Whistleblower Hotlines & Case Management Solutions: Major Challenges and Best Practice Recommendations. Whistleblower Hotlines: Making Headlines



Similar documents
The SEC Whistleblower Program and What You Need to Know

Whitepaper. Beyond Compliance: Implementing Effective Whistleblower Hotline Reporting Systems

Reporting misconduct

WMACCA Small Law Department Initiative. Scaling a Compliance Program To Your Organization And Small Law Department

Key Trends, Issues and Best Practices in Compliance 2014

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

Basic Provisions of California s AB 1825

Board of Directors and Management Oversight

Simple, smart, intuitive policy management

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Audit Committee Forum

ETHICS AS CULTURE. Presented by the Council of Public Relations Firms

Aligning Compliance Program Priorities with Business Objectives

Just FoodERP Whitepaper Series: BUYING VERSUS BUILDING SOFTWARE: A guide for food businesses that are experiencing growth

Policy Management Build vs. Buy: Why Policy Management Software Makes Sense

Antifraud program and controls assessment grid*

SEC WHISTLEBLOWER RULES UNDER DODD- FRANK. Presented by: Michael A. Saslaw September 12, 2013 Matthew J. Jacobs David R. Woodcock Barefoot Bankhead

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

CFPB Consumer Laws and Regulations

US ONSHORING OFFERS SUPERIOR EFFECTIVENESS OVER OFFSHORE FOR CRM IMPLEMENTATIONS

APEC General Elements of Effective Voluntary Corporate Compliance Programs

Assessment for Establishing a Whistleblower Hotline:

Understanding Your Ethics & Code of Conduct Training Requirements. May 29, 2008

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk

WHITEPAPER. Outsourced Service Providers. 5 Ways to Differentiate Your Service Offering8

PHI Air Medical, L.L.C. Compliance Plan

Employee Satisfaction

Riverside Community College District Policy No Human Resources

Improving the Customer Experience for Utilities Consumers Lowering Costs for a Strategic Imperative

Establishing An Effective Corporate Compliance Program Joan Feldman, Esq. Vincenzo Carannante, Esq. William Roberts, Esq.

Summary. ViiV Healthcare Compliance Program U.S. Operations

Fraud Risk Management

STAYING AHEAD OF THE PACK: EMERGING TRENDS & ISSUES WHISTLEBLOWING AFTER DODD-FRANK: A NEW WORLD

A Compelling Case for AP Automation in the Cloud

POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW

Corporate Compliance and Ethics Program Effective as adopted on February 21, 2012

STANDARDS PROGRAM For Canada s Charities & Nonprofits

STRATEGIES FOR KEEPING A WHISTLEBLOWER IN-HOUSE. By Susan Goetz Markel

Quattra s Cloud Vision & Framework Value

Supporting Effective Compliance Programs

TeleScope Digital Asset Management Solution Overview. Campaigns Can Only Move as Fast as Their Content

6 TH ANNUAL JOINT ACFE & IIA FRAUD CONFERENCE The Whistleblower Programs. April 17, Presented by:

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

White Paper: Optimizing the Cloud Infrastructure for Enterprise Applications

OCC 98-3 OCC BULLETIN

SS&C Outsourcing Services: Beyond Hosting

2015 Ethics & Compliance Healthcare Policy Management Benchmark Report

SCALABLE ENTERPRISE CRM SERVICES

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

Fraud Prevention and Deterrence

Fighting retaliation in a connected world

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Health Sciences Compliance Plan

A White Paper for Business Decision Makers

Updated 2014 HOW. the ETHICS PROCESS WORKS

6 Uncommon Ways to Create Breakthrough Value With Management Within and Beyond the Contact Center

ATS. The. The Staffing Agency s Guide to Buying an Applicant Tracking System

How to Choose the Best Web Content Management System for Customer Experience Management:

Client Alert October 3, Questions Page and a link to the SEC Final Rules addressing the Whistleblower Program.

