115PM Practical Law Three

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

Resource ID: 1-618-8528

Setting Up and Operating a Company


Hotline Checklist
PRACTICAL LAW LABOR & EMPLOYMENT

Search the Resource ID numbers in blue on Westlaw for more.

This Checklist outlines the key steps to take and the This Checklist provides an overview of the key business and legal
issues to consider when setting up and operating a hotline. While this
principal issues to consider when setting up and Checklist focuses on corporate hotlines, many of the steps and issues
operating a company hotline (also referred to as an discussed also apply to hotlines in other types of organizations.

ethics, compliance, reporting, or whistleblowing


LAY THE GROUNDWORK FOR A HOTLINE
hotline or helpline). It addresses tone from the Counsel should lay the groundwork for setting up the company
top, local law considerations, selection of a hotline hotline by taking the following preliminary steps:
vendor, standard hotline functions, retaliation „„Obtain top level support for the hotline. A successful hotline
requires:
concerns, and hotline administration, policies, zz the strong, explicit, and visible support of the company’s
procedures, promotion, and assessment. governing body (such as the board of directors or board of
managers) and senior management;
zz an ethical “tone from the top” that builds a culture of integrity
A company hotline (also referred to as an ethics, compliance, within the company; and
reporting, or whistleblowing hotline or helpline) is a core element zz a commitment of resources to the implementation and
of an effective compliance program (see Practice Note, Developing maintenance of the hotline program, commensurate with the
a Legal Compliance Program: Five: Internal Reporting Mechanisms company’s size and needs.
(4-606-5696)). A hotline can be used to:
(See Practice Note, Developing a Legal Compliance Program:
„„Communicate important information between employees and Obtain Top Level Commitment and Support (4-606-5696)).
management.
„„Consider how to integrate and coordinate the hotline with other
„„Allow employees to report sensitive matters outside the normal compliance initiatives. Best practice includes synchronizing with
supervisory channels. the company’s:
„„Allow employees to report sensitive matters anonymously, zz compliance program (see Practice Note, Developing a Legal
depending on local law. Compliance Program (4-606-5696) and Developing a Legal
„„Provide management with valuable information that can be used Compliance Program Checklist (2-595-8085));
to reduce risk and liability for the company. zz code of conduct and ethics (see Practice Note, Corporate
A company’s challenge is to implement a hotline that: Governance Standards: Code of Ethics or Conduct (6-501-3891)
and Standard Document, Code of Ethics and Business Conduct
„„Empowers employees to identify wrongdoing and protect the
for a Public Company (2-505-5388)); and
integrity of the organization.
zz other policies, practices, and governance and risk activities (such
„„Motivates employees to report suspected misconduct internally
as its investigation procedures or other reporting mechanisms;
so they are not incentivized to first turn to regulators (see Practice
see Conducting Internal Investigations: Addressing Employee
Note, Whistleblower Protections Under Sarbanes-Oxley and
Complaints and Compliance Issues Toolkit (2-502-1874)).
the Dodd-Frank Act: Dodd-Frank Whistleblower Incentives
(7-501-7799)). „„Generate a comprehensive list of laws applicable to whistleblowers
and hotlines. Include any applicable regulatory guidance and
„„Assures employees that, by using the hotline, their concerns can be
minimum policy and reporting requirements, such as:
properly investigated and addressed.

© 2018 Thomson Reuters. All rights reserved.


Setting Up and Operating a Company Hotline Checklist

zz Section 301 of the Sarbanes-Oxley Act of 2002 (SOX), UNDERSTAND LOCAL LAWS AND CULTURE
which requires public companies to have an anonymous If the company is creating a multinational hotline that is available
whistleblower system for employees to internally report to its subsidiaries, affiliates, and other operations outside the US, it
concerns about questionable auditing or accounting matters should ensure that the hotline is:
(see Practice Note, Whistleblower Protections Under
„„Compliant with local laws.
Sarbanes-Oxley and the Dodd-Frank Act: SOX Whistleblower
Protections (7-501-7799)); „„Culturally appropriate.

