Editor’s note: Yesterday, Dan focused on the new age bounty hunter that came about from he passage of The Dodd-Frank Wall Street Reform And Consumer Protection Act (Dodd-Frank) in July 2010: the “corporate whistleblower.” Today he continues his discussion, talking about testing your company’s systems, policies, processes and procedures.
From a corporate fraud standpoint, there are several areas that I want to highlight as part of this testing/reviewing process: internal reporting tools, communication, training and reporting protection.
Internal Reporting Tools
The purpose of a corporation’s internal reporting system (the ethics hotline) is to provide employees with an anonymous mechanism to report ethics concerns, possible fraud and unethical or inappropriate behavior so that the corporation can investigate the allegation, determine if there is a factual basis for the allegation, take appropriate employment and legal action (if necessary) against the individual(s) involved, and strengthen the internal controls surrounding the company’s processes, practices and procedures which may have been violated (post mortem analysis).
It is important to note, however, that not all calls to the ethics hotline are indicative of corporate fraud or inappropriate behavior, and no adverse action of any kind should be taken without significant, independent fact-finding investigation (“Just the facts, ma’am”) to confirm the validity of the report.
Employers need to ensure that all reports to the ethics hotline are investigated in a timely, unbiased and thorough manner, appropriately documented in a central document repository or case management information reporting system, and retained in accordance with the company’s data records retention schedule.
Communication
Communication, as always, is imperative. In light of Dodd-Frank, however, employers should increase regular communication to employees through internal company communication tools (newsletters, websites, intranet, postings, employee handbook updates, new hire orientation training, emails, flyers, mailings, etc.) regarding ethical behavior, and company standards for business dealings, sales practices and a host of other corporate policies like Acceptable Use of Company Technology, Code of Business Conduct, Conflict of Interest and the Foreign Corrupt Practices Act (FCPA).
Communication should also remind employees of the internal reporting mechanisms and tools available for them to use if they have concerns about specific behavior or practices. These tools shouldn’t require employees to look hard to find them.
Lastly, companies must ensure that their internal control communication and event notification procedures are being followed so that the audit committee, board of directors and other senior management are being made aware of potential issues in a near real-time basis.
Increased communication standards, and open door policies, should help businesses get out in front of issues before they get ugly and create a need for regulators carrying big sticks. This is where the well rounded, holistic management approach that I’ve written about and outlined in the past (Tis the Season To Analyze Your Anti-fraud Efforts For The New Year) is valuable and pays dividends.
Training
In addition to increasing internal communication, companies should increase the amount of regular ethics training provided to employees, reinforcing the corporation’s ethical culture and code of business conduct.
CCI author and ethics expert Frank Bucaro had this to say about it:
“One shot ethics training is really no ethics training at all. There are so many possibilities, for all budgets in developing impactful ethics training. Organizations that are genuine in their desire to offer ethics training to all employees should seriously consider developing a well planned, fully integrated and ongoing training program.”
I completely agree with Bucaro about the return on ethics training investment and the “that kind of behavior is NOT tolerated around here” culture it promotes.
Additionally, companies should require and track annual certification by employees, acknowledging that they have reviewed the training material and will abide by the company’s ethical standards. While this may currently be done pursuant to Sarbanes Oxley provisions, re-evaluating your ethics training programs and strengthening efforts in this area is strongly recommended in light of regulatory acts like Dodd-Frank that incentivize employees to come forward with information.
Reporting Protection
Finally, given the anti-retaliation provisions of Dodd-Frank, which strengthen existing Sarbanes Oxley whistleblower provisions (SEC. 806. Protection For Employees of Publicly Traded Companies Who Provide Evidence of Fraud), employers need to work with their human resources departments and labor lawyers to ensure that individuals who come forward via the internal reporting mechanism are not retaliated against if their identity becomes known.
Employees who recognize that there are company processes in place to protect them might look internally first for resolution before seeking out the SEC. After all, whistleblowing rewards might not ultimately be the huge “golden ticket” that the eccentric chocolateer Willy Wonka promotes it as.
In conclusion, in light of Dodd-Frank it’s apparent that there is no time like the present to address ethics and compliance performance issues. Now is the time to test, analyze, assess and optimize your company’s ethics, compliance, audit, employment processes, technology tools and reporting efforts to ensure a strong internal ethical culture and that “all systems are a go.”
Do your systems work? How do you know? Are you regularly testing them? Just because they worked last year doesn’t mean they’re working this year.
Having a robust ethics and compliance program might not only assist in defeating the financial incentives for new age bounty hunters (whistleblowers) to bypass your processes, but it could prevent the kind of financial mayhem, brand damage and lack of consumer confidence that comes it. Once your ethics system fails, it goes to the government and you become front-page news at The Wall Street Journal.
**********
About the Author
Daniel Draz is the principal at Fraud Solutions. Draz is a senior fraud and investigations management professional with extensive experience in the private sector. He has a Masters in Economic Crime Management and is a Certified Fraud Examiner (CFE). Often published in industry and trade publications, he also develops customized training content for speaking engagements and currently consults with companies on their anti-fraud/risk mitigation efforts, employee training and investigation applications. Email: dan@fraudsolutions.com.
PDF 
