Tag: hotlines

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 2

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I conclude a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 1

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I will be having a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Nick Gallo on The Ethics and Compliance Optimization System

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Nick Gallo, co-CEO at Ethico, to discuss its Ethics and Compliance Optimization System.

Nick Gallo, co-CEO of Ethico, is a seasoned professional with a robust background in ethics and compliance, and a key player in the development and promotion of Ethico’s ethics and compliance optimization system. Gallo’s perspective on the topic of ethics and compliance optimization systems is shaped by his belief in a comprehensive, integrated approach to managing compliance efforts. He sees this system as a next-generation tool that interacts with other data pools, generating more analytics and insights. His experience has led him to advocate for a centralized repository for various types of business information, which can be accessed by compliance teams for better visibility across all data silos within an organization. Gallo also stresses the importance of automation and integration to eliminate manual and repetitive tasks, allowing compliance professionals to focus on more strategic and value-added activities.

 

Key Highlight:

  • Creating a centralized system for streamlining ethics and compliance
  • Why compliance needs a centralized data system for compliance professionals
  • The prevalence of retaliation in organizations
  • Leveraging data for proactive risk mitigation

Resources:

Nick Gallo on LinkedIn

Ethico

Ethics and Compliance Optimization System

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
FCPA Compliance Report

Compliance Lessons from Venice – Into The Lion’s Mouth

In Part 3 of this special 3-episode series, we explore how Venice created the first modern hotline and whistleblower reporting system. Whistleblower and hotline reporting systems in compliance programs are crucial tools for organizations, providing a confidential platform for employees to report misconduct. Fox emphasizes the value of using an external hotline system, which offers an additional layer of anonymity and impartiality and can bring specialized expertise that may be difficult to match within an organization.

He also highlights the role of hotlines in collecting detailed information, which can provide greater insight into situations and help protect companies from accusations of negligence or wrongdoing. Fox underscores the need for hotlines to inspire employee confidence, offer on-demand support from subject matter experts, and provide in-built litigation support and avoidance tools. Join Tom Fox in this episode of the Compliance Lessons from Venice podcast to delve deeper into the significance of hotline reporting systems in compliance programs.

Categories
Blog

How the Venetian Republic Invented the Modern Hotline-Into the Lion’s Mouth

It turns out that Venice invented the modern hotline reporting system with their Lion’s Mouth reporting protocol. The symbol of Venice is the Lion St. Mark. The use of this symbol has led to the maxim straight from the lion’s mouth. This adage came because the Republic of Venice had its own hotline reporting system where citizens could report misconduct. A citizen could write down his concern on paper and literally put this message into the mouths of statues of lions’ heads placed around the city. The system was originally set up to be anonymous, but later changed to require that a citizen had to write down his name when submitting a message. I thought about this early form of anonymous reporting and then Hotline reporting and how it portended the hotline system used today to help companies identify compliance issues which might arise under the FCPA or other compliance laws.

Hotline reporting systems play a crucial role in modern compliance programs. They provide employees with a confidential and secure channel to report suspected misconduct or violations of company policies. In a recent episode of the podcast “Compliance Lessons from Venice,” hosted by Tom Fox, the importance and benefits of hotline reporting systems were discussed in detail.

One of the key factors emphasized in the podcast is the need for hotline systems to allow employees to report misconduct confidentially and without fear of retaliation. This is in line with the guidance provided in the FCPA Resource Guide, which states that an effective compliance program should include a mechanism for confidential reporting. By ensuring anonymity and protection, hotline reporting systems encourage employees to come forward with their concerns, leading to early detection and prevention of compliance issues.

One of the benefits of using external hotline systems, as highlighted by Tom Fox, is the increased employee trust. Employees tend to trust third-party providers more than internally maintained systems, as they perceive an extra layer of anonymity and impartiality. External providers also bring specialist expertise that may be difficult to match within an organization.

