While speaking to Lisa Fine, Director of Compliance at Pearson, and host of the Great Women in Compliance podcast, Vault Platform co-founder Neta Meidav set out the four key steps to creating a successful Speak Up program. 

Set the intention 

From the outset, the aim of the program must be to actively lower the barriers employees face to incident reporting when it comes to misconduct at work

The way misconduct reporting systems were set up in the past resulted in there being more cons than pros for any prospective reporter or whistleblower. Any potential whistleblower faces a choice – to act in line with their own moral compass and likely face retaliation for breaching their employment contract, or to ignore their concerns to keep their employer on side. 

The extensive research of James Detert, a professor of business administration at the University of Virginia’s Darden School of Business, found that no matter how good the intentions, such well-meaning initiatives to encourage openness and transparency fall short for two key reasons: a fear of consequences (embarrassment, isolation, low performance ratings, lost promotions, and even firing) and a sense of futility (the belief that saying something won’t make a difference, so why bother?). 

These concerns are further compounded if people are fearing for their jobs during a global crisis such as the current pandemic. So the focus needs to be on encouraging people to come forward and establishing a level of confidence that whatever the outcome of the report investigation, their experience as a reporter will be a positive one. 

Every organization will have misconduct at some point in some form, it’s a statistical probability and has little bearing on how ‘good’ a culture is. So a good speak-up program becomes about uncovering or surfacing misconduct and resolving it before it grows and enables a toxic culture. 

A compliance officer needs to acknowledge the fact that more incoming reports are better for the company because it’s what you don’t know that can hurt you. A compliance officer’s success is measured on the ethical health of the company, something which is difficult to do when your existing intake mechanisms only surface a low percentage of misconduct reports and disincentivize the reporting of far more. 

Consider how doctors measure their effectiveness – not by zero sickness or low sickness in their clinic but by early detection of issues and rapid and appropriate treatment before they become acute.

Go beyond ‘canned compliance’

The deployment of a ‘Speak Up program’ has largely been about checking a compliance box for years. When ‘Speak Up’ programs were first implemented, largely driven by regulations such as Sarbanes-Oxley in 2002, the most reasonable method of capturing incident reports from employees was a literal telephone hotline. Since then, technology has moved on in leaps and bounds but not much innovation has been seen as many ethics and compliance leaders had achieved what the regulation stipulated – simply to offer a mechanism employees could use to report their concerns about corruption. 

Optimizing the accessibility of that mechanism was outside of the scope of the regulation, resulting in a low threshold for usage.  

A successful program will analyze and iterate based on accessibility and compliance officers should periodically review new technologies as well as consider social trends. For example, a telephone line may have been the most appropriate channel for reporting incidents 20 years ago but it’s a communication channel that has been overtaken by digital solutions in almost all aspects of life. 

Couple accessibility with making ‘compliance culture’ a state of mind by embedding Speak Up training into the onboarding and offboarding processes and reminding employees at every single opportunity.  

If companies don’t fix these mechanisms voluntarily there is every indication they will eventually be told to. There are UK Government initiatives such as the EHRC guidelines on dealing with sexual misconduct at work, that are due to become legislation. Meanwhile, the US Department of Justice (DoJ) updated its Corporate Compliance Guidance indicating that prosecutors will look at three attributes in investigations: 

  • Is the corporation’s compliance program well designed?
  • Is the program being implemented effectively?
  • Does the compliance program work in practice?

The DoJ suggests that the hallmark of a well-designed compliance program is “the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct.” 

Remove the intermediary 

Trust can’t be outsourced and shouldn’t be outsourced. A company needs to own the trust aspect of its relationship with its people and it does that by removing as many obstructions as possible that sit between the employer and employee and may end up diluting the employee voice.  

To achieve the accountability necessary for integrity to thrive, the connection between the teams acting on investigations and case management and the employees reporting incidents needs to be direct. This is especially important when it comes to resolution (see my next point) and is crucial during times such as these when a large portion of the workforce is distributed and anxiety levels are increased due to the pandemic. 

You have to build trust from ground up and embed integrity into the heart of the company, by standing by your values and communicate in an open and transparent way your desire to do something about issues at large and make sure all relevant voices are heard.

Drive for resolution 

Investigations or cases need to be resolved not managed. We named our ‘case management’ system the Resolution Hub because that’s its purpose. Compliance and ethics professionals are worthy of advanced solutions to help them do their job and that means driving resolution for all cases, anonymous or otherwise. 

Anonymity certainly has its place in incident reporting and whistleblowing, although that’s largely as a result of the embedded disincentives to reporting, but legacy tools make it difficult to address issues while protecting the identity of the people who raised them. Reporting unethical behavior won’t do any good unless an ombudsperson can assess the extent of the problem, explore the causes, and develop recommendations. That means interviews need to be conducted, stories corroborated, and additional data collected—typically from the accuser. 

Modern technologies achieve something that couldn’t be done in the past – enable two-way dialogue between employee and employer while protecting the employee’s identity if they desire. 

Resolution is also heavily tied to trust. If people are to trust the system put in place, they need to be able to see appropriate action has been taken, even if they don’t agree with the outcome. If you don’t want people to think their comments went straight to the trash can, make sure you tell them what you did next and what they can expect as a result. In surveys of more than 3,500 employees in multiple companies, Professor James Detert found that a failure to close the loop increased employees’ belief that speaking up was futile by 30%. But if the organization had closed the loop in the past, employees spoke up 19% more frequently.

Find out how Vault Open Reporting can extend the power of a Speak Up culture to your entire ecosystem 

[wp-faq-schema title=”Frequently Asked Questions”]