The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the US Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? I would suggest that you start with at least the following:

  1. Availability.
  2. Anonymity.
  3. Escalation.
  4. Follow-Up.
  5. Oversight.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

I would emphasize, yet again, that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

What is your FCPA Investigation Protocol?

With the advent of the Securities and Exchange (SEC) Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do. The following is a suggested starting point.

Step 1: Opening and Categorizing the Case.

Step 2: Planning the Investigation.

Step 3: Executing the Investigation Plan.

Step 4: Determining Appropriate Follow-Up.

Step 5: Closing the Case.

Three Key Takeaways

  1. Pre-taliation is becoming a more important SEC enforcement tool.
  2. Test your hotline on a regular basis to make sure it is working.
  3. Utilize social media for both tips and reports and to spot trends.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.

 

 

 

To read more, check out my blog post series on Hallmark 8.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

Roman Numbers 1-10.2The FCPA Guidance has about as clear, concise and short a statement about hotlines than any other Tenet of an Effective Compliance Program. It states, “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” But more than simply hotlines, companies have to make real efforts to listen to employees. But you must spend time working on this issue. You need to have managers who are trained on how to handle employee concerns; they must be incentivized to take on this compliance responsibility and you must devote communications resources to reinforcing the company’s culture and values to create an environment and expectation that managers will raise employee concerns.

The reason is that its own employees are a company’s best source of information about what is going on in the company. It is certainly a best practice for a company to listen to its own employees, particularly to help improve its processes and procedures. But more than listening to its employees, a company should provide a safe and secure route for employees to escalate their concerns. This is the underlying rationale behind an anonymous reporting system within any organization. Both the US Sentencing Guidelines and the Organization of Economic Cooperation and Development (OECD) Good Practices list as one of their components an anonymous reporting mechanism by which employees can report compliance and ethics violations. Of course, the Dodd-Frank Whistleblower provisions also give heed to the implementation of a hotline.

What are some of the best practices for a hotline? I would suggest that you start with at least the following:

  1. Availability – a Hotline should be available 24 hours a day/7 days a week and toll-free. It should be available in the native tongue of the person utilizing it so if your work force uses more than one language for inter-company communications, your Hotline should reflect this as well.
  2. Anonymity – while some foreign jurisdictions do not allow anonymous reporting, the US is not one of them. You need to have a mechanism that allows an employee to make an anonymous report and put in safeguards which will ensure anonymity going forward should the reporting employee desire it.
  3. Escalation – after a report is received through the Hotline it should be distributed to the appropriate person or department for action and oversight. This would also include resolution of the information presented, if warranted and consistent application of the investigation process throughout the pendency of the matter.
  4. Follow-Up – there should be a mechanism for follow-up with the Hotline reporter, even if the report is made anonymously. This allows the appropriate person within your organization to substantiate the report or obtain additional information at an early stage, if appropriate.
  5. Oversight – the information communicated through the Hotline should be available to the appropriate Board Committee or Management Committee in the form of statistical summaries and that an audit trail be available to the appropriate oversight group of actions taken and resolution of any information reported through the Hotline.

In the area of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

I would emphasize, yet again, that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for a violation of any compliance policy. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

What is your FCPA Investigation Protocol?

With the advent of the SEC Whistleblower Program, courtesy of Dodd-Frank, it is imperative that a company quickly and efficiently investigate all hotline reports. This means you need an investigation protocol in place so that the entire compliance function is on the same page and knows what to do. The following is a suggested starting point.

Step 1: Opening and Categorizing the Case. Under this first step, you should categorize the ethics and compliance violation. You should notify the relevant individuals, including those on your investigation team and any senior management members under your notification protocols. After notification, you should assemble your investigation team for preliminary meetings and assessments. This Step 1 should be accomplished in one to three days after the allegation comes into compliance, either through your reporting structure or other means.

