guidance and the DOJ’s endorsement of anonymous reporting mechanisms as part of effective compliance programs.

In designing an effective whistleblower program, compliance professionals should remember that it’s not just about setting up a hotline but building trust. An effective system enables employees to raise concerns in a protected, confidential, and responsive environment, contributing to a culture where transparency and integrity are valued and protected.

Honoring Venice’s Legacy in Modern Whistleblower Programs

As we close out our series on compliance lessons from Venice, it is fascinating to reflect on how this unique city-state has influenced governance, law, and compliance even today. The Lion’s Mouth may have been a primitive mechanism by today’s standards, but its spirit lives on in the whistleblower hotlines that empower employees to report wrongdoing and hold their organizations accountable.

By providing a trusted platform for employees to raise concerns, compliance professionals can create a culture where doing the right thing is supported and valued. The message is clear: just as Venice’s Lion symbolized protection and justice, a well-constructed whistleblower system should stand as a testament to an organization’s commitment to ethics, transparency, and accountability.

Thank you for joining me in this special series on compliance lessons from Venice. These insights remind us that the best compliance practices are sometimes rooted in history and that we can learn from past innovations to create a safer, more ethical future.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Assess and Act on Internal Reports Thoroughly

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

The DOJ wants to know that companies take reports seriously. This means evaluating the seriousness of allegations promptly and thoroughly.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Fostering a Culture of Speak Up

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we explore how the DOJ has placed significant emphasis on encouraging a culture where employees feel comfortable reporting misconduct.

Categories
Innovation in Compliance

Innovation in Compliance: Evie Wentink on Rethinking Compliance

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast.

In this episode, Tom welcomes back Evie Wentink to discuss the importance of rethinking ethics and compliance practices.

Evie shares insights from her recent LinkedIn articles on best practices for ethics hotlines and the importance of finding creative ways to engage employees in compliance topics. She reads a whimsical Dr. Seuss-inspired piece on reaching ethics hotlines and emphasizes the need for compliance messaging to be approachable and engaging. Additionally, Evie discusses the challenges compliance professionals face with limited budgets and offers practical solutions such as leveraging LinkedIn for networking and creating low-cost, effective compliance awareness tools.

The conversation also touches on the significance of changing the narrative around ethics and compliance for younger generations. Evie shares her experiences discussing compliance with her children and highlights the need for better education in schools to prepare future employees. She concludes by mentioning her new website, Ethical Edge Experts, and various platforms she’s using to spread compliance awareness. Tom and Evie agree on the necessity of continuous dialogue and innovation in the compliance field.

Key Highlights:

  • Rethinking Compliance Practices
  • Creative Messaging for Ethics Hotlines
  • Leveraging Low-Cost Resources
  • Engaging Managers in Compliance

Resources:
Evie Wentink on LinkedIn

Evie’s Top 10 Compliance Back to Basics

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 4 – A Tale of Metrics and Misalignment: Lessons for Compliance Professionals

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 4, we consider a misconnection of metrics. This issue is not merely a question of productivity but a fundamental concern about corporate culture, ethics, and long-term sustainability.

In corporate governance and compliance, aligning business metrics and ethical obligations often defines a company’s culture’s success or failure. The recent Wall Street Journal (WSJ) article about BoA and its investment banking metrics sheds light on a crucial disconnect that compliance professionals must address: the disparity between business performance indicators and employee well-being.

At the heart of the issue is the nature of the metrics used to evaluate success in different industries. In investment banking, the primary focus is often on closing deals. The logic is straightforward: deals drive revenue, and revenue drives the bottom line. This singular focus on deal-making creates an environment where the end justifies the means, potentially overlooking the toll it takes on employees.

Conversely, in law firms, the metric of success is often billable hours. Lawyers are compensated and promoted based on the number of hours they bill, which can lead to a different, yet equally problematic, set of behaviors. Over-inflating hours or working excessive hours becomes the norm because that is the path to career advancement.

Both systems create perverse incentives: investment bankers might underreport hours to avoid raising HR flags, while lawyers might overreport hours to enhance their career prospects. These behaviors highlight a crucial point for compliance professionals: the metrics set at the top of an organization inevitably shape the behavior throughout the company.

One of the first steps in addressing these issues is understanding the available data and how it is used. Compliance professionals must ask themselves, “What data do we have, and how can it be used to monitor and manage risks effectively?” By focusing solely on deal closure, companies are potentially neglecting data related to employee well-being, such as hours worked or stress levels.

In contrast, law firms have systems that track the minutiae of an employee’s workday, from time spent on tasks to keystrokes made during document review. This data is invaluable for billing clients and identifying patterns that may indicate overwork or burnout. Compliance professionals in investment banking could learn from this approach, using technology to track hours worked or monitor workload distribution, ensuring that employees are kept within reasonable limits.