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Digital Customer Experience

At the Heart of Virtualizing Insurance

LUZERNE/SCHUYLKILL WORKFORCE INVESTMENT BOARD CORPORATE COMPLIANCE/ETHICS PLAN

Sage ERP I White Paper

AssurX Makes Quality & Compliance a Given Not Just a Goal

whitepaper critical software characteristics

A Best Practice Guide

CLASS TITLE: COMPLIANCE MANAGER CLASS CODE: 0016 DEPARTMENT: MENTAL HEALTH FLSA STATUS: E REPORTS TO: MENTAL HEALTH DIRECTOR DATE: 08/05

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Optimizing government and insurance claims management with IBM Case Manager

Whistleblowing in the Corporate World Series: Part I

Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now

Cloud CRM. Scalable solutions for enterprise deployment

A Whitepaper for Corporate Decision-Makers

Compliance and Ethics Program Structure

KNOW YOUR THIRD PARTY

The Role of Customer Relationship Management (CRM) Solutions for Financial Services Wholesalers

CGI Payments360. Moving money with greater agility and confidence. Experience the commitment

WHITE PAPER Third-Party Risk Management Lifecycle Guide

FFIEC Cybersecurity Assessment Tool

Getting it right from the start: Taking a strategic approach to client onboarding

A Compelling Case for AP Automation in the Cloud

COMPLIANCE MANAGEMENT SYSTEM

Compliance and Ethics at the Federal Reserve Bank of New York

Whistleblower Laws & Internal Investigations: Tactics & Best Practices

AN ADERANT WHITE PAPER FOR LAW FIRMS EMBEDDED CASE MANAGEMENT: A BETTER WAY AUGUST 2014, ADERANT HOLDINGS, INC. ALL RIGHTS RESERVED

Beyond Compliance: Building a Robust Ethics and Compliance Program

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Marathon Information Management Program

Preparing for a Post Dodd Frank World

POLICY INVESTIGATIONS OF LEGAL AND ETHICAL MISCONDUCT

ASAE s Job Task Analysis Strategic Level Competencies

Compliance Training - Can you get it right?

The Role of Whistleblowers in Investing

BOARD OF DIRECTORS COMMUNICATION POLICY. Adopted February 25, 2015

Compliance Requirements for Healthcare Carriers

Whitepaper: 7 Steps to Developing a Cloud Security Plan

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Complete Financial Crime and Compliance Management

Transcription:

Whitepaper Products Whistleblower Hotlines & Case Management Solutions: Major Challenges and Best Practice Recommendations Edited By: Ed Petry The Ethical Leadership Group Whistleblower Hotlines: Making Headlines Many organizations are seeing the value of incorporating a professionally developed and managed whistleblower hotline and case management system to reduce unethical and/or illegal behavior among employees and within their supply chains. Recently, these initiatives are getting even more attention than usual. For example, under the Dodd Frank Wall Street Reform and Consumer Protection Act, the Securities and Exchange Commission (SEC) is required to establish a Whistleblower Program, under which it must pay an award to those who provide original information about a violation of federal securities laws if the information leads to a successful SEC enforcement that results in monetary sanctions over $1 million. The incentive-based nature of the SEC Whistleblower Program has received a lot of attention and organizations are in the midst of determining how it fits within the broader context of corporate ethics and compliance programs. However, there has been comparatively little dialogue regarding what experts say is among the most critical - and certainly most visible elements of the program: the whistleblower hotline. For organizations looking to develop and implement whistleblower programs, there are a number of key challenges related to the systems, processes and technology by which alleged violations will be submitted, tracked, prioritized, investigated and ultimately resolved. 2012 NAVEX Global. All rights reserved 1

The whistleblower hotline: Simple Strategy, complex challenges The Whistleblower Hotline: Simple Strategy, Complex Challenges The purpose of an organization s Hotline program is straightforward: to reduce employee misconduct and reduce organizational risk by identifying and resolving allegations of ethics and compliance violations as quickly and as efficiently as possible. Complexity arises when considering the full scope of designing, developing, implementing and maintaining the necessary people, processes and technology on a large-scale, quickly and with minimal available internal personnel and financial resources. The 9 key challenges related to development and management of an effective and efficient Hotline are as follows: 1. It is essential that the Hotline be perceived as independent and credible 2. The Hotline must be universally accessible and user-friendly 3. Systems, tools and processes must enable accurate, intelligent tracking, reporting and decision-making 4. It is critical that data can be analyzed to rapidly identify broader trends 5. The technology infrastructure must be secure, scalable and future-proofed 6. Potential whistleblowers need to be educated on when and how to use the Hotline 7. The Hotline must comply with various International regulations 8. The program requires dedicated expertise in ethics and compliance, integration and program management 9. The program s results and efficiency must be apparent to key stakeholders The following pages outline each of the above challenges as well as recommended best practices for addressing them. CHALLENGE 1: It is essential that the Hotline be perceived as independent and credible. About this Whitepaper This White Paper focuses on (a) the range of complex and unique challenges and requirements related to developing, implementing and maintaining a whistleblower hotline and case management system; and (b) the recommended best practices for addressing them. Best Practice: Ensure total confidence that the Hotline process is confidential and if desired anonymous. Calls will be answered by a live operator, as anonymous reporters will almost never leave voicemail messages. Reports and related information will be kept private and in a secure manner, whether or not a reporter prefers to remain anonymous. The system assigns Personal Identification Numbers (PINs) or other confidential identifiers by which the organization can communicate with anonymous whistleblowers to provide updates and ask follow up questions. This process also allows an anonymous caller to identify him/herself to the organization as an investigation progresses. 2

