Categories
Blog

Internal Reporting and Investigative Lessons from Star Trek: The Conscience of the King

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. Today, I will continue my two-week series by looking at the following Hallmarks of an Effective Compliance Program laid out by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in the FCPA Resources Guide, 2nd edition. Today, we look at internal reporting and investigative lessons from The Conscience of the King.

The Conscience of the King centers around Captain Kirk’s investigation into the identity of Anton Karidian, the leader of a traveling theater troupe. Kirk suspects that Karidian is Kodos the Executioner, a tyrant responsible for the massacre on Tarsus IV, where Kirk is one of the few survivors. As the episode unfolds, Kirk must gather evidence to confirm his suspicions while navigating the moral complexities of justice and revenge.

Lesson 1. The Importance of Confidential Reporting

Confidential reporting mechanisms are essential for identifying and addressing potential compliance violations. You should develop a comprehensive, confidential reporting policy that outlines the process for submitting reports, the types of issues that can be reported, protections for whistleblowers, and investigation procedures. These policies must be communicated broadly to all employees and made easily accessible.

You should have multiple reporting channels from there, such as a dedicated hotline, an online submission form, an email address, or in-person reporting to a compliance officer. Ensure all channels are communicated and easy for employees to access. Finally, consider using an independent third party to manage the reporting hotline for maximum confidentiality. They allow employees to report concerns without fear of retaliation, fostering a culture of transparency and accountability. Some of the mechanisms include anonymous reporting.

Lesson 2. Conduct Thorough Investigations

Effective investigations are crucial for verifying claims, gathering evidence, and determining appropriate action. Each compliance program should have a formal, standardized investigation process led by trained, impartial investigators. Your investigative protocol should outline evidence collection, interviews, and documentation guidelines. Investigations should be conducted impartially, ensuring that all parties are treated fairly and that conclusions are based on evidence rather than assumptions or biases. You must ensure that investigations are properly documented, with clear accountability for follow-up actions. You should provide regular progress updates to the reporting party while maintaining confidentiality.

Kirk’s evidence gathering illustrates these principles in the episode, as he seeks out individuals who might recognize Karidian as Kodos, such as Dr. Leighton, who was also a survivor of the Tarsus IV massacre. He balances suspicion with the need for concrete evidence before taking action. Kirk engages in human and forensic-based investigative tools when he devises a plan to observe Karidian’s reaction to hearing his voice from historical records of Kodos’s speeches, showcasing the importance of testing hypotheses to validate suspicions.

Lesson 3. Balancing Privacy and Justice

Investigations must balance the need for transparency with the privacy rights of those involved. Protecting confidentiality is essential to maintaining trust in the reporting process and ensuring fair outcomes. Every compliance function should have protocols to safeguard the confidentiality of all parties involved in an investigation, including the reporter, subject, and witnesses. This may include restricting access to sensitive information and ensuring secure storage of records. Finally, while maintaining confidentiality, organizations should communicate the outcomes of investigations to relevant stakeholders, reinforcing the organization’s commitment to transparency and accountability.

As a compliance professional, balancing the principles of privacy and justice during an internal investigation can be a delicate challenge. Here are some key considerations and approaches to striking the right balance through both proportionality and necessity. This means collecting and retaining only the personal data that is strictly necessary and proportional to the specific investigation. Also, avoid excessive data gathering or prolonged retention that could be considered an unwarranted invasion of privacy.

Examples from The Conscience of the King include Kirk’s maintenance of secrecy by ensuring that information about the investigation is shared only with those who need to know, protecting the privacy of individuals involved, and preventing potential harm to the theater troupe if the suspicions prove unfounded. His tactful handling of sensitive information is an example of how crucial it is to limit access to private information to preserve the investigation’s integrity.

Lesson 4. Leadership’s Role in Fostering a Compliance Culture

Leadership plays a critical role in establishing and maintaining a culture of compliance. Leaders must demonstrate a commitment to ethical behavior and support implementing compliance initiatives. A corporate compliance function should encourage business leadership, the C-Suite, and the Board of Directors to consistently reinforce the importance of speaking up and the organization’s non-retaliation commitment. You should also celebrate employees who come forward with reports that lead to positive change.

Business leaders should model ethical behavior and demonstrate a commitment to compliance through their actions and decisions. This sets a positive example for employees and reinforces the organization’s values. Your executives must actively support compliance initiatives, including developing and promoting reporting mechanisms and investigation procedures. Kirk exemplifies ethical leadership by prioritizing justice and integrity over personal vendetta. He uses his authority responsibly to pursue the truth while protecting his crew and the accused.

Lesson 5. Addressing the Human Element

Compliance programs must account for the human element, recognizing that emotions and personal biases can influence reporting and investigations. Programs should be designed to minimize these influences and ensure objective outcomes. Your compliance function should provide training to help employees recognize and manage emotions and biases that may impact their decision-making. You need to, as much as possible, move towards evidence- and data-based objective decision-making. This includes professional skepticism and developing processes and tools to facilitate objective decision-making, such as checklists or decision trees, to guide investigators and reduce the influence of personal biases.

