Tag: hotlines

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 4 – A Tale of Metrics and Misalignment: Lessons for Compliance Professionals

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 4, we consider a misconnection of metrics. This issue is not merely a question of productivity but a fundamental concern about corporate culture, ethics, and long-term sustainability.

In corporate governance and compliance, aligning business metrics and ethical obligations often defines a company’s culture’s success or failure. The recent Wall Street Journal (WSJ) article about BoA and its investment banking metrics sheds light on a crucial disconnect that compliance professionals must address: the disparity between business performance indicators and employee well-being.

At the heart of the issue is the nature of the metrics used to evaluate success in different industries. In investment banking, the primary focus is often on closing deals. The logic is straightforward: deals drive revenue, and revenue drives the bottom line. This singular focus on deal-making creates an environment where the end justifies the means, potentially overlooking the toll it takes on employees.

Conversely, in law firms, the metric of success is often billable hours. Lawyers are compensated and promoted based on the number of hours they bill, which can lead to a different, yet equally problematic, set of behaviors. Over-inflating hours or working excessive hours becomes the norm because that is the path to career advancement.

Both systems create perverse incentives: investment bankers might underreport hours to avoid raising HR flags, while lawyers might overreport hours to enhance their career prospects. These behaviors highlight a crucial point for compliance professionals: the metrics set at the top of an organization inevitably shape the behavior throughout the company.

One of the first steps in addressing these issues is understanding the available data and how it is used. Compliance professionals must ask themselves, “What data do we have, and how can it be used to monitor and manage risks effectively?” By focusing solely on deal closure, companies are potentially neglecting data related to employee well-being, such as hours worked or stress levels.

In contrast, law firms have systems that track the minutiae of an employee’s workday, from time spent on tasks to keystrokes made during document review. This data is invaluable for billing clients and identifying patterns that may indicate overwork or burnout. Compliance professionals in investment banking could learn from this approach, using technology to track hours worked or monitor workload distribution, ensuring that employees are kept within reasonable limits.

The core issue is more alignment between business metrics and corporate culture risks. Compliance professionals must ensure senior management acknowledges overwork as a significant risk and takes proactive steps to monitor and mitigate it. This involves tracking the traditional success metrics and implementing metrics that reflect the company’s values and culture.

For example, if overwork is recognized as a risk, metrics such as average hours worked, employee turnover rates, and employee satisfaction surveys should be regularly monitored and reported. This dual approach allows a company to pursue business success while ensuring its corporate culture remains healthy and sustainable.

The responsibility of aligning these metrics rests not solely with middle management, compliance officers, or senior management; it extends to the board of directors. The board’s oversight role is crucial in ensuring that the company’s culture is preserved in pursuing financial success. For boards everywhere, the recent scrutiny BoA received in the WSJ article serves as a lesson.

Board members must go beyond the surface level of management reports and delve into the realities of the workplace culture. This requires more than attending board meetings in luxurious settings and listening to pre-prepared presentations. It involves engaging directly with employees at all levels, understanding their challenges, and prioritizing their well-being.

A practical approach could involve the board requiring regular reports on employee well-being metrics, mandating internal audits focused on workplace culture, or even conducting anonymous employee surveys to get an unfiltered view of the corporate environment.

An effective compliance program also hinges on creating a culture where employees feel safe to voice their concerns. A speak-up culture is essential in identifying issues before they escalate into major risks. Management and the board should encourage employees to report inconsistencies between policy and practice and take these reports seriously.

For instance, if employees consistently report working beyond reasonable hours, this should trigger an investigation and subsequent action from the board. Such feedback mechanisms help identify risks and reinforce the company’s commitment to ethical practices.

Lastly, when issues do arise—such as the tragic death of a young employee in the Bank of America case—the board should conduct a root cause analysis. This analysis should not be limited to the immediate cause but should explore deeper systemic issues that may have contributed to the incident.