The core issue is more alignment between business metrics and corporate culture risks. Compliance professionals must ensure senior management acknowledges overwork as a significant risk and takes proactive steps to monitor and mitigate it. This involves tracking the traditional success metrics and implementing metrics that reflect the company’s values and culture.

For example, if overwork is recognized as a risk, metrics such as average hours worked, employee turnover rates, and employee satisfaction surveys should be regularly monitored and reported. This dual approach allows a company to pursue business success while ensuring its corporate culture remains healthy and sustainable.

The responsibility of aligning these metrics rests not solely with middle management, compliance officers, or senior management; it extends to the board of directors. The board’s oversight role is crucial in ensuring that the company’s culture is preserved in pursuing financial success. For boards everywhere, the recent scrutiny BoA received in the WSJ article serves as a lesson.

Board members must go beyond the surface level of management reports and delve into the realities of the workplace culture. This requires more than attending board meetings in luxurious settings and listening to pre-prepared presentations. It involves engaging directly with employees at all levels, understanding their challenges, and prioritizing their well-being.

A practical approach could involve the board requiring regular reports on employee well-being metrics, mandating internal audits focused on workplace culture, or even conducting anonymous employee surveys to get an unfiltered view of the corporate environment.

An effective compliance program also hinges on creating a culture where employees feel safe to voice their concerns. A speak-up culture is essential in identifying issues before they escalate into major risks. Management and the board should encourage employees to report inconsistencies between policy and practice and take these reports seriously.

For instance, if employees consistently report working beyond reasonable hours, this should trigger an investigation and subsequent action from the board. Such feedback mechanisms help identify risks and reinforce the company’s commitment to ethical practices.

Lastly, when issues do arise—such as the tragic death of a young employee in the Bank of America case—the board should conduct a root cause analysis. This analysis should not be limited to the immediate cause but should explore deeper systemic issues that may have contributed to the incident.

A comprehensive root cause analysis might reveal that the focus on deal closure at the expense of employee well-being is not an isolated issue but indicative of a broader cultural problem. The board could use this analysis to implement changes across the organization, ensuring that similar incidents do not occur in the future.

The lessons are clear: the metrics that companies use to measure success are powerful drivers of behavior. The challenge for compliance professionals is ensuring that these metrics align with business goals, ethical standards, and employee well-being. This requires a proactive approach, leveraging data to monitor business performance and corporate culture. It also requires a board that is engaged, informed, and committed to understanding the realities of the workplace.

In the end, compliance is not just about preventing legal and compliance risks but about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
FCPA Compliance Report

FCPA Compliance Report: Exploring DOJ’s New Whistleblower Incentive Program with Mary Inman

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes back Mary Inman, Partner at Whistleblower Partners LLC, to discuss the new DOJ Whistleblower Incentive Program.

Tom and Mary discuss the DOJ’s New Whistleblower Incentive Program’s aim to fill gaps in existing reward programs and its focus areas, including financial institution violations, foreign and domestic corruption, and healthcare offenses. Mary highlights some criticisms of the program, such as lack of a reward floor and the cap on rewards, and the potential challenges and impacts on corporate compliance. They also talk about the interplay between whistleblowers, DOJ, and corporate investigations, and the potential for adaptation of the program based on stakeholder feedback.

Highlights in this Episode:

  • DOJ Whistleblower Incentive Program Overview
  • Four Focus Areas of the New Program
  • Challenges and Criticisms of the Program
  • Concerns About Reward Mechanisms
  • Race to DOJ: Whistleblowers vs. Corporations
  • Implications for Corporate Compliance

Resources:

Mary Inman on LinkedIn

Whistleblower Partners

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report: Evie Wentink on Making Compliance Training Practical

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report,  Tom Fox has a fascinating visit with Iveta (Evie) Wentink, a 15-year compliance veteran. Evie has worked in the public and private sectors and has expertise in compliance training, hotlines, government contract compliance, data privacy, reporting, & due diligence.

Evie has one of the most unique opening lines for hotline training, which is ‘Do You Know Your Hotline Number?” This simple yet incredibly important question encapsulates Evie’s approach to compliance training: make it simple, direct, and practical for the listeners. (Or, as Carsten Tams would say, ‘It’s all about the UX’).

Our conversation focuses on the critical role of hotline numbers in corporate compliance programs, emphasizing the need for employees to know and trust the hotline. Evie shares insights from her career, highlights the significance of marketing compliance hotlines effectively, and discusses the broader culture of compliance and non-retaliation in organizations. She shares practical tips for improving hotline awareness and usage, making this episode a valuable resource for compliance professionals and organizations alike.

Highlights in this Episode:

  • Enhancing Trust through Active Compliance Reporting
  • Promoting Reporting Culture Through Creative Marketing
  • Ethical Culture: Encouraging Compliance Reporting Safely
  • Enhancing Compliance Programs Through Anonymous Hotlines

Resources:

Evie Wentink on LinkedIn

Evie’s Top 10 Compliance Back to Basics

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 2

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I conclude a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 1

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I will be having a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.