zz the Dodd-Frank Wall Street Reform and Consumer Protection


REVIEW LOCAL LAW REQUIREMENTS
Act of 2010 (Dodd-Frank Act), which created protections and
incentives for whistleblowers (see Practice Note, Whistleblower Local laws may affect the implementation of hotlines in several key
Protections Under Sarbanes-Oxley and the Dodd-Frank areas, including the following:
Act: Overview of Dodd-Frank Act Whistleblower Protections „„Data protection and data retention. The privacy and data
(7-501-7799) and Dodd-Frank Whistleblower Incentives security laws of certain jurisdictions, including those adopted by
(7-501-7799)); EU member states under EU Directive and the GDPR, are more
zz the Whistleblower Protection Act, which protects federal stringent than US laws. These laws may require that:
employees who report government wrongdoing (see Practice zz the data collected through the hotline be limited to what is
Note, Whistleblower Protections Under the Whistleblower strictly necessary for the report and follow-up investigation;
Protection Act (W-002-8554)); and zz the hotline system meet specific technical requirements for the
zz the EU General Data Protection Regulation (Regulation (EU) secure handling of data collected through the hotline;
2016/679) (GDPR), which replaces the EU Data Protection zz the retention of data collected through the hotline does not
Directive (EU Directive) when it becomes applicable on May 25, exceed specified time limits; and
2018. The GDPR will affect how companies can handle personal
zz the company clearly inform employees about how data in hotline
data in an internal whistleblowing program (see Practice
reports is handled.
Notes, Overview of EU General Data Protection Regulation
(W-007-9580) and Corporate whistleblowing hotlines and EU „„For more information on:
Data Protection Directive: Establishing compatible codes of zz privacy issues in the US workplace, see Employee Privacy
conduct: Working Party’s recommendations (1-366-2987), and Compliance Toolkit (W-002-2530) and Employee Privacy Laws:
Review Local Law Requirements). State Q&A Tool;
„„For more examples of statutes with whistleblower provisions, see zz data protection issues in the EU, see Practice Notes, Overview
Practice Notes: of EU General Data Protection Regulation (W-007-9580),
zz Whistleblower Complaints Under the Occupational Safety and Overview of EU data protection regime (Data Protection
Health Act (8-612-0573); Directive 1995) (8-505-1453), and Corporate whistleblowing
hotlines and EU data protection laws (1-366-2987); and
zz Whistleblower Complaints Under the ACA (3-524-6825); and
zz privacy and data protection laws in selected non-US
zz Whistleblower Protections Under the National Defense
jurisdictions, see Data Protection: Country Q&A Tool.
Authorization Act (W-008-5821).
„„Data transfer. Some jurisdictions restrict transfers of certain
„„For more information on whistleblower protections in selected
information (such as personal data collected from a hotline report)
jurisdictions, see Employment and Employee Benefits: Country
outside of that jurisdiction. For example, currently to legally
Q&A Tool, Question 18.
transfer personal data outside the European Economic Area (EEA),
„„Determine the scope of the hotline. Questions to resolve include:
the company may need to:
zz who is allowed to make reports using the hotline (for example, zz self-certify to the US Department of Commerce and publicly
employees only or also contractors, agents, customers, commit to comply with the requirements of the EU-US Privacy
suppliers, and other business partners); Shield Framework (see Privacy Shield Self-Certification Checklist
zz which site locations within the organization have access to the (W-002-7961) and Standard Clause, Privacy Shield Policy
hotline (for example, offices and other company facilities within (W-002-8722));
the US only or also subsidiaries and affiliates outside the US); zz include standard contract clauses in an agreement between the
zz what languages are relevant to the organization’s employee company from which the report originates and the data recipient
population; outside the EU;
zz whether all or only certain types of misconduct (such as fraud, zz have binding corporate rules that implement adequate data
theft, misuse of funds, conflicts of interest, and harassment) privacy safeguards, adopted by the data recipient and approved
may be reported using the hotline (for a discussion of reporting by relevant data protection authorities; or
limitations, see Review Local Law Requirements); and zz obtain explicit and unambiguous consent from the individual
zz whether the company also uses the hotline as a forum for whose information is being transferred.
employees to submit new business ideas, recommendations „„For more information on data transfers outside the EU, see
for improvement, and other thoughts on corporate vision and Practice Note, Overview of EU General Data Protection Regulation:
values.

2 © 2018 Thomson Reuters. All rights reserved.