“The Conscience of the King” offers valuable lessons for compliance professionals on the importance of confidential reporting and thorough investigations. By implementing these lessons, organizations can enhance compliance programs, foster a culture of transparency and accountability, and effectively manage risks. Incorporating these elements into your compliance strategy can help ensure that your organization is prepared to navigate the complexities of today’s regulatory environment while upholding the highest ethical standards. As Captain Kirk demonstrated, pursuing truth and justice requires vigilance, integrity, and a commitment to doing what is right.

Join us tomorrow as we consider the lessons on financial incentives and disciplinary measures from the Star Trek episode Mirror Mirror.

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 73 – Collaboration and Pattern Recognition: Compliance Lessons from The Lights of Zetar

In this episode of Trekking Through Compliance, we consider the episode The Lights of Zetar, which aired on January 31, 1969, and occurred on Star Date 5725.3.

On its way to the Memory Alpha planetoid, the storehouse of all the Federation’s cultural history and scientific knowledge, sensors detect a strange storm. The storm travels at a speed of Warp 2.6, indicating that it cannot be a natural phenomenon. The storm heads right for the Enterprise, penetrating the shield and attacking different brain centers of different crew members. Lt. Mira Romaine, aboard to oversee the transmission of data newly gathered by the Enterprise to Memory Alpha, seems the hardest hit.

The storm then heads for shieldless Memory Alpha, killing all aboard and burning out the central memory core. Mira beamed and warned everyone to return to the Enterprise because the storm was returning. Scans from the Enterprise confirm this, and the landing party returns to the ship.

To rid Mira of the alien influence before the aliens attack again, Kirk rushes her to a gravity/pressure chamber. The aliens attack too soon, however, and Mira becomes completely possessed. Speaking through Mira, the aliens identify themselves as the last survivors of the planet Zetar. They have had to discard their bodies and have been searching for a millennium for one such as Mira’s in which they can live out their lives. Before Mira’s consciousness can be wholly subjugated, Scotty puts her in the pressure chamber. Here, the aliens are killed, and Mira is freed.

Commentary

The episode follows the Enterprise crew as they encounter a mysterious storm that endangers them and the Memory Alpha Planetoid. The episode receives criticism for its perceived sexism but also includes a defense that views it as a poignant love story. Tom Fox uses this episode as a framework to discuss the importance of enhancing pattern recognition in compliance through collaboration, sharing insights on how cross-functional teamwork can improve the identification and mitigation of compliance risks.

Key Highlights

  • Episode Summary: The Lights of Zatar
  • Critical Reception and Controversy
  • Compliance Insights: Enhancing Pattern Recognition
  • 11:17 Conclusion and Next Episode Preview

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting and Layoffs

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we look at the always tricky issue of internal reporting, whistleblowers during layoffs.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Internal Reporting Outside The US, Part 1

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I will be having a two-part discussion of steps a company needs to consider for internal reporting in jurisdictions outside the US.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Benefits of a Speak Up Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we discuss some of the benefits of a culture of speak up and reporting

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Reporting, Triage and Investigations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I discuss the steps from reporting to the investigative process.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

Internal Reporting and Triaging of Claims

The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward. This system has become even more important after the 2022 announcement of the Monaco Memo. Further, as the 2022 ABB FCPA resolution made clear, self-disclosing to the DOJ is the vital first step for all discounts under the Corporate Enforcement Policy to begin.

This scenario was driven home by the WPP Foreign Corrupt Practices enforcement action in 2021. Here, a whistleblower reported internally on allegations of bribery and corruption in the company’s India subsidiary. WPP turned over the investigation to an inexperienced accounting firm in India and then allowed the investigation to be controlled by the business unit management that was engaging in the bribery and corruption. The result, unsurprisingly, was no adverse findings. However, the whistleblower did not stop there and reported six more times (seven total) with an increasing amount of documentary support. Finally, the company took the allegations seriously and commissioned an internal investigation.

Internal reporting. The 2020 FCPA Resource Guide, 2nd edition, has as clear and concise a statement about hotlines as any other requirement found in Hallmarks of an Effective Compliance Program. It states:

An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.

The Evaluation reinforced this language with the following found under Reporting and Investigation:

How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?

This is more than simply maintaining hotlines. Companies have to make real efforts to listen to employees. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that a business’s own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the U.S. Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? Start with the following:

Availability. Your reporting mechanism can be easily accessed by your entire employee base. This may require more than one tool, such as telephone report, internet reporting and other mechanisms.

Anonymity. There must be a manner to make reports anonymously if the reporter so desires.

Escalation. You must have a protocol or mechanism to take any reports up the chain if they warrant being heightened within the organization.

Follow-up. There must be a sufficient follow up protocol to make sure any reported events receive the warranted attention. There should also be a way to keep the incident reporter informed as to the progress of the matter within your investigative protocol.

Oversight. There should be multiple levels of review within your organization on reports which come into your organization. This would include senior compliance department staff, senior company management and up to the Board of Directors.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

After your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Triaging claims. Given the number of ways that information about violations or potential violations can be communicated to the government regulators, having a robust triage system is an important way that a company can determine what resources to bring to bear on a compliance problem.

