Tag: triage

Categories
Compliance Tip of the Day

Compliance Tip of the Day: How Investigative Triage Can Drive Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider how your investigative protocol and triage can drive and improve your corporate culture.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Importance of Triage

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we look at the importance of triage in your overall investigative protocol.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Reporting, Triage and Investigations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, I discuss the steps from reporting to the investigative process.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program – Day 24 – Internal Reporting and Triaging of Claims

The call, email, or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into an FCPA issue for your company. As the CCO, it will be up to you to begin the process, which will determine, in many instances, how the company will respond going forward. This system has become even more important after the 2022 announcement of the Monaco Memo. Further, as the 2022 ABB FCPA resolution made clear, self-disclosing to the DOJ is the vital first step for all discounts under the Corporate Enforcement Policy to begin.

This scenario was driven home by the WPP Foreign Corrupt Practices enforcement action in 2021. Here, a whistleblower reported internally on allegations of bribery and corruption in the company’s India subsidiary. WPP turned over the investigation to an inexperienced accounting firm in India and then allowed the investigation to be controlled by the business unit management that was engaging in the bribery and corruption. The result, unsurprisingly, was no adverse findings. However, the whistleblower did not stop there and reported six more times (seven total) with an increasing amount of documentary support. Finally, the company took the allegations seriously and commissioned an internal investigation.

Three key takeaways:

1. The DOJ and SEC put special emphasis on internal reporting lines.

2. Test your hotline on a regular basis to make sure it is working.

3. Every claim should be triaged before starting an investigation.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Internal Reporting and Triaging of Claims

The call, email or tip comes into your office; an employee reports suspicious activity somewhere across the globe. That activity might well turn into a FCPA issue for your company. As the CCO, it will be up to you to begin the process which will determine, in many instances, how the company will respond going forward. This system has become even more important after the 2022 announcement of the Monaco Memo. Further, as the 2022 ABB FCPA resolution made clear, self-disclosing to the DOJ is the vital first step for all discounts under the Corporate Enforcement Policy to begin.

This scenario was driven home by the WPP Foreign Corrupt Practices enforcement action in 2021. Here, a whistleblower reported internally on allegations of bribery and corruption in the company’s India subsidiary. WPP turned over the investigation to an inexperienced accounting firm in India and then allowed the investigation to be controlled by the business unit management that was engaging in the bribery and corruption. The result, unsurprisingly, was no adverse findings. However, the whistleblower did not stop there and reported six more times (seven total) with an increasing amount of documentary support. Finally, the company took the allegations seriously and commissioned an internal investigation.

Internal reporting. The 2020 FCPA Resource Guide, 2nd edition, has as clear and concise a statement about hotlines as any other requirement found in Hallmarks of an Effective Compliance Program. It states:

An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.

The Evaluation reinforced this language with the following found under Reporting and Investigation:

How has the company collected, analyzed, and used information from its reporting mechanisms? How has the company assessed the seriousness of the allegations it received? Has the compliance function had full access to reporting and investigative information?

This is more than simply maintaining hotlines. Companies have to make real efforts to listen to employees. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that a business’s own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the U.S. Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? Start with the following:

Availability. Your reporting mechanism can be easily accessed by your entire employee base. This may require more than one tool, such as telephone report, internet reporting and other mechanisms.

Anonymity. There must be a manner to make reports anonymously if the reporter so desires.

Escalation. You must have a protocol or mechanism to take any reports up the chain if they warrant being heightened within the organization.

Follow-up. There must be a sufficient follow up protocol to make sure any reported events receive the warranted attention. There should also be a way to keep the incident reporter informed as to the progress of the matter within your investigative protocol.

Oversight. There should be multiple levels of review within your organization on reports which come into your organization. This would include senior compliance department staff, senior company management and up to the Board of Directors.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

After your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Triaging claims. Given the number of ways that information about violations or potential violations can be communicated to the government regulators, having a robust triage system is an important way that a company can determine what resources to bring to bear on a compliance problem.

Jonathan Marks has articulated a five-stage triage process which allows for not only an early assessment of any allegations but also a manner to think through your investigative approach. Marks cautions you must have an experienced investigator or other seasoned professional making these determinations, if not a more well-rounded group or committee. Next, consider what will be the types of evidence to review going forward. Finally, before selecting a triage solution, understand what tools are available, including both forensic and human, to complete the investigation.

Marks’ five-stage process for early assessments are as follows:

Stage 1. These consist of allegations that have a low threat level and do not suggest a breakdown of internal controls. Tips that get grouped into this stage do not have a financial or reputational impact.

Stage 2. These allegations are more serious in nature, and often indicate some deficiency in the design of internal controls. Examples include business rule violations such as recurring employee theft or patterns of falsifying expense reports.