Another benefit of hotline reporting systems is the collection of detailed information. Information is power, and by gathering and recording information throughout the complaint’s lifecycle, companies gain greater insight into the situation. This allows for more effective protection against accusations of negligence or wrongdoing. Hotline systems should provide consolidated, real-time access to data across departments and locations, along with analytic capabilities to uncover trends and hotspots.

Data retention is another important factor to consider. Hotline systems should meet the company’s data retention policies, especially considering privacy regulations like GDPR. Having a secure and accessible report retention database ensures compliance with data protection requirements and avoids the need for complicated and costly arrangements for storing older reports.

To be effective, hotline reporting systems must inspire employee confidence. Retaliation or perceived unfairness can destroy the effectiveness of internal reporting and poison the company’s culture. Employees should feel that the hotline offers the highest levels of protection and anonymity. It should allow them to bring their concerns directly to someone outside the immediate chain of command or workplace environment, especially when the complaint involves a supervisor or superior. Providing the option to submit reports from offsite locations also enhances participation rates.

Hotline systems should offer on-demand support from subject matter experts. Opening lines of communication can bring new issues to the compliance group’s attention. It is crucial to follow up on reports in a timely manner and avoid sitting on complaints, as this can lead to employee frustration and potential legal risks.

Inbuilt litigation support and avoidance tools are also important features of hotline reporting systems. Compliance with legal requirements for document retention, attorney work product protections, and attorney-client privilege should be pre-configured in the system. Developing these tools in-house can be costly and expose the organization to unnecessary risks.

Direct communication with the persons filing a complaint is another aspect that enhances the effectiveness of hotline reporting systems. It signals to employees that their complaints are being heard at the highest level and reinforces their confidence in the process.

In addition to these key factors, the podcast episode also highlighted the importance of publicizing the hotline, training employees on how to use it, and ensuring no retaliation for its use. Regularly reviewing the data provided by the hotline and identifying any gaps is also crucial for making informed decisions and improving the compliance program.

Hotline reporting systems are essential components of modern compliance programs. They provide employees with a confidential and secure channel to report misconduct, leading to early detection and prevention of compliance issues. By ensuring anonymity, protection, and access to expert support, hotline reporting systems foster employee trust and contribute to a strong compliance culture within organizations. It turns out we do not have Sarbanes-Oxley to thank for the modern hotline system but the Republic of Vencie.

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Internal Reporting System Best Practices

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The 2019 Guidance further refined this basic requirement for a hotline with inquiries into the effectiveness of your corporate hotline, asking, “Effectiveness of the Reporting Mechanism – Does the company have an anonymous reporting mechanism, and, if not, why not?  How is the reporting mechanism publicized to the company’s employees?  Has it been used?  How has the company assessed the seriousness of the allegations it received?  Has the compliance function had full access to reporting and investigative information?” In this podcast, we detail some of the key best practices.

Three key takeaways:

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Specific Benefits of a Hotline: A Case Study

Is your hotline working for you? In an article, entitled, Promoting Effective Use of the Company Compliance Hotline, José Tabuena provided an excellent example of the power of a hotline. He provided a case study of a company that had not integrated its IT function into its regular compliance and ethics training programs. As such there were zero calls into the hotline by IT employees. This dynamic was changed and IT was integrated into the company’s regular compliance and ethics training. Thereafter, the hotline received several calls from IT employees indicating that there were two major areas of complaints.

The favoritism problem. HR led an investigation that included questioning all IT managers about their direct reports and employees of their unit. The company determined that there was only one instance of a manager hiring a family member (a brother-in-law), but that person did not report to the manager and was in a different section of the IT organization. This finding made clear that there were misperceptions in the IT department, which affected the department’s morale.

Manipulation of data for bonuses. The company used the hotline to obtain more information from the callers on “isolating the metrics and the managers in question.” It was determined that the bonuses of a select few IT managers were indeed influenced by a questionable data source, which was controlled by a non-manager with minimal oversight and controls.