Setting Up and Operating a Company Hotline Checklist

Cross-border data transfers (W-007-9580) and Article, Expert Strategies to consider in launching a multinational hotline may
Q&A: EU-US Personal Information Data Transfers (W-000-8901). include:
„„Reporter anonymity. Some countries (such as France, Germany, „„Implementing multiple hotlines, for example, either:
the Netherlands, Portugal, and Spain): zz two hotlines, including one for Europe that complies with the
zz discourage or prohibit anonymous reporting; or strictest restraints in the region and one for the rest of the world
zz require companies to use special precautions when processing that meets robust US best practices; or
anonymous reports (such as a preliminary examination by a sole zz an individual hotline for each jurisdiction in which the company
reviewer). operates, with each hotline tailored to comply with local
„„Scope of reports. The types of reports that can be made through restrictions.
a hotline may be limited in different jurisdictions. For example, the „„Naming the hotline a “helpline” or “guideline” to overcome the
scope is limited in: negative connotations that may be attached to the terms “hotline”
zz France to issues of financial and accounting, workplace or “whistleblower line” (see Article, Whistleblowing: New risks, new
discrimination, harassment, and safety and environmental responses: Naming the hotline (7-520-4201)).
protection; „„Creating a two-way communication system for employees to seek
zz Finland, Greece, and Portugal to financial matters (such as advice or clarification on ethical, legal, or regulatory issues, so the
accounting, internal accounting controls, auditing matters, use of the “helpline” is less intimidating.
bribery, banking, and financial crime); and „„Providing alternative reporting methods to make communicating
zz Sweden to using the hotline only to report on company sensitive matters more comfortable for employees (for example,
executives and persons in key positions. in some countries, web-based reporting is preferred over live
telephone reporting).
„„Registration requirements. For example, to set up a hotline in:
„„Setting up easy, cheap access to the hotline and eliminating
zz France, a company must apply to the Commission nationale de
possible hurdles for reporters (for example, internet access may
l’informatique et des libertés (CNIL), the French data privacy
be unreliable in some locations or international calls may be
regulator, for authorization (see CNIL: Guideline document
cost-prohibitive).
for implementation of whistleblowing systems (10 November
2005)); and „„Creating targeted hotline communications for the local audience by:

zz Denmark, a company must register with Datatilsynet, the Danish zz translating hotline interfaces, materials, and communications
data protection agency. into the local language;
„„Employee rights. Local statutes or practices may require that the
zz avoiding terms that may be viewed negatively in the local
company: culture;
zz consult with its local worker representatives (such as works zz addressing different cultural understandings of acceptable
councils in the EU) before implementing a hotline that monitors behavior (for example, facilitation payments may violate the
employee conduct and can result in disciplinary action; company’s global anti-bribery policy but be standard practice in
the local culture; see Practice Note, Bribery Act 2010: facilitation
zz distribute in the local language any materials used to introduce
payments (3-505-3360)); and
and publicize a hotline; and
zz involving local management and personnel to promote the
zz ensure that all persons identified in a report have the right to
hotline and tailor communications and training to the local
access information provided in the report and to correct that
audience.
information.
„„For more information on employee rights across multiple For more discussion of strategies to implement an effective
jurisdictions, see Employment and Employee Benefits: Country multinational hotline, see Practice Note, Corporate whistleblowing
Q&A Tool. hotlines and EU data protection laws: Compliance strategies for
hotlines (1-366-2987) and Article, Whistleblowing: New risks, new
ACCOUNT FOR CULTURAL SENSITIVITIES responses: Local considerations (7-520-4201).
In some countries, the culture and history have made whistleblowing
either a sensitive subject or taboo. A multinational hotline requires SELECT A HOTLINE VENDOR
careful design and implementation to address cultural obstacles,
CONSIDER OPTIONS FOR MANAGING THE HOTLINE
such as a:
„„Lack of trust in the internal system.
The company should determine whether to manage its hotline
internally, such as through its human resources, legal, or compliance
„„Suspicion that a hotline threatens privacy rights.
department, or externally, by engaging a hotline vendor. There
„„Misguided sense of loyalty to the union or work group. are several advantages to having an externally managed hotline,
„„Belief that management is not held to the same standard. including:
„„Fear of entrapment by management. „„An external vendor may be seen as an unbiased third party and

„„Fear of retaliation for whistleblowing.


reduces the appearance of impropriety.
„„Fear of being branded a “rat” or a “snitch” by peers.

© 2018 Thomson Reuters. All rights reserved. 3


Setting Up and Operating a Company Hotline Checklist

„„Dialing an external number or speaking with someone who „„Insurance. Confirm that the provider has sufficient insurance
does not work for the company may create a more comfortable coverage for the services provided.
environment and help assure potential callers of anonymity. „„Other benefits. Ask what other service benefits are included in the
„„Having an external call center increases availability, consistency, agreement, such as:
and quality recordkeeping in handling calls. zz system customization;
„„The company can reduce costs by not having to hire full-time zz hotline posters and hotline-related policy templates; and
employees to provide 24-hour hotline coverage.
zz assistance with employee training on the existence and use of
„„If the company is large or has multiple locations, a hotline vendor the hotline.
can manage the administrative and logistical challenges and
provide more sophisticated case management, which can aid in
creating an appropriate and timely response.
CUSTOMIZE HOTLINE FUNCTIONS
Once the company has selected a hotline vendor, it should create a
EVALUATE COMMON HOTLINE FEATURES cross-functional team (including legal, compliance, human resources,
and IT personnel) to customize hotline functions with the vendor,
If the company has decided to engage a vendor to provide and such as:
manage the hotline, the company should compare several vendor
„„Designing the website for the hotline, which is usually hosted by
candidates by viewing demonstrations of the hotline and evaluating
the following hotline features: the vendor and generally includes:

