Everyone should have one. If you need more convincing, please read my post, or any post for that matter, about the record $14 million award the SEC recently made to a whistleblower who helped to uncover investment fraud. Violations of securities laws are only one aspect of illegal behavior that should be covered by your program. It should extend to any unlawful activity, financial reporting irregularities, actions that would amount to serious improper conduct or any other activity that would be in violation of your company’s code of conduct.
Here are the three steps you will need:
Establish a process. This includes appointing specific employees who are responsible for receiving and investigating complaints. It may include establishing a mailbox or hotline.
Set clear ground rules. Make sure employees understand that there will be no retaliation and that allegations are kept confidential. You should also make clear that allegations made in bad faith will lead to disciplinary action.
Investigate, and do it timely. This is really the crucial one: If you receive a complaint, act on it. Evaluate whether an allegation is made in good faith and should be investigated. If not, formulate the reasons and record them. If yes, investigate.
The rewards will be manifold. You create a culture of openness and fairness. Employees may not feel the need to go directly to government agencies to report wrongdoing. You signal the tone from the top that you take your compliance program seriously. If you have a robust compliance program, that is. But that’s for another post.