Solution

Ethics & Compliance

The function of Ethics & Compliance has a powerful platform within the organization that reaches every employee and can become a powerful strategic driver if leveraged the right way.

This is reflected, not just in global trends within the Ethics & Compliance field, where it’s increasingly clear that the function plays a key role in helping organizations navigate the waters of bias, diversity, and equity as well as growing concerns such as ESG (Environment, Social, and Governance), but also by the attitudes of lawmakers. 

Regulators around the world are expanding their operational reach beyond their jurisdictions and public prosecutors are becoming more involved and as a result, regulators, auditors, customers, employees, suppliers, and society at large are considering the “culture of ethical conduct and compliance” more so than ever before.

MobileApp_Mockup Detailed

Vault Platform: Your solution for Ethics & Compliance

The point of an effective Ethics & Compliance program is partly preventative – to ensure the Code of Conduct and expectations around behavior are adequately communicated and employees receive appropriate training; and partly documenting these efforts and adherence to rules and regulations as well as any breaches that are exposed. 

This means that when an employee is in violation of the rules set out, if a company can prove it took all necessary steps to ensure that the employee was aware of the rules but still chose to break them, prosecutors should be more likely to pursue the employee than the company. 

Vault Platform developed its misconduct incident reporting and resolution solution after finding that incumbent incident reporting mechanisms failed to expose the majority of misconduct taking place. Meanwhile, case management systems were clunky and fragmented, making life difficult for E&C investigators to resolve incident reports. 

Vault Platform solves the problem of exposing more misconduct, using modern, accessible intake methods, and streamlines the case management process to get to an investigation resolution as quickly as possible, with maximum documentation and proof of evidence.

Book a guided tour

Effective incident reporting and resolution is critical to integrity

In an international setting, the US federal law against corruption, the Foreign Corrupt Practices Act (FCPA), and the British Bribery Act (UKBA) are most relevant to E&C professionals but there are national considerations as well. 

The US Department of Justice (DoJ) recently updated its Corporate Compliance Guidance indicating heightened scrutiny over its understanding of how compliance programs should work as well as on the effectiveness of such programs.

The DoJ will look at three attributes in investigations: 

  • Is the corporation’s compliance program well designed?
  • Is the program being implemented effectively?
  • Does the compliance program work in practice?

The authority says that the hallmark of a well-designed compliance program is “the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct.” 

Achieving such a goal – a speak up culture – is a challenge many companies are faced with and actively addressing. Vault Platform is currently participating in several Working Groups within the Ethics & Compliance Initiative (ECI) to share and learn from experiences on achieving a successful compliance program, and transparency is fast emerging as the foundation to this success. 

Just how a company is tracking and monitoring its program, and how it is iterating and improving that program based on past experiences is the lens through which integrity is cultivated, helping develop a culture where compliance failures are not just exposed and resolved but also less likely to happen at all. 

But how can you take an accurate measure of your company’s ethical health if your people won’t talk to you because the barriers to do so are too high? 

Ethics hotlines don’t work

When ‘speak up’ programs were first implemented, largely driven by regulations such as Sarbanes-Oxley in 2002, the most reasonable method of capturing incident reports from employees was a literal telephone hotline. Since then, not much innovation has been seen as many ethics and compliance leaders had achieved what the regulation stipulated, which was simply to offer a mechanism employees could use to report their concerns about corruption. The Global Business Ethics Survey 2019, revealed that hotlines have fallen far out of fashion, accounting for only 6% of internal reports of misconduct as an intake channel. The most popular reporting channel by far is a mention to a direct supervisor, which introduces its own challenges – escalation being at the supervisor’s personal discretion, possibly reflecting badly on them, and it’s also not uncommon for the problem person to be in the reporting employee’s management tree. This means not only does the ethics and compliance reporting procedure not help, but it’s also part of the problem.

Compliance was largely a check-box exercise resulting in there being more cons than pros for any prospective whistleblower. The conundrum is that a potential whistleblower has to act in line with their own moral compass and likely face retaliation for breaching their employment contract or to ignore their concerns to keep their employer on side. 

The extensive research of James Detert, a professor of business administration at the University of Virginia’s Darden School of Business, found that no matter how good the intentions, well-meaning initiatives to encourage openness and transparency fall short for two key reasons: a fear of consequences (embarrassment, isolation, low performance ratings, lost promotions, and even firing) and a sense of futility (the belief that saying something won’t make a difference, so why bother?). All this is further compounded if people are fearing for their jobs during a global crisis. 

If whistleblowers or employees reporting incidents of misconduct find their efforts to raise the alarm internally fall on deaf ears, they will either drop the case and be discouraged from speaking up in future, or will try an external channel such as the SEC in the US or FCA in the UK. During times of crisis, reports to external channels increase significantly. 

“In times of market volatility or disruption, we see upward trends in reporting – we saw that in the 2008 crisis. And COVID-19 certainly qualifies as market disruption and volatility… It is usually when the company does not take action that people report to the SEC,” – Jane Norberg, Chief of the Office of the Whistleblower, Enforcement Division, United States Securities and Exchange Commission, speaking at the ECI Best Practice Forum, 2020.

how Vault Platform helps your company facilitate internal whistleblowing

Bullying

Vault Platform reveals previously invisible misconduct by encouraging employees to speak up internally

Discrimination

Set the groundwork for a robust and ethical workplace environment that shows misconduct will not be tolerated

Health

Demonstrate that those who speak up will be listened to and supported

OUR PRODUCTS

Reveal and resolve
misconduct in your workplace

Mobile App

Vault-MobileApp-Icon

Open Reporting

Vault-OpenReporting-Icon

Resolution Hub

Vault-ResHub-Icon

Data & Analytics

Security

A trust platform with
security at the core

Vault Platform’s core application is to facilitate trust between companies and their people and to help to create working environments that are inclusive, diverse, productive and safe. This is why we consider security and data privacy to be critical components of our platform and why both are at the foundation of everything we do.

Vault-Security-1

Vault Platform is ISO 27001 certified and GDPR compliant

Vault-Security-2

Data encryption in transit and at rest: TLS and AES-256 technology protects your information

Vault-Security-3

Servers located in the EU and UK, in AWS data centres that are ISO 27001, SOC 1 and SOC 2 certified