Every once in awhile I see something happening at a company that surprises me—in a good way—about its corporate approach to compliance and culture.
Most recently it was a comment from the audit committee chairman for a global foods company, describing the company’s practice of planting “false tips” within its organization to see whether those concerns will be reported and rise to the top. It was similar to another company that routinely drops complaints into its confidential hotline to verify the performance of its third-party provider in different parts of the world. After many years in the trenches of compliance and ethics, and as an observer of how organizations can sometimes lack political will to “walk the talk,” these developments are heartening.
That said, people at the very top of an organization—whether they’re in the boardroom or the C-suite—always have a difficult time understanding what really happens on the ground when an employee decides to use the company’s confidential hotline to report suspected wrongdoing. (And make no mistake, for almost all employees, reporting a complaint on the hotline is a very big step.) In fact, once a call is logged into the system, there are 1,001 ways the process can go awry. (I won’t even address all the ways employees can be discouraged from making that important call in the first place; that’s a topic for another day.)
So for the benefit of that global food company board member and many other CEOs and corporate directors I’ve spoken to in the course of my work, here’s a list of just a few ways in which that one critical employee call—the one that the drafters of the Sarbanes-Oxley Act had in mind when they required boards to establish a channel for “confidential, anonymous submission” of employee concerns—can fail to reach the very people at the top of the company who want to know about it:
The call is routed to an investigator who, while well intentioned, lacks the training or subject matter expertise to determine the facts properly.
There is internal delay finding or assigning an appropriate investigator (whether due to lack of resources or turf problems) and the evidence evaporates, becomes stale or otherwise compromised.
A senior manager with an interest in the outcome of the investigation hears about the matter, calls the investigator, and otherwise interferes with the process.
A powerful CFO or CEO calls in the chief compliance and ethics officer and tells her to end the investigation, or else.
The matter is referred to an audit committee member, who then sends it to the general counsel, not realizing that the general counsel has a conflict of interest.
Another department, such as security or personnel, demands ownership over the matter but then fails to investigate and resolve adequately.
The business-unit leader makes off-hand but disparaging comments about the investigation during the monthly staff meeting, discouraging team members from cooperating.
The head of human resources learns of the investigation during an integrity committee meeting, and then carelessly violates confidentiality at a company dinner. The investigation becomes tainted.
A manager known to be a protégé of the CEO is interviewed, but later writes a follow up e-mail to the lead investigator intending to intimidate, chilling further progress in the case.
Although the chief compliance officer deems the matter serious enough to merit retaining an independent investigator, no budget exists for an outside expert. The internal investigators fear that their findings will not be well received by certain powerful factions in the company.
Some of these possible “spoilers” may seem far-fetched, but each represents an actual event from a real company hotline case. Knowing what we know, many current and former chief compliance officers would not be surprised if less than half of the matters that should reach the top actually get there.
And if that’s not bad enough, surveys indicate that only about 3 percent of employee concerns are raised through the company hotline. If hotline cases are vulnerable to derailment, what hope is there for the remaining 97 percent raised through other channels, where fewer formal procedures and oversight are likely to be in place?
But the news is not all bad. The development and operation of an effective confidential employee helpline, like many aspects of a meaningful, well-constructed compliance and ethics program, is a multi-disciplinary effort requiring senior-level oversight, expertise, experience, and coordination.
Companies truly serious about their approach to compliance and ethics can take a giant step forward by establishing a senior-level chief compliance officer. That person should have direct access to the board as well as the experience, clout, resources, mandate, empowerment, and “seat at the table” to make things happen within the organization. This one action can do more to mitigate the effect of “spoilers” like those above, set the proper tone at the top regulators want to see, and ensure that other key elements such as risk assessment, monitoring, enforcement, training, and reporting to the board, all work as intended.
So I’ll end this open letter with an undeniable truth for CEOs and boards: It’s a perilous world out there for the business of integrity; many factors (and actors) threaten to derail your best-intended processes. You can have all the right bells and whistles, such as a confidential hotline, a “false tips” audit, or state-of-the-art-compliance procedures. But without an empowered compliance and ethics leader, beware a false sense of security. Putting a senior-level chief compliance and ethics officer at the helm of your company’s approach to integrity isn’t just a nice addition in these difficult days; it’s simply the intelligent thing to do.
No comments yet