Step 2: Planning the Investigation. After assembling your investigation team, you should determine the required investigation tasks. These would include document review and interviews. If hard drives need to be copied or documents put on hold or sequestered in any way, or relationships need to be analyzed through relationship software programs or key word search programs, this should also be planned out at this time. These tasks should be integrated into a written investigation or work plan so that the entire process going forward is documented. Also if there is a variation from the written investigation plan, such variation should be documented and an explanation provided as to why there was such a variation. Lastly, if international travel is involved this should also be considered and planned for at this step. This Step 2 should be accomplished within another one to three days.

Step 3: Executing the Investigation Plan. Under this step the investigation should be completed. I would urge that the interviews not be effected until all documents are reviewed and ready for use in any interviews. Care should be taken to ensure that an appropriate Upjohn warning is issued and that the interviewee clearly understands that whoever is performing the interview represents the company and not the person being interviewed, whether they are the target of the investigation or not. The appropriate steps should also be taken to preserve the attorney-client privilege and attorney work product assertions. This Step 3 should be accomplished in one to two weeks.

Step 4: Determining Appropriate Follow-Up. At this step the preliminary investigation should be completed and you are ready to move into the final phases. In some investigations, it is relatively easy to determine when the work is essentially complete. For example, if the allegation is both specific and narrow, and the investigation reveals a compelling and benign explanation for the conduct alleged, then the investigation typically is complete and you are ready to convene the investigation team and the relevant business unit representatives. This group would decide on the appropriate disciplinary steps or other actions to take. This Step 4 should be completed in one day to one week. It must be cautioned that at this step, if there are findings of specific or discrete allegations of corruption and bribery, a decision must be made as how to handle such findings going forward.

Step 5: Closing the Case. Under this final step, you should communicate the investigation results to the stakeholders and complete the case report. Everything done in the above steps should be documented and stored, either electronically or in hard copy form together. The case report should be completed. This Step 5 should be completed in one day to one week.

Finally, do not forget that you cannot prevent employees from good-faith reporting to relevant government agencies, allegations of FCPA violation; either by employment contract or severance agreement language.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

Check out my podcast series on the Ten Hallmarks, featuring Hallmark 8 by clicking here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

VolunteersThere are times when the universe converges in some of the oddest coincidences. It happened one day last week when two members of the original Jefferson Airplane lineup died on the same day. Most people familiar with what my teenaged daughter would call Classic Rock know the name Paul Kantner and his role in co-founding the band, Jefferson Airplane. As reported in his New York Times (NYT) obituary, “seen as the intellectual spokesman for the group, with an ideology reflected in his songs, that combined anarchic politics, an enthusiasm for mind-expansion through LSD and science-fiction utopianism.” Kantner wrote some of their top songs, including Today, Young Girl Sunday Blues and my personal favorite (Woodstock version) Volunteers. He also wrote Wooden Ships with Stephen Stills and David Crosby, which described a group of people escaping a postapocalyptic society to create its own freedom in a time and place unknown.

The second founding member of Airplane is much less well known. Signe Toly Anderson was the original female vocalist for Jefferson Airplane. As reported in Consequence of Sound, an online publication, Anderson joined Jefferson Airplane shortly after their formation in 1965 and sang on their debut album, Jefferson Airplane Takes Off. She left the band following the birth of her first child, due to an unwillingness to tour. Grace Slick replaced her and the Airplane had their classic lineup in place. In a statement another Airplane co-founder, Marty Balin said, “One sweet Lady has passed on. I imagine that she and Paul woke up in heaven and said ‘Hey what are you doing here? Let’s start a band’.”

While I did not purchase all the Airplane studio albums and listen to them as I did when The Eagles co-founder Glenn Frey died last month, I did purchase a couple and grooved out to them over the weekend. One of the clear things expressed to me was the evocative song writing, in a word communication. I have been thinking about communication in compliance programs, specifically around hotlines since I read an article in the most recent edition of Harvard Business Review (HBR) by James R. Detert and Ethan R. Burris, entitled “Can Your Employees Really Speak Freely?” One of the key points from the article was the need to focus on communications throughout your organization; both up and down the line.