Stage 3. These allegations are serious in nature, generally involve an override of internal controls, and thus are at a minimum a serious deficiency. But they have only a minimal impact on the financial statements or the company’s reputation. More serious allegations in this category include fraud, embezzlement, and bribery involving employees or mid-level management.

Stage 4. These are serious allegations that could have an impact on the completeness and accuracy of the audited financial statements, and that could indicate a material weakness in internal controls. They do not, however, appear to involve any member of the senior management team.

Stage 5. These are serious allegations that involve one or more members of the senior management team or are serious enough to damage the company’s reputation. The receipt of allegations in this stage usually places the company into crisis management mode and could result in the restatement of audited financial statements or added regulatory scrutiny.

Finally, after you ascertain you have an effective reporting mechanism through your hotline and demonstrate you have a robust and properly scoped investigation protocol, you must use the information you receive to remediate any issues which may arise. It is not enough merely to show that a hotline exists, you must present the data it produces.

Categories
Blog

How Triage and Investigations Can Drive a Culture of Speak Up

I recently concluded a podcast series with Case IQ. Over this series, I visited with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. We tackled such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and will conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and more profitably. This blog post series will expand on these topics. In Part 3, we consider why and how having an effective triage for reports and investigations can drive a culture of speaking up in your organization.

Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. He is a passionate and determined team player with experience in prospecting and implementing complex global solutions in various industries. Experience working in cross-functional and multi-cultural teams in Canada, the United States, Germany, and India. His specialties include business strategy and development, international management, ethics and compliance, investigation management, and global implementation strategy.

Jakub emphasized the need for organizations to consider the assessment and triage process before receiving complaints or allegations. This proactive approach allows for increased response time and the ability to set realistic stakeholder expectations.

One of the key points highlighted by Jakub is the importance of setting service level agreements (SLAs) to determine response times based on the nature of the allegation. This concept, borrowed from customer service practices, ensures that employees who come forward with complaints or allegations are provided with a clear understanding of the expected timeline for response and communication. By setting these expectations, organizations can foster a culture of open communication and trust.

The triage process is particularly important for multinational companies that operate across different regions. With varying compliance programs and regulations in different countries, having a well-documented process becomes essential. It allows compliance departments to navigate the complexities of compliance programs and investigations, ensuring consistency and adherence to local laws.

Technology also plays a crucial role in establishing effective compliance processes. Jakub points out that many organizations still need efficient documentation and tracking processes. Implementing technology, such as a case management solution, can help establish accountability and defensibility. It allows for establishing clear procedures monitoring performance and provides documentation that can be used to assess the effectiveness of compliance programs.

There is an overriding need for organizations to build accountability and defensibility into their compliance processes. By having a documented triage process and utilizing technology, organizations can ensure that complaints and allegations are handled promptly and consistently. This fosters a culture of speaking up and provides employees with the confidence that their concerns will be taken seriously and addressed promptly.

However, it is important to recognize the tradeoffs in balancing different factors when implementing a triage process and technology in organizational compliance. While efficiency and speed are crucial, organizations must also consider the need for thorough investigations and the protection of employee rights. Striking the right balance requires careful consideration and ongoing evaluation of processes to ensure continuous improvement.

In conclusion, the triage process and technology are vital in promoting a speak-up culture and ensuring organizational compliance. By proactively assessing and triaging complaints and allegations, organizations can increase response time and set realistic expectations for stakeholders. Implementing technology, such as a case management solution, helps establish accountability and defensibility. However, it is important to consider the impact on employee rights and the need for thorough investigations when making decisions about the importance of the triage process and technology in organizational compliance.

Join us tomorrow when we discuss closing the loop by improving your compliance program through a culture of speaking up.

Listen to Jakub Ficner on Innovation in Compliance here.

Categories
Innovation in Compliance

Breaking the Silence: How Speaking Up Enhances Corporate Cultures – Jakub Ficner on How Triage and Investigations Can Drive a Culture of Speak Up

Welcome to a special five-part podcast series on enhancing corporate culture through a great speak-up regime. This podcast series is sponsored by Case IQ. Over this series, Tom Fox will visit with Sharlyn Lauby, Jakub Ficner, Kenneth McCarthy, and Meric Bloch on the different facets of a great speak-up regime and how each of those facets will improve your corporate culture. They will tackle such topics as the indicia of a great corporate culture, the importance of triage and internal investigations in improving corporate culture, non-retaliation and protections for those who speak up, tying your entire system of speaking up to improving culture, and conclude with some thoughts on how an entire system of speaking up drives corporate culture to be better run and, at the end of the day, more profitably. In Part 3, Tom Fox visits with Jakub Ficner on the importance of your triage protocol and investigative process to foster a culture of speaking up.