Jonathan Marks has articulated a five-stage triage process which allows for not only an early assessment of any allegations but also a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider what will be the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including both forensic and human, to complete the investigation.

Marks’ five-stage process for early assessments are as follows:

Stage 1. These consist of allegations that have a low threat level and do not suggest a breakdown of internal controls. Tips that get grouped into this stage do not have a financial or reputational impact.

Stage 2. These allegations are more serious in nature, and often indicate some deficiency in the design of internal controls. Examples include business rule violations such as recurring employee theft or patterns of falsifying expense reports.

Stage 3. These allegations are serious in nature, generally involve an override of internal controls, and thus are at a minimum a serious deficiency. But they have only a minimal impact on the financial statements or the company’s reputation. More serious allegations in this category include fraud, embezzlement, and bribery involving employees or mid-level management.

Stage 4. These are serious allegations that could have an impact on the completeness and accuracy of the audited financial statements, and that could indicate a material weakness in internal controls. They do not, however, appear to involve any member of the senior management team.

Stage 5. These are serious allegations that involve one or more members of the senior management team or are serious enough to damage the company’s reputation. The receipt of allegations in this stage usually places the company into crisis management mode and could result in the restatement of audited financial statements or added regulatory scrutiny.

Finally, after you ascertain you have an effective reporting mechanism through your hotline and demonstrate you have a robust and properly scoped investigation protocol, you must use the information you receive to remediate any issues which may arise. It is not enough merely to show that a hotline exists, you must present the data it produces.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Internal Reporting and Whistleblowers During Layoffs

In Houston, we have experienced energy companies laying off upwards of 30% of their workforce in the US and abroad. Employment separations can be one of the trickiest maneuvers to manage in the spectrum of the employment relationship. Even when an employee is aware layoffs are coming, it can still be quite a shock when Human Resources (HR) shows up at their door and says, “Come with me.” However, layoffs, massive or otherwise, can present some unique challenges for the FCPA compliance practitioner. Employees can use layoffs to claim that they were retaliated against for various complaints, including those for concerns that impact the compliance practitioner. Yet there are several actions you can take to protect your company as much as possible.

These actions allow you to demonstrate that any laid-off employee was not separated because of a hotline or whistleblower allegation but due to your overall layoff scheme. However, it could be that you may need this person to provide your compliance department additional information, to be a resource to you going forward, or even a witness that you can reasonably anticipate the government may want to interview. If any of these situations exist, if you do not plan for their eventuality before you lay off the employee, said (now) ex-employee may not be inclined to cooperate with you going forward. Also, demonstrating that you are sincerely interested in a meritorious hotline complaint may keep this person from becoming an SEC whistleblower.

Three Key Takeaways:

  1. An employment separation is critical if an internal report has been made.
  2. Have appropriate language in your separation agreement.
  3. Treat terminated employees with dignity and respect.
Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Internal Reporting System Best Practices

What are some best practices regarding an internal reporting system? The 2012 FCPA Guidance stated, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” The 2019 Guidance further refined this basic requirement for a hotline with inquiries into the effectiveness of your corporate hotline, asking, “Effectiveness of the Reporting Mechanism – Does the company have an anonymous reporting mechanism, and, if not, why not?  How is the reporting mechanism publicized to the company’s employees?  Has it been used?  How has the company assessed the seriousness of the allegations it received?  Has the compliance function had full access to reporting and investigative information?” In this podcast, we detail some of the key best practices.

Three key takeaways:

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Reporting and Investigations – Advantages of an Internal Reporting System

While it is clear that the government expects companies to have an internal reporting system, there are benefits far beyond putting you in the government’s good graces. Companies with a more robust internal reporting system generated more reports. Dr. Welch found a group of companies he termed “power users”, which were high-level users of whistleblower reporting systems who had more activity than the average entity. These “power user” companies have several interesting characteristics. First, they are typically firms with higher quality earnings reporting. They are more profitable entities. Finally, these “power user” companies were firms with higher quality governance, as rated by the Entrenchment Index, which is used to measure how entrenched management is in a company.

Conversely, companies which were observed to be a more limited user of whistleblower reporting systems are companies that were seen to have poor governance. They are more prone to financial accounting issues, such as discretionary accruals, which could prove problematic. These tend to be smaller and less mature firms. Their overall compliance programs were generally not seen as robust or as effective as those in larger, more mature organizations. Finally, these firms, probably because they were smaller and less mature, are more prone to extreme growth and the problems associated with trying to scale up quickly.
All of this points to one unmistakable conclusion, a robust whistleblower reporting system facilitates a company’s resolution of problems before they become major problems or legal violations bringing the Securities and Exchange Commission (SEC) or DOJ calling.

Three Key Takeaways

  1. Companies with a robust whistleblower and reporting system had greater profitability and workforce productivity as measured by Return on Assets.
  2. There were fewer material lawsuits brought against the company overall and there were lower settlement costs if a lawsuit did occur.
  3. There were fewer external whistleblower reports to regulatory agencies and other authorities.