Often-Overlooked Factors in Risk Management

Driving Down Risk, From the Cubicle to the C-Suite

Effective employee engagement and reporting is key to accountability and effective risk management. So why are we not paying more attention to how today’s workforce prefers to communicate?

with co-author Jay R. Taylor, CEO of EagleNext Advisors

We are entering an era in which seemingly every decision made by managers of fraud prevention, audit, security and ethics are reviewed not just by C-Suite leadership and board members, but also after-the-fact by regulators, stockholders and the public. In financial services, managers of risk from across the enterprise, as well as directors and board members, are finding the evolution from an emphasis on meeting compliance obligations to a longer-term focus on organizational values, ethics and culture to be challenging. Ensuring that you have unvarnished observations from every corner and level of the organization is key to ensuring that you can meet the expectations of both internal and external customers and stakeholders.

A core responsibility of senior leadership and the board of directors is ensuring communication channels for employee reporting of workplace concerns are both available and effective.

As a senior executive or board member, you are probably aware of information gaps and are concerned. You don’t want to learn about events in the headlines or when reporters begin calling you for comment. One way to ensure you learn what is really going on in your organization is to listen more effectively. Each and every staff member, contractor or vendor connected to your organization may possess vital clues that too often remain undiscovered until after the fact.

While the quality of employee engagement and awareness campaign techniques has steadily improved in recent years, the same cannot be said for employee reporting channels. Evidence for this comes in part from a recent anonymous poll conducted by the creators of Neighborhood Watch® for Corporations. Results revealed that 45 percent of employees in financial services, health care and advanced manufacturing sectors observed behaviors of concern at least once within in the last year – harassment, fraud or a safety issue, for example – but did not report it to management. Fully 30 percent witnessed more than one concerning issue or incident and chose not to report it.

The False Sense of Security Created by a Reliance on Outdated Employee Reporting Channels

It is fair to expect your entire staff to support efforts to combat issues such as fraud and sexual harassment by speaking up. Let’s face it though: a certain percentage of employees are simply not going to “say something when they see something.” Some will always speak up.  Still others – probably the majority of employees – will share details of a concern if you make it easy for them to do so. For this to occur with any regularity, however, you need to ensure that the reporting process meets expectations regarding user experience, convenience and confidentiality.

Anecdotal evidence is everywhere that impersonal communication preferences have changed for the vast majority of the workforce. Walk down any hallway at work these days and you risk running into someone who is focused on a text or app rather than where they are going. Recent studies support this shift, as Americans age 55 and under now text and email at least as much as they make phone calls.[1]

Beyond traditional third-party phone hotlines, consider that the average employee faces a multiplicity of internal safety, human resources, ethics and security hotlines, forms and departmental email addresses for sharing their concerns. For a workforce faced with endless opportunities for distraction, any barrier to reporting – from confusion over which channel to use, to an aversion to making calls, to concerns about anonymity when using a form or email – increases the risk of them dropping out of the reporting pipeline. Thus, several redundant methods of communication scattered across the enterprise, rather than a single multi-faceted entry point, may actually be increasing risk.

Context is King (or Queen)

In addition to the challenge of utilization, traditional communication channels such as hotlines, forms and general departmental emails share an additional shortcoming in that they collect only basic information. Said another way, they record what someone wants to say, rather than what the experts who respond to concerns need to know. Without situational context, investigators and responders often lack the details needed to most effectively follow up. This results in investigations and remediation efforts that take longer to conduct and are at risk of being misguided or incomplete. Beyond recent headlines about failures in addressing sexual harassment or cybersecurity breaches, an indication of the risk/reward of effective employee reporting is provided by the 2017 ACFE Report to Nations. In their essential annual report, ACFE revealed that the cost of an average incident of fraud doubles from $100,000 to $200,000 when the organization lacks an effective employee hotline.

The era of counting on staff to walk into your office or make a call to share a concern is over. The key to maximizing your limited resources and preventing incidents remains increasing proactive engagement with the “eyes and ears” of your entire workforce, as well as ensuring that engagement results in increased efficiencies from the capture of relevant, actionable context. Why then are most companies still relying on increasingly outdated employee reporting methods to capture information that could prevent or mitigate potentially harmful incidents that carry with them massive costs?

