Section 2

Building Your Foundation

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Implement What You Know with Confidence

Discover action-based tools that provide simple steps for program improvement or robust plans for new ways of doing business. 

MoreHide Arrow Down Icon Icon of solid caret pointing downwards.

Your ethics and compliance program is an ecosystem of moving parts. New laws and regulations, new lines of business, new geographies, mergers and acquisitions become part of a growing enterprise that your compliance ecosystem must support. 

Effective compliance programs are able to deftly navigate these complexities because they have built strong foundations that were developed with the nature of the compliance industry in mind.

This section will give you the expert advice and programmatic best practices to ensure the first steps you take to develop your program are in the right direction. Or if your program is more mature, these resources and insights will give you the necessary guidance to course correct and improve your program’s foundation at whichever stage it is in. 

 

How to Survive Internal Reporting System Scrutiny

Chapter 10 of The Worst-Case Scenario Survival Guide for Compliance Professionals

Ensure your internal reporting system passes the scrutiny of both regulators and employees. Review the 7 key requirements for a robust internal incident management system with Tom Fox. 

Tom Fox 05/03/2018

Chapter 10 of The Worst-Case Scenario Survival Guide for Compliance Professionals

Ensure your internal reporting system passes the scrutiny of both regulators and employees. Review the 7 key requirements for a robust internal incident management system with Tom Fox. 

4. Ensure No Retaliation

Allowing retaliation against an internal reporter will obliterate the effectiveness of your hotline, and perhaps degrade all trust in your corporate compliance program. Even if the information reported is not found to violate an internal policy or law, work to ensure there is no retaliation against reporters. This will require the compliance function to work with HR and monitor how the employee is treated for some amount of time going forward. If there is retaliation, you must make it clear that such actions will not be tolerated and that any employee who engages in retaliation will be disciplined.

Work with your HR function and track whistleblower work history to make sure there is no retaliation.

 

5. Provide Timely Follow-up

Nothing is more frustrating for a whistleblower (anonymous or other) than to never hear back about the information they reported. Acknowledge reports the same day that you get them. After review, if it is deemed worthy of follow-up, contact the reporter and see if they can provide any additional information. If the matter can be investigated and resolved quickly, communicate that expectation with the whistleblower. If it will take longer, communicate that information as well. When the matter is closed, meet with the whistleblower and communicate the final decision – to the extent you can do so.

Make sure you keep whistleblowers informed on a timely basis, otherwise they are more likely to go external.

 

6. Use Triage and Investigation Protocols

Immediately triage any compliant or information coming through your internal reporting mechanism. Use something as straightforward as low, medium and high risk formulation – or something more sophisticated if preferred. Your triage protocol should get the issue to the right person or group to handle the investigation. The vast majority of your investigations should be concluded in one or two weeks. To accomplish this, have an investigation protocol in place and follow it. If an exception is made, provide a justification for it.

The right information, at the right place, at the right time is critical. Use a robust triage process.