The Critical Dataset: HR, Hotlines and Incident Management
It is easy to get swept up into compliance trends, prognosticators of the future, and future compliance terms such as “artificial intelligence,” or “blockchain.” Do not get me wrong, these are the terms for the future and eventually they will be part of common compliance conversations.
But sometimes we need to get back to basics. In some cases, Chief Compliance Officers need to remind themselves of important basic principles. In this way, consistent compliance foundations can be built and program expectations are manageable.
While much has been written about “operationalizing” a compliance program, the term leaves out some important concepts. Sometimes internal constituencies do not play well with others. I am always surprised when speaking to compliance professionals about the lack of cooperation and coordination among natural brothers/sisters in arms.
Take, for example, the respective roles and responsibilities of human resources and compliance. In some cases, CCOs have complained that HR professionals will not “share data.” That is an odd problem and one that is hard to understand. HR and compliance are natural allies, they should be transparent with each other, and coordinate regularly.
One critical area to work together is incident data and overall management. HR has access to employment issues, complaints and overall working conditions and issues. Compliance has access to hotline complaints that are received through the hotline system. In most cases, HR issues that come in through the hotline are investigated and resolved by HR.
HR also receives lots of data from “walk-in” complaints, as well as non-hotline complaints. Sometimes HR receives complaints on non-HR topics or mixed topics (e.g. HR and fraud, conflicts of interest).
Compliance has a basic responsibility to collect, review and analyze data concerning all reporting and investigations. The Justice Department’s Evaluation Guidance issued in late April 2019 specifically mandated this responsibility as part of a company’s reporting and investigation function.
Under this responsibility, HR has to share incident data with compliance, whether reported formally or informally, and compliance should track, monitor and measure such data for purposes of managing the company’s culture and risks. No longer can HR maintain sole custody and responsibility over HR data since such data is a critical source of information needed by compliance.
With the data, compliance has to look for trends based on types of concerns, individuals involved, regions, business lines, specific functions, and other relevant factors. This data is something that can provide valuable insights into a company’s culture and provide opportunities for compliance to intervene proactively to address potential problems before they increase.
For example, a company might be able to identify a pattern of employee complaints focused on a specific supervisor or manager in a region or business line. Such misconduct, while not rising to the level of disciplinary response may indicate potential morale problems that can quickly translate into more serious employee misconduct (or supervisory misconduct).
Compliance is the keeper of a company’s culture and can use incident data to monitor employee perceptions and potential problems. It is essential that compliance have access to employee conduct data across the organization – “line-of-sight.” From this vantage, a CCO can exercise his or her discretion to focus on specific trends, intervene when necessary and implement proactive solutions.