The whistleblower hotline: Simple Strategy, complex challenges Best Practice: Prevent real or perceived conflicts of interest or fear of retaliation Hotline and case management system are operated and overseen separately and independently from: The organizations and individuals that are potential subjects of whistleblower complaints Individuals or departments within the organization or elsewhere that have any interest in the organizations or individuals that are potential subjects of complaints Individuals or departments within the organization or elsewhere that have any interest in the status or outcome of potential violations CHALLENGE 2: The Hotline must be universally accessible and user-friendly. Best Practice: Provide reporting channels that address how and when potential whistleblowers need to use the hotline Provide multiple channels for reporting to meet capabilities and preferences of all potential whistleblowers: phone, mobile, web and other Provide 24x7 x365 access (50% of calls come outside of business hours due to concerns about privacy and calls coming from outside of the U.S.) Facilitate reports from non-u.s. audiences in multiple languages and accessible by non-u.s. callers Best Practice: Ensure the hotline and related processes are highly functional as well as easy-to-use and understand User-friendly interfaces Customized scripting tailored to the type and source of allegation, as well as the targeted identity (i.e. public company vs. private, for-profit vs. academic, etc.); Scripts administered by trained professionals Best Practice: Assure users that complaints will be handled professionally and efficiently Professional, skilled interviewers who are trained on the questions that will elicit the details needed for appropriate follow up Integrated systems and processes to track status of each report Proven processes to ensure timely feedback and updates A clear follow up process is communicated to reporters 3

The whistleblower hotline: Simple Strategy, complex challenges CHALLENGE 3: Systems, tools and processes must enable accurate, intelligent tracking, reporting and decision-making Best Practice: Implement proven processes to handle a wide range of situations Key processes include handling and tracking of reports via multiple channels (phone, mobile, web, inperson); analyzing trends to identify broader issues or process breakdowns; and hand-offs between hotline staff and oversight/investigation teams Hotlines, reporting and data handling must meet regulatory requirements that may differ depending on company division and country in which the report originates or where the alleged activity occurred Escalation policies and procedures for time-sensitive issues: what topics, what characteristics, criteria should be prioritized Dedicated processes for handling anonymous reporters, including a unique, confidential coding system Best Practice: Implement integrated, streamlined case management Automated, software-based case management including workflow automation and process controls that enable consistent and thorough documentation and investigation of policy and procedure issues, violations and concerns Direct entry method for tracking issues reported by means other than the hotline (Open Door Policy), for complete and centralized management of issues Mobile case management for anytime, anywhere access Analytics, including robust tracking, reporting and trending issues, with summary and detail-level information Best Practice: Intelligent data collection Complex reports require live interaction by professionally trained personnel Enables probing to ensure informed questions are asked and proper information is collected Custom scripting addresses situations unique to the organization and the industry in which it operates CHALLENGE 4: It is critical that data can be analyzed rapidly to identify broader trends Best Practice: Reporting and analytics that yield useful, comprehensive management tools Automated, on-demand and online reporting tools integrated with hotline and case management systems 4

Trend analysis to detect widespread or repetitive issues in real-time Centralized database for distributed organizations Ability to provide on-demand holistic view as well as by office, region, category, etc. CHALLENGE 5: The technology infrastructure must be secure, scalable and future-proofed Best Practice: Robust, secure, compliant and scalable technology infrastructure Systems, infrastructure and processes designed with an emphasis on security and privacy, including: SAS 70 Type II Certification Safe Harbor Certification for provider and all interpretation and translation vendors Independent security and vulnerability assessments Software-as-a-Service (SaaS) model ensures that new versions and updates will be centrally deployed and not drain organizational resources Call and data routing and handling, management and storage systems and platforms that can quickly and cost-effectively scale as needed to meet demand. CHALLENGE 6: Potential whistleblowers need to be educated on when and how to use the Hotline Best Practice: Launch and create awareness of hotline. Create a custom, multi-channel campaign to raise initial awareness Develop ongoing education campaigns to boost/maintain mindshare Create materials in multiple languages for non-u.s. audiences Best Practice: Educate audience on when and how to use the hotline. Develop materials to explain what the hotline does and does not cover Reinforce the independence and discretion that is built into the program Create materials in multiple languages for non-u.s. audiences 5