They stated the problem, as they saw it, was that while leaders try “to make it easier for employees to share ideas and concerns-they usually end up doing the opposite.” They cited two key reasons: (1) fear of retaliation and (2) lack of responsiveness. They provided a list of several programs and policies that a company could implement which they believed might address these shortcomings. I found their list useful for a Chief Compliance Officer (CCO) or compliance practitioner to consider in not only their whistleblower program but as greater communications enhancements in any company.

Make feedback a regular, casual exchange 

This means get out and meet with the troops. The authors suggest, “Schedule regular meetings with your employees, and don’t cancel every time you don’t have an agenda. In fact, you might occasionally announce that the top item on the agenda will be employee feedback. Tell people in advance what sort of conversation you’ll be having (a brainstorming meeting, for instance, or a planning session), and explain the kinds of problems or possibilities you want to discuss.” Equally important is that you actually implement an appropriate suggestion from such meetings, i.e. bonus points giving credit to the employee who suggested it.

Be transparent 

For a CCO or compliance practitioner, one of the most important things you bring to any employee interaction is credibility. Part of this credibility is in being transparent. The authors suggested a transparent timetable for triage, implementation and feedback. They noted, “Spelling out guidelines and commitments up front made contributing feel less daunting and futile to employees.”

Reach out 

This is more than simply the ‘duh’ moment of getting out of the office. It means to seek out new ideas and new opinions. Yet the authors had a fresh slant on it when they said, “When you do ask for feedback, go to the people who know something you don’t. The folks in your immediate network probably are similar to you in background, perspective, and knowledge—so branch out. Counteract the all-too-common norm of expecting new people to quietly fit in until they understand “how we do things around here.” New people can tell you how other organizations operate and will have a fresh perspective on your firm’s strengths and weaknesses.”

Soften the power cues 

Power can not only squelch communications but can kill it outright. Coming from the energy industry, with its hierarchical nature, I certainly understand the power dynamic. Here the authors are concerned with the symbols and vestiges of power, down to things like the office setting. Of course, there is always the concern when you are seen going into the CCO office so the authors suggest, “take steps to make your guests feel more comfortable. Add a small table with chairs of the same size and quality so that when someone comes to talk, you can sit together. Table shape matters, too. It’s usually easy to guess who has the most power at an oval or a rectangular table, but there’s no “head” at a round table. And consider your attire: Do you really need a tie for meetings with the creative team? You want employees to feel you’re one of them.”

Avoid sending mixed messages 

If you beat up people who present ideas, people will stop presenting them to you. Moreover, if you put constraints on the size and dimension of information that can be presented to you, it may well be seen as a negative signal. The authors wrote, “Even informal “blue-sky” sessions were stifled by reminders to use the company’s standard PowerPoint template and adhere to rules about maximum words per slide, which reinforced the feeling that people needed to stay within certain bounds.”

Be the example 

This does not mean, as Chevy Chase intoned in Caddyshack to be the ball; but instead means advocate for those who bring suggestions. As the authors stated, “Employees feel inspired when they see you advocating for them. That message came through quite clearly when we spoke with people at a real estate firm.” If you cannot advocate for them, explain to them why you cannot do so.

Close the loop 

Feedback, feedback and feedback. One of the surest ways to close down employee input is not to provide feedback or as the authors said, “If you don’t want people to think their ideas went straight to the trash can, make sure you tell them what you did next and what they can expect as a result. In surveys of more than 3,500 employees in multiple companies, we found that bosses’ failure to close the loop increased subordinates’ belief that speaking up was futile by 30%. But if managers had closed the loop in the past, their reports spoke up 19% more frequently—even after we accounted for any increase that happened simply because managers were perceived as open, interested, and willing to make changes.”

While the authors overall attack on hotlines was certainly not merited, they did provide some solid suggestions for any two-way street of communications. The techniques they posit are useful for any compliance practitioner who is communicating up or down the chain.

While you are thinking about it, check out this YouTube clip of Jefferson Airplane playing Volunteers at Woodstock.TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016