Augmenting and Engaging Your Workforce with Artificial Intelligence-Powered Apps and Bots

Those tasked with responding to fraud, harassment and other incidents almost always prefer in-person reporting. That said, augmenting communication regarding workplace concerns with an AI-powered platform can provide a decided advantage in the battle to mitigate costly risks. More comprehensive and flexible than static forms, expert systems or decision trees, a solution that utilizes AI has the power to mimic a range of expert interviews in an app or desktop interaction.

The specific enabling technology behind the ability to employ this type of an intelligent reporting platform is machine learning, the subset of AI that focuses on the use of algorithms to process data in a way that informs useful predictions. A significant drawback to this approach, however, is that it requires large volumes of data from which knowledge engineers draw fuel to train these systems. This is a significant challenge in areas such as investigation of security, safety, ethics and other risk management issues, where large sets of training data are lacking. Thus, any effective solutions must instead rely on a carefully curated source of data based on inputs from subject matter experts.

Perhaps owing in part to the challenge of obtaining and curating expert knowledge, the few existing reporting tools that advertise use of AI employ it to support relatively basic interactions. The most common example of this are the chatbots you often see on websites in support of customer service. These tools also rely on natural language processing (NLP).  Like machine learning, NLP is a subset of AI and deals more specifically with understanding the complexities of human language. While useful for basic interactions, solutions that focus on NLP do little to add to the context on which effective responses to critical issues rely.

Take the case of computer theft. Traditional forms or scripted hotline calls, whether or not powered by NLP, would treat the theft of a computer and a hammer the same way – an object has been stolen. In contrast, a system that uses machine learning with training data created by vetted subject matter experts would appreciate that the actual issue at hand is data security and privacy and will then intelligently guide the user through an interaction focused on those issues.  Similarly, an investigation into allegations of sexual harassment, money laundering or fraud might take a dramatic turn with the addition of context beyond who was involved or when the incident happened.

Can AI-powered mobile apps improve employee reporting and reduce the time and money spent on obtaining and responding to workplace concerns?

Within the financial services community, much is being made of convergence between AML, fraud prevention, loss control and cybersecurity. Done right, bringing together these kindred resources, skills and perspectives can be a powerful asset. The same is true with regard to the reporting tools that many times play a critical role in kicking off investigations and/or risk mitigation efforts. Meeting the workforce on their terms with an intelligent, mobile-first solution, partnered with desktop and telephone reporting mechanisms, you increase coverage and introduce efficiencies similar to that of ATMs or airport check-in kiosks.

Rather than replacing employees, this approach augments the relatively small number of security, ethics, safety, audit or HR professionals in the average workplace, allowing these key personnel to focus on high-value tasks. Just as important, recent studies have shown that automated interviews on mobile devices increases both disclosure and precision. Likewise, allowing users to respond when and where they want generally increases their levels of satisfaction with the experience.[2]

Yesterday’s single-issue telephone hotlines provided a “check the box” solution for compliance with SOX, HIPAA and OSHA reporting. Most companies also continue to rely on mix of internal phone extensions for reporting safety and security issues. The advent of email and web forms extended employee engagement on these and other workplace issues and incidents to the desktop. Like telephone hotlines, however, these methods are now outdated. Rather than a security blanket, relying solely on these methods actually invites underreporting and, eventually, will result in a lack of notice and accountability regarding costly incidents that could have been prevented.  Savvy leaders, however, will appreciate that meaningful workplace intelligence regarding a range of risk management issues will in the future rely on a meaningful combination of artificial intelligence and, for now, mobile-first design.

[1] Pew Research Center, April, 2015, “The Smartphone Difference” Available at: http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/

[2] Michael F. Schober, Frederick G. Conrad, Christopher Antoun, Patrick Ehlen, Stefanie Fail, Andrew L. Hupp, Michael Johnston, Lucas Vickers, H. Yanna Yan, Chan Zhang, “Precision and Disclosure in Text and Voice Interviews on Smartphones.” Department of Psychology, New School for Social Research, The New School, New York, New York, United States of America