„„Pricing. Compare vendor costs and pricing models (such as a


zz a compliance message from the CEO;
fixed annual rate based on number of employees or a variable rate zz an explanation of who has access and when, why, and how to
based on number of hotline reports). use the hotline;
„„Experience and customer satisfaction. Review the vendor’s track zz links to the company’s code of conduct and ethics, hotline policy,
record and contact its references to gauge customer satisfaction and other relevant policies;
with the vendor’s performance and service level. zz answers to employees’ frequently asked questions;
„„Accessibility. Confirm that the hotline is available 24 hours per zz online prompts to collect incident-related information from the
day, seven days per week, 365 days per year, via both a web-based reporter (such as country where the reporter is located, country
reporting system and a live telephone operator. where the incident took place, corporate group or division of the
„„Reporter feedback. Check if the vendor offers a two-way reporter, nature of the incident, and the people involved);
communication system that allows the company to follow up with zz restrictions on the types of reports that can be made, in
or request additional information from an anonymous reporter. compliance with local law (see Review Local Law Requirements);
„„Data security. Evaluate the privacy and data security measures and
that the vendor has in place. If the hotline will also be implemented zz translations of content into languages appropriate to the
outside the US, check if the vendor meets local law requirements for company’s employee population.
handling data (see Review Local Law Requirements). „„Developing a telephone protocol for the vendor’s call center to
„„Country compliance functions. For non-US hotlines, check if the interview reporters and memorialize telephone reports.
hotline system triggers different reporting restraints to comply „„Establishing the hotline telephone numbers (preferably toll-free),
with local law depending on the jurisdiction of the reporter and which can be a vendor number or a company number that points
where the reportable incident took place (see Review Local Law to the vendor’s number.
Requirements).
„„Having local employee liaisons test the hotline website and
„„Reporting methods. Request that the vendor offer alternative
telephone numbers to ensure the hotline is user-friendly and
methods for reporting hotline calls to the company, including accessible from each location.
email and web-based reporting.
„„Timeliness. Ensure that all hotline reports are sent to the company
CREATE THE OPERATING FRAMEWORK
in writing within a day of receipt and all high-priority reports are
conveyed immediately by telephone. DESIGNATE A HOTLINE ADMINISTRATOR
„„Language capabilities. Check that the vendor’s language Designate a hotline administrator to implement and manage the
translation service and multilingual operator service can handle hotline, including its:
reports in all the languages appropriate to the company’s „„Access rights.
employee population.
„„Report distribution.
„„Report management. Ensure that the vendor has document
„„Reporting analytics.
management capabilities for storing reports, company responses,
communications with the reporter, and, if desired, investigation The hotline administrator should be a high-level employee (such as
materials. in-house counsel, a compliance officer, or human resources manager)
„„Tracking tools. Determine if the vendor provides web-based with:
tracking and analysis and creates metrics of report information. „„A reputation for integrity.

4 © 2018 Thomson Reuters. All rights reserved.


Setting Up and Operating a Company Hotline Checklist

„„The seniority and training to handle sensitive company information (see Practice Note, Discipline and Discharge Under the National
and employee data. Labor Relations Act: Grievance Procedures (7-523-7065));
„„Sufficient authority to take necessary action when the company zz coordinating investigation-related activities by internal groups
receives hotline information. such as legal, compliance, human resources, internal audit, and
accounting;
For a discussion on appointing individuals with compliance
responsibilities, see Practice Note, Developing a Legal Compliance
zz communicating report contents and investigation status to
Program: Build a Team of Compliance Personnel (4-606-5696). internal authorities (such as the audit committee or the full
board of directors and senior management) and external
DRAFT A HOTLINE POLICY regulatory bodies, as necessary; and
Draft a hotline policy that encourages employees to speak up when zz maintaining hotline reports and related records under the
they have legitimate concerns about misconduct. An effective hotline company’s record retention policy. For general guidance on
policy should: retaining and disposing of company records, see Practice
Note, Drafting a Document Retention Policy (0-506-7349) and
„„Be simple and easy to understand.
Records Management Toolkit (2-520-1257).
„„Communicate the company’s objectives for the hotline and the
„„For more information on responding to reports and conducting
responsibilities of employees to report misconduct.
internal investigations, see Conducting Internal Investigations:
„„Clearly set out the standards of behavior expected of employees. Addressing Employee Complaints and Compliance Issues Toolkit
„„Describe the types of misconduct that should be reported (for (2-502-1874) and Practice Note, Developing a Legal Compliance
example, harassment, fraud, corruption, conflicts of interest, and Program