A comprehensive root cause analysis might reveal that the focus on deal closure at the expense of employee well-being is not an isolated issue but indicative of a broader cultural problem. The board could use this analysis to implement changes across the organization, ensuring that similar incidents do not occur in the future.

The lessons are clear: the metrics that companies use to measure success are powerful drivers of behavior. The challenge for compliance professionals is ensuring that these metrics align with business goals, ethical standards, and employee well-being. This requires a proactive approach, leveraging data to monitor business performance and corporate culture. It also requires a board that is engaged, informed, and committed to understanding the realities of the workplace.

In the end, compliance is not just about preventing legal and compliance risks but about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
FCPA Compliance Report

FCPA Compliance Report: Exploring DOJ’s New Whistleblower Incentive Program with Mary Inman

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes back Mary Inman, Partner at Whistleblower Partners LLC, to discuss the new DOJ Whistleblower Incentive Program.

Tom and Mary discuss the DOJ’s New Whistleblower Incentive Program’s aim to fill gaps in existing reward programs and its focus areas, including financial institution violations, foreign and domestic corruption, and healthcare offenses. Mary highlights some criticisms of the program, such as lack of a reward floor and the cap on rewards, and the potential challenges and impacts on corporate compliance. They also talk about the interplay between whistleblowers, DOJ, and corporate investigations, and the potential for adaptation of the program based on stakeholder feedback.

Highlights in this Episode:

  • DOJ Whistleblower Incentive Program Overview
  • Four Focus Areas of the New Program
  • Challenges and Criticisms of the Program
  • Concerns About Reward Mechanisms
  • Race to DOJ: Whistleblowers vs. Corporations
  • Implications for Corporate Compliance

Resources:

Mary Inman on LinkedIn

Whistleblower Partners

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report: Evie Wentink on Making Compliance Training Practical

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report,  Tom Fox has a fascinating visit with Iveta (Evie) Wentink, a 15-year compliance veteran. Evie has worked in the public and private sectors and has expertise in compliance training, hotlines, government contract compliance, data privacy, reporting, & due diligence.

Evie has one of the most unique opening lines for hotline training, which is ‘Do You Know Your Hotline Number?” This simple yet incredibly important question encapsulates Evie’s approach to compliance training: make it simple, direct, and practical for the listeners. (Or, as Carsten Tams would say, ‘It’s all about the UX’).

Our conversation focuses on the critical role of hotline numbers in corporate compliance programs, emphasizing the need for employees to know and trust the hotline. Evie shares insights from her career, highlights the significance of marketing compliance hotlines effectively, and discusses the broader culture of compliance and non-retaliation in organizations. She shares practical tips for improving hotline awareness and usage, making this episode a valuable resource for compliance professionals and organizations alike.

Highlights in this Episode:

  • Enhancing Trust through Active Compliance Reporting
  • Promoting Reporting Culture Through Creative Marketing
  • Ethical Culture: Encouraging Compliance Reporting Safely
  • Enhancing Compliance Programs Through Anonymous Hotlines

Resources:

Evie Wentink on LinkedIn

Evie’s Top 10 Compliance Back to Basics

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 2

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I conclude a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 1

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I will be having a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Nick Gallo on The Ethics and Compliance Optimization System

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes back Nick Gallo, co-CEO at Ethico, to discuss its Ethics and Compliance Optimization System.

Nick Gallo, co-CEO of Ethico, is a seasoned professional with a robust background in ethics and compliance, and a key player in the development and promotion of Ethico’s ethics and compliance optimization system. Gallo’s perspective on the topic of ethics and compliance optimization systems is shaped by his belief in a comprehensive, integrated approach to managing compliance efforts. He sees this system as a next-generation tool that interacts with other data pools, generating more analytics and insights. His experience has led him to advocate for a centralized repository for various types of business information, which can be accessed by compliance teams for better visibility across all data silos within an organization. Gallo also stresses the importance of automation and integration to eliminate manual and repetitive tasks, allowing compliance professionals to focus on more strategic and value-added activities.

