Yesterday I considered an article by Ryan Hubbs, entitled “10 Factors Leading to Reporting Mechanism Distrust”, in which he detailed 10 factors leading to hotline distrust. Today I want to pick up on that article with Hobbs’ tips for building a trusted hotline reporting program and culture, talk about the SEC whistle blowing program, and conclude with a few thoughts on why experienced, invested counsel is so critical in these.
Organizations implement and maintain hotlines, trusted programs, hotline programs differently depending on their sizes, cultures, geography, and many other factors if they must decide if they’ll construct such programs. Many organizations find benefit to taking it outside from the experience and expertise, the appearance of independence which can increase employee trust. A smaller organization may not be able to do so. Nevertheless, there are many competent companies that put on hotline services for small individuals.
What can you do to help build trust for your reporting system?
1. Training and awareness. Increased awareness of the program will help build employee’s confidence around it, and organization should continually strive to help employees know that the hotline reporting system program works, why the organization believes in it, who operates it, and why it’s a critical part of the culture of the company and the compliance ethos of the company. Organizations should include hotline frequently asked questions and answers for all employee new hires and supervisory training.
- Ongoing communication. Communication about a hotline reporting program, recent compliance issues, and messages from management should be a routine and commonplace. I have talked about putting posters in workrooms and coffee rooms to announce hotlines, but you have to continually communicate it. Think of the example of Louis Sapirman at Dun & Bradstreet, where they are continually communicating via the company’s internal social media program about the hotline.
- Accessibility. Information on a hotline reporting program and how to report a concern should be within one click of the organization’s intranet or external website. An organization should communicate program information in as many languages is as necessary to provide coverage. Certainly here, the Department of Justice and Securities Exchange Commission have made clear in the 2012 guidance that local languages must be respected and utilized. Web-based reporting platforms should be available to facilitate anonymous reporting and allow for inclusion of attachments. Conversely, you may have a situation where a large amount of your workforce does not have access to a computer. They may be in a country where there’s limited internet or, frankly, they may not be trained on computers, so you be required to maintain other mechanisms as well.
- Transparency. Prominently display your organization’s hotline reporting and investigative process including the expertise and contact information of your trained investigators, what employees should expect, plus the organization’s responsibilities, cooperate, and protecting against retaliation. We have talked about anti-retaliation before, but I’m going to emphasize it again because it is so important. You must incorporate the fair process doctrine, you must not retaliate, and you must make clear to your employees that you will not tolerate retaliation.
- Proficiency and objectivity. Those who manage the hotline and investigation process should be technically proficient, professional, well trained, and experienced in the handling and reporting of concerns. The organization should also install adequate systems, processes, and technologies to support the investigators and ultimately the employees. This includes an in depth and routine training, I would say no less than annually, for the organization’s investigative, legal, HR, and compliance staff, but you’ve got to get the word out. You got to have proficiency and objectivity. Prong three of the 2016 Department of Justice pilot program required compliance expertise. You must have that proficiency and it should include into your investigative staff.
- Ongoing assessment. Is your organization assessing your compliance program and your hotline? How do employees currently view the hotline reporting program and corporate culture? Can people get the information to the appropriate disciplines within your organization? Here you can think about Wells Fargo, where there was clear evidence that the culture had failed yet even with a reporting mechanism in place and use of that mechanism, management did not follow up to determine the issues which led to the company’s catastrophic reputational damage.
Next, is an assessment on whether the ethics and hotline policies, procedures, and technology are meeting the needs of the organization and the employees. Here let me emphasize technologies, because I earlier about a situation where an employee does not have access to a computer. What if the employees are out on a drilling rig? Would they have access to a cell phone, or could they report in that manner? Maybe not. They may have to use a computer. You must have the appropriate technology for your diverse workforce.
What about after the report is made? Are your internal investigations and resulting disciplinary actions consistent with the organization’s desired culture of compliance? Here you need to make sure that the actions you have taken really are consistent because employees understand this and they will watch and see what happens. Are independent reviews conducted by internal audit or external professionals with ongoing oversight by an audit committee of the hotline and results? Finally, are complaints and resolutions disclosed to or discussed with external auditors? Are you bringing in outside experts to help you?
All of this is important because of Dodd-Frank and its creation of a Whistleblower program for securities violations, such as the Foreign Corrupt Practices Act (FCPA) for issuers. As of April, of 2017, the Securities and Exchange Commission (SEC) has made 43 whistle blowers awards of over $153 million to whistle blowers under the Whistleblower program established under Dodd-Frank. This is a direct result of failure of corporate hotlines. Any regulator will tell you that 95% of all employees attempted to report internally first and they were either rebuffed, they were retaliated against, or in some other way rejected. The amount of money, fines and penalties, paid out for ignoring whistle blowers, people who report anonymously, is significant.
Finally, as I end this one-month series, I would just like to re-emphasize the need for experienced investigative counsel for serious matters. Recently had a declination issued in the Linde Gas case by the Department of Justice (DOJ), and it really was clear that the counsel used by Linde in in addition to the decision self-disclose, was a critical factor in Linde getting the superior decision it did, which was a declination to prosecute. The investigation was a very difficult set of facts, very convoluted, very muddled up over many countries with shell companies, direct companies, and others. You really must have experienced investigative counsel for things that are outside the routine. Having an experienced, season and competent FCPA bar-lawyer who could both investigate it and negotiate with the government is very critical going forward.
Three Key Takeaways
- Work to engender employee trust.
- The SEC Whistleblower program is a huge success and is not going away.
- Use experienced investigative counsel for hotlines reports of serious wrongdoing.