For the Astros, it is not this season's ignominious record of 107 losses, which they achieved yesterday with a season ending loss to the Chicago Cubs, but the magic number of 186; which is the number of days until the Astros open the 2013 season and the next time they will be tied for first place in the American League (AL) West Division.
For the compliance practitioner, the same might be asked of your company's hotline. However apocryphal the story might be it is too good to pass up so here we go: When, in final negotiations with a company to resolve a Foreign Corrupt Practices Act (FCPA) violation, the Department of Justice (DOJ) attorney asked for the phone number of the company's hotline. Counsel representing the company dutifully provided the number and the DOJ attorney called the hotline only to find it was "not a working number." Oops.
I thought about the above story in the context of the maxim that not all hotlines are created, or more importantly, administered equally. In an article entitled "Hotline Report Reveals Compliance Concerns" author Karen Kroll looked at the "2012 Corporate Governance and Compliance Hotline Benchmarking Report" and found what she termed "troubling findings", which are that not only are instances of fraud increasing but that retaliation against whistleblowers is increasing as well. Kroll noted that "despite greater protection for whistleblowers in the Dodd-Frank Act, calls concerning potential retaliation against an employee who has made an inquiry through a hotline increased to 2.9 percent of overall incidents, up from just 2.1 percent in 2010." But as bad as these figures are they seem to only presage Kroll's penultimate conclusion, which is that internal reporting will slowly wither away with the protections offered by whistleblowers under the Dodd-Frank Act and the attendant bounties that can be paid to a whistleblower in the event a violation is uncovered and an enforcement action results in a fine or penalty paid to the US government.
I recently saw a White Paper by Business Controls, Inc., released through Compliance Week, where an un-named author posited that there are seven essential features to create an effective hotline. I found this article to be useful in that it provided information by which a compliance practitioner could quickly review how his or her company might set up a hotline. The seven criteria are as follows.
Like other risk management issues, hotlines must also be managed effectively after implementation and roll-out. Here are some practical tips which will help you make your hotline an effective and useful tool.
Get the word out. If employees don't know about the hotline, they won't use it. Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Put up posters and distribute cards that employees can keep in their wallets or desk drawers. Deliver in-person presentations where possible. And don't think of the promotional initiative as a one-time effort. It's important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them. Some hotlines offer promotional materials to help make the job easier; make sure you ask what type of promotional support may be available.
Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. HR and compliance staff will need training too, to help them understand how the hotline impacts their day-to-day activities. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.
Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Examples might be what percentage of employees use the hotline and what issues are they submitting? A healthy hotline reporting system will yield reports from .5 to 2 percent of your employee base. If your reporting patterns are higher or lower, it may indicate mistrust of the hotline, misuse, or a widespread compliance issue. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.
Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success. Even when a complaint proves to be unfounded, it can still provide an opportunity to open a dialogue with employees and clear up any misunderstandings. Responding to reported issues also gives compliance officers a chance to prove that issues can be resolved or addressed while protecting the privacy and anonymity of the whistleblower.
As with the management of third party representatives, your real work begins are the contract is signed. You simply cannot set up a hotline without managing it. A fairly administered hotline and investigation protocol is a key component of fair process in your compliance regime. So take a look at your hotline based upon the above concepts. It may be that your magic number needs to change.
Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2012
For more information about LexisNexis products and solutions connect with us through our corporate site.