 

Key Highlight:

  • Creating a centralized system for streamlining ethics and compliance
  • Why compliance needs a centralized data system for compliance professionals
  • The prevalence of retaliation in organizations
  • Leveraging data for proactive risk mitigation

Resources:

Nick Gallo on LinkedIn

Ethico

Ethics and Compliance Optimization System

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
FCPA Compliance Report

Compliance Lessons from Venice – Into The Lion’s Mouth

In Part 3 of this special 3-episode series, we explore how Venice created the first modern hotline and whistleblower reporting system. Whistleblower and hotline reporting systems in compliance programs are crucial tools for organizations, providing a confidential platform for employees to report misconduct. Fox emphasizes the value of using an external hotline system, which offers an additional layer of anonymity and impartiality and can bring specialized expertise that may be difficult to match within an organization.

He also highlights the role of hotlines in collecting detailed information, which can provide greater insight into situations and help protect companies from accusations of negligence or wrongdoing. Fox underscores the need for hotlines to inspire employee confidence, offer on-demand support from subject matter experts, and provide in-built litigation support and avoidance tools. Join Tom Fox in this episode of the Compliance Lessons from Venice podcast to delve deeper into the significance of hotline reporting systems in compliance programs.

Categories
Blog

How the Venetian Republic Invented the Modern Hotline-Into the Lion’s Mouth

It turns out that Venice invented the modern hotline reporting system with their Lion’s Mouth reporting protocol. The symbol of Venice is the Lion St. Mark. The use of this symbol has led to the maxim straight from the lion’s mouth. This adage came because the Republic of Venice had its own hotline reporting system where citizens could report misconduct. A citizen could write down his concern on paper and literally put this message into the mouths of statues of lions’ heads placed around the city. The system was originally set up to be anonymous, but later changed to require that a citizen had to write down his name when submitting a message. I thought about this early form of anonymous reporting and then Hotline reporting and how it portended the hotline system used today to help companies identify compliance issues which might arise under the FCPA or other compliance laws.

Hotline reporting systems play a crucial role in modern compliance programs. They provide employees with a confidential and secure channel to report suspected misconduct or violations of company policies. In a recent episode of the podcast “Compliance Lessons from Venice,” hosted by Tom Fox, the importance and benefits of hotline reporting systems were discussed in detail.

One of the key factors emphasized in the podcast is the need for hotline systems to allow employees to report misconduct confidentially and without fear of retaliation. This is in line with the guidance provided in the FCPA Resource Guide, which states that an effective compliance program should include a mechanism for confidential reporting. By ensuring anonymity and protection, hotline reporting systems encourage employees to come forward with their concerns, leading to early detection and prevention of compliance issues.

One of the benefits of using external hotline systems, as highlighted by Tom Fox, is the increased employee trust. Employees tend to trust third-party providers more than internally maintained systems, as they perceive an extra layer of anonymity and impartiality. External providers also bring specialist expertise that may be difficult to match within an organization.

Another benefit of hotline reporting systems is the collection of detailed information. Information is power, and by gathering and recording information throughout the complaint’s lifecycle, companies gain greater insight into the situation. This allows for more effective protection against accusations of negligence or wrongdoing. Hotline systems should provide consolidated, real-time access to data across departments and locations, along with analytic capabilities to uncover trends and hotspots.

Data retention is another important factor to consider. Hotline systems should meet the company’s data retention policies, especially considering privacy regulations like GDPR. Having a secure and accessible report retention database ensures compliance with data protection requirements and avoids the need for complicated and costly arrangements for storing older reports.

To be effective, hotline reporting systems must inspire employee confidence. Retaliation or perceived unfairness can destroy the effectiveness of internal reporting and poison the company’s culture. Employees should feel that the hotline offers the highest levels of protection and anonymity. It should allow them to bring their concerns directly to someone outside the immediate chain of command or workplace environment, especially when the complaint involves a supervisor or superior. Providing the option to submit reports from offsite locations also enhances participation rates.