CHALLENGE 7: The Hotline must comply with various international regulations Best Practice: Meet laws and standards in all relevant jurisdictions. Operate a European Union-Compliant data center to ensure meeting data privacy and other EU-specific requirements Ensure design and functionality of Hotline intake, Case Management processes, access and retention policies support regulatory requirements, i.e. the ability limit allegation reporting, minimize distribution of reports and sanitize information to comply with data privacy requirements Follow and maintain compliance with changing regulations on a country-by-country basis, including CNIL (France), APD/LOPD (Spain), UK Bribery Act (UK), PIPEDA (Canada), etc. CHALLENGE 8: The program requires dedicated expertise in ethics and compliance, integration and program management Best Practice: Dedicated People and Expertise Define overall business and operational ownership of the whistleblower program as well as for key elements Determine the types of middle management, supervisory and front-line staff needed to implement and maintain the hotline Develop a plan for acquiring and maintaining (training) the teams needed to properly handle reports, manage the investigation process, analyze trends and make key decisions Best Practice: Comprehensive and integrated strategy and planning Define the types of allegations should and may be covered by the Hotline program and the multiple jurisdictions in which it will operate Define potential whistleblowers and where they may be located Gauge and prioritize potential whistleblowers needs and concerns (i.e. confidentiality/ privacy) Develop a plan for integrating the hotline into other existing business processes what will it complement or replace? Profile the users/administrators and define how will they interact with the hotline systems Determine and prioritize the requirements/scope of the hotline (i.e. should it operate during business hours only or 24x7x365?) 6

CHALLENGE 9: The program s results and efficiency must be apparent to key stakeholders Best Practice: Real-time visibility into key trends by allegation type and organization Provide executive-level and board-level reporting and analysis that enables strategic assessment and diagnosis of the Whistleblower Program s performance and trajectory Generate on-demand reports that enable the organization to spot trends before they result in larger problems that are visible to the general public Deliver analyses that show bottom line reduction in misconduct Sourcing Considerations for the Whistleblower Hotline A Third Party Helps Establish the Program s Independence and Credibility There is a singularly unique aspect of a hotline that is, in and of itself, a reason to strongly consider selecting an expert third-party source to develop and maintain it: External management of the organization s whistleblower hotline ensures both in practice and perception that the entire process is separate from and independent of any potential conflicts. This independence will, in turn, encourage a potential whistleblower to contact the organization regarding suspected ethics and compliance misconduct. Managing the Program s Overall Complexity As described in previously, there is a degree of complexity involved in developing, deploying and managing the type of hotline and case management system required by an organization, from multi-lingual phone support to customized case management workflows to intelligent reporting and analytical tools. Simply put, the vast majority of organizations, whether in the public, private or government sector, are not equipped to, nor can they justify building and integrating the individual elements people, processes and technology to meet the requirements of an initiative such as a Whistleblower Program. While there are numerous companies that provide general outsourcing services to government agencies from government contractors to call center operators to business process outsourcing firms there is a small sub-set of ultra-specialized firms that can meet the complex and varied requirements described above. These specialized firms have dedicated hotline, case management and reporting solutions and services with expert consultants on staff to help develop the appropriate strategy and plan for an organization s Whistleblower hotline and case management systems. 7