Basic tenets of an effective hotline. This case study provided three key tenets of an effective internal reporting system:

• First, a helpline is of no value if the workforce is not aware of it.

• Second, the ethics and compliance office obtained support from the Chief Information Officer (CIO) which likely influenced the success of the training and communications delivered by the ethics and compliance staff.

• Third, the awareness of the helpline is not sufficient to ensure success as you must make sure that issues and allegations are addressed and investigated.

This case study demonstrates the power of a hotline. The company’s Compliance Department “established the credibility of the helpline as a resource to raise issues and report misconduct.

 Three key takeaways:

1. Hotlines can be powerful tools for the compliance professional.

2. Simply because you have no hotline complaints does not mean you do not have any compliance or ethics issues that need review and resolution.

3. Adequate follow-up is a key part of overall hotline effectiveness.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Advantages of an Internal Reporting System

While it is clear that the government expects companies to have an internal reporting system, there are benefits far beyond putting you in the government’s good graces. Companies with a more robust internal reporting system generated more reports. Dr. Welch found a group of companies he termed “power users”, which were high-level users of whistleblower reporting systems who had more activity than the average entity. These “power user” companies have several interesting characteristics. First, they are typically firms with higher quality earnings reporting. They are more profitable entities. Finally, these “power user” companies were firms with higher quality governance, as rated by the Entrenchment Index, which is used to measure how entrenched management is in a company.

Conversely, companies which were observed to be a more limited user of whistleblower reporting systems are companies that were seen to have poor governance. They are more prone to financial accounting issues, such as discretionary accruals, which could prove problematic. These tend to be smaller and less mature firms. Their overall compliance programs were generally not seen as robust or as effective as those in larger, more mature organizations. Finally, these firms, probably because they were smaller and less mature, are more prone to extreme growth and the problems associated with trying to scale up quickly.
All of this points to one unmistakable conclusion, a robust whistleblower reporting system facilitates a company’s resolution of problems before they become major problems or legal violations bringing the Securities and Exchange Commission (SEC) or DOJ calling.

Three Key Takeaways

  1. Companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets.
  2. There were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur.
  3. There were fewer external whistleblower reports to regulatory agencies and other authorities.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Introduction

The call, email, or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond. This chapter will provide you with the steps you will need to consider going forward.
This chapter will detail the two parts; internal reporting and investigations. It would seem axiomatic that organizations understand the benefits of having an internal reporting system, whether it is called a hotline, helpline, or something else. Just as plainly, a company should understand the need for effective investigations after a report comes in which might lead to a potential violation.

Three key takeaways:

  1. A robust internal reporting system will be one of the key indicia the DOJ considers.
  2. Hotline reporting can bring a visibility to problems.
  3. Hotline reports must be treated fairly and justly.
Categories
31 Days to More Effective Compliance Programs

Day 22 – Internal Reporting and Triaging Claims

The call, email, or tip comes into your office; an employee reports suspicious activity across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process, which will determine, in many instances, how the company will respond going forward. This is more than simply maintaining hotlines. Companies have to make real efforts to listen to employees. You need to have managers trained on handling employee concerns; they must be incentivized to take on this compliance responsibility, and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns. The Monaco Memo’s emphasis on internally detecting such actions and self-reporting makes this more important.

The reason is that a business’s employees are the company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the U.S. Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also heed the implementation of a hotline.

Given the number of ways that information about violations or potential violations can be communicated to government regulators, a robust triage system is an important way for a company to determine what resources to bring to bear on a compliance problem.

Jonathan Marks has articulated a five-stage triage process that allows for an early assessment of any allegations and a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including forensic and human, to complete the investigation.

 Three key takeaways:

1. The DOJ and SEC put special emphasis on internal reporting lines.

2. Test your hotline regularly to make sure it is working.

3. Every claim should be triaged before starting an investigation.