Jakub Ficner has over 15 years of experience in the internal investigative space and is currently the Director of Partnership Development at Case IQ. He strongly advocates for the importance of the triage process and technology in organizational compliance. Jakub emphasizes the need for a rigorous reporting, triage, and investigation process, even before receiving a complaint or allegation. He believes that effective means of documenting and tracking investigative processes are crucial for establishing accountability and defensibility in compliance processes. Drawing from his extensive experience, Jakub highlights the significance of having a documented process, especially for multinational companies with compliance officers in various regions. He recommends using technology, such as a case management solution, to ensure accountability, defensibility, and easy information retrieval. Join Tom Fox and Jakub Ficner on this episode as they delve deeper into these topics of triage and investigations.

 Key Highlights:

  • The importance of effective triage
  • Improving Response Time and Setting Expectations
  • Effective Compliance Documentation and Tracking
  • Using Technology to Establish Accountability and Defensibility

Resources:

Jakub Ficner on LinkedIn

Case IQ

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 73 – The Lights of Zetar

 

In this episode of Trekking Through Compliance, we consider the episode The Lights of Zetar, which aired on January 31, 1969, and occurred on Star Date 5725.3.

On its way to the Memory Alpha planetoid, the storehouse of all Federation’s cultural history and scientific knowledge, sensors detect a strange storm. The storm travels at a speed of Warp 2.6, indicating that it cannot be a natural phenomenon. The storm heads right for the Enterprise, penetrating the shield and attacking different brain centers of different crew members. Lt. Mira Romaine, aboard to oversee transmission of data newly gathered by the Enterprise to Memory Alpha, seems the hardest hit.

The storm then heads for shieldless Memory Alpha, killing all those aboard and burning out the central memory core. Mira beamed and warned everyone to return to the Enterprise because the storm was returning. Scans from the Enterprise confirm this, and the landing party returns to the ship.

To rid Mira of the alien influence before the aliens attack again, Kirk rushes her to a gravity/pressure chamber. The aliens attack too soon, however, and Mira becomes completely possessed. Speaking through Mira, the aliens identify themselves as the last survivors of the planet Zetar. They have had to discard their bodies and have been searching for a millennium for one such as Mira’s in which they can live out their lives. Before Mira’s consciousness can be completely subjugated, Scotty puts her in the pressure chamber. Here, the aliens are killed, and Mira is freed.

Compliance Takeaways:

1.     What is your internal reporting mechanism?

2.     Have you trained your middle managers in how to receive reports?

3.     What is your triage protocol?

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
31 Days to More Effective Compliance Programs

One Month to Better Reporting and Investigations – Triage of Internally Reported Allegations

One of the things that I learned from the television series M*A*S*H was the need for triage. In the hospital setting, triage is the process of determining the priority of patients’ treatments based on the severity of their condition. In the 2012 FCPA Guidance, there is a short but succinct statement, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” This is considered in more expansive language in the 2020 Update to the Evaluation of Corporate Compliance Programs.  Under Part 1, Section D. Confidential Reporting Structure and Investigation Process, it stated in part, Properly Scoped Investigation by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation?
Appropriate triage of allegations has several different impacts for any matter which comes to the attention of compliance. Obviously, it will help you to initially determine the seriousness of the matter. From there you can allocate an appropriate level of resources. It will also aid in your discussion with the DOJ if you must go that route. Finally, in the situation where facts come in, it provides the required documented evidence that a process was followed that you can show the government that a claim was properly scoped, as required under the Evaluation. But the key is to be prepared, not only in terms of having your investigation and notification protocols in place before an allegation comes in but also doing the proper triage so that you have an initial understanding of what you may be facing.

Three key takeaways:

  1. Compliance can learn from M*A*S*H about the need for triage.
  2. Initial triage allows you to separate the wheat of serious allegations from the chaff of more inconsequential allegations.
  3. A robust triage process allows for greater credibility with government regulators.
Categories
FCPA Compliance Report

Investigative Protocols After the Monaco Memo

In this episode, I take things in a different direction today as I post the recording of a webinar I recently put on for i-Sight Software Solutions. In this presentation, I detail what the Monaco Memo means your corporate investigative protocol.

Some of the highlights include:

·      What changes did the Monaco Memo portend for corporate investigative protocols?

·      What unintended consequence did the Russian invasion of Ukraine bring to the public view of whistleblowers?

·      Why is triage a key aspect of your investigative protocol?

·      Why should you create an investigative protocol long before an investigation becomes needed?

·      How do you create an investigative protocol to keep key decision makers in the loop?

 Resources

For a White Paper on these issues, click here.