Hotline systems should offer on-demand support from subject matter experts. Opening lines of communication can bring new issues to the compliance group’s attention. It is crucial to follow up on reports in a timely manner and avoid sitting on complaints, as this can lead to employee frustration and potential legal risks.

Inbuilt litigation support and avoidance tools are also important features of hotline reporting systems. Compliance with legal requirements for document retention, attorney work product protections, and attorney-client privilege should be pre-configured in the system. Developing these tools in-house can be costly and expose the organization to unnecessary risks.

Direct communication with the persons filing a complaint is another aspect that enhances the effectiveness of hotline reporting systems. It signals to employees that their complaints are being heard at the highest level and reinforces their confidence in the process.

In addition to these key factors, the podcast episode also highlighted the importance of publicizing the hotline, training employees on how to use it, and ensuring no retaliation for its use. Regularly reviewing the data provided by the hotline and identifying any gaps is also crucial for making informed decisions and improving the compliance program.

Hotline reporting systems are essential components of modern compliance programs. They provide employees with a confidential and secure channel to report misconduct, leading to early detection and prevention of compliance issues. By ensuring anonymity, protection, and access to expert support, hotline reporting systems foster employee trust and contribute to a strong compliance culture within organizations. It turns out we do not have Sarbanes-Oxley to thank for the modern hotline system but the Republic of Vencie.

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Internal Reporting System Best Practices

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The 2019 Guidance further refined this basic requirement for a hotline with inquiries into the effectiveness of your corporate hotline, asking, “Effectiveness of the Reporting Mechanism – Does the company have an anonymous reporting mechanism, and, if not, why not?  How is the reporting mechanism publicized to the company’s employees?  Has it been used?  How has the company assessed the seriousness of the allegations it received?  Has the compliance function had full access to reporting and investigative information?” In this podcast, we detail some of the key best practices.

Three key takeaways:

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Specific Benefits of a Hotline: A Case Study

Is your hotline working for you? In an article, entitled, Promoting Effective Use of the Company Compliance Hotline, José Tabuena provided an excellent example of the power of a hotline. He provided a case study of a company that had not integrated its IT function into its regular compliance and ethics training programs. As such there were zero calls into the hotline by IT employees. This dynamic was changed and IT was integrated into the company’s regular compliance and ethics training. Thereafter, the hotline received several calls from IT employees indicating that there were two major areas of complaints.

The favoritism problem. HR led an investigation that included questioning all IT managers about their direct reports and employees of their unit. The company determined that there was only one instance of a manager hiring a family member (a brother-in-law), but that person did not report to the manager and was in a different section of the IT organization. This finding made clear that there were misperceptions in the IT department, which affected the department’s morale.

Manipulation of data for bonuses. The company used the hotline to obtain more information from the callers on “isolating the metrics and the managers in question.” It was determined that the bonuses of a select few IT managers were indeed influenced by a questionable data source, which was controlled by a non-manager with minimal oversight and controls.

Basic tenets of an effective hotline. This case study provided three key tenets of an effective internal reporting system:

• First, a helpline is of no value if the workforce is not aware of it.

• Second, the ethics and compliance office obtained support from the Chief Information Officer (CIO) which likely influenced the success of the training and communications delivered by the ethics and compliance staff.

• Third, the awareness of the helpline is not sufficient to ensure success as you must make sure that issues and allegations are addressed and investigated.

This case study demonstrates the power of a hotline. The company’s Compliance Department “established the credibility of the helpline as a resource to raise issues and report misconduct.

 Three key takeaways:

1. Hotlines can be powerful tools for the compliance professional.

2. Simply because you have no hotline complaints does not mean you do not have any compliance or ethics issues that need review and resolution.

3. Adequate follow-up is a key part of overall hotline effectiveness.