The whistleblower hotline: Simple Strategy, complex challenges Performance, Privacy and Compliance Factors Related to Outsourcing The specialized purpose and function of an effective Whistleblower hotline and case management system translates into highly specialized requirements in areas such as: Delivery against service levels - Most organizations find it too labor-intensive to staff and operate the hotline and case management system 24 x 7 x 365 to accommodate calls outside of business hours, from non-u.s. locations and in multiple languages Ability to properly train - Continually hiring and training personnel to staff the hotline and perform case management functions is complex and costly and better suited to a specialized third party Efficient call and data routing and handling - Sophisticated software and processes are required to automate workflows and ensure the entire system performs accurately and will scale to meet demand Ensuring security and privacy - The systems, infrastructure and processes required to handle and store information in a secure and private manner mandates specialized expertise and processes typically not found outside of specialized service providers Maintaining international compliance - In most cases the expertise and cost of complying with multiple and changing regulations and guidelines - inside the U.S. and out cannot be justified by sourcing inhouse Cost Implications of Sourcing Decision There are significant considerations regarding cost and cost-effectiveness required for the overall design, development and maintenance of a hotline and case management system. Typically, a single organization cannot justify the high costs of building or acquiring the necessary components people, processes and technology and integrating them. Considerations include: Up-front Investment. An in-house hotline means devoting capital to purchasing or developing technology, software and systems as well as other expenses such as facilities and full-time staff Future-Proofing Technology. Software, hardware and other system components require upgrading and updating over time so that they do not become obsolete relative to the overall needs of the program Budgeting Predictability. The variable month-to-month and quarter-to-quarter expenses associated with managing a hotline and case management system can present challenges to budgeting and planning processes 8

The whistleblower hotline: Simple Strategy, complex challenges In Summary The integrated hotline and case management components are the employee facing front end of any Whistleblower Program. As such, their proper implementation and management will determine how the program is perceived by potential whistleblowers and other key stakeholders. The hotline will also largely conclude how effective and efficient the program is in meeting its overall objectives. In planning, developing, implementing and managing its Whistleblower Program to achieve its core goals for risk reduction, an organization must take into account several key factors: It is critical to both the performance and perception of the Whistleblower Program that reports are handled in an independent and confidential manner The range and depth of requirements translates into a high degree of complexity for the organization to plan, implement and maintain the people, processes and technology behind a successful hotline and case management initiatives The development and maintenance of the program, including the necessary specialized expertise, processes and technology, carries a significant cost as well as a very high risk of obsolescence Based on these factors, the organization must decide whether to manage the hotline and case management elements of its Whistleblower Program internally or seek a qualified third-party provider. The latter has proven to be a successful strategy for a number of government agencies that have deployed hotlines. If the organization chooses to outsource, rather than only considering generalized government contracting and outsourcing firms, it should seek an organization that specializes in providing ethics and compliance solutions and offers proven and scalable systems, processes, technology and expertise. 2012 NAVEX Global. All rights reserved 9

About the Editor Edward S Petry, PhD Vice President, Ethical Leadership Group The Advisory Services Practice of NAVEX Global Edward S. Petry, PhD, joined Ethical Leadership Group in 2005, after serving nine years as the Executive Director and a member of the Board of Directors of the Ethics and Compliance Officer Association (ECOA). He has been active in the business ethics field since 1986. At ELG, Ed is responsible for assisting corporations in designing and improving ethics and compliance initiatives including conducting program and culture assessments, writing corporate codes of conduct and designing and delivering training. Ed served for three years as a member of the U.S. Sentencing Commission s Advisory Group and was a member of the Ethics Oversight Committee for the United States Olympic Committee. He is also a member of the Advisory Board of the Society for Corporate Compliance and Ethics (SCCE) and was Program Director for the Conference Board for seven years. Dr. Petry has authored several major surveys including the U.S. Sentencing Commission s National Survey of Ethics and Compliance in Organizations (1995), Sources and Consequences of Workplace Pressure (1997) and Technology and Ethics in the Workplace (1998). He has edited and/ or co-authored six books on business ethics, published dozens of articles, and been a featured speaker at numerous national and international forums including the Conference Board, the Chautauqua Institute and was the 2004 Ben Williams Distinguished Speaker at Baylor University s Hankamer School of Business. He has been quoted or appeared in every major business publication and business media outlet. Ed received his Ph.D. in philosophy from Pennsylvania State University and has also received degrees in philosophy from the University of Toronto and Trinity College. Prior to becoming the ECOA s first full-time director, Dr. Petry was a tenured professor of philosophy at Bentley University. About NAVEX Global NAVEX Global is the trusted ethics and compliance expert for more than 8,000 clients in over 200 countries the largest ethics and compliance community in the world. A merger of industry leaders ELT, EthicsPoint, Global Compliance Services and PolicyTech, NAVEX Global provides a comprehensive suite of solutions to manage governance, risk and compliance (GRC), providing critical cross-program insights thorough unmatched expertise and actionable data. 866-297-0224 info@navexglobal.com www.navexglobal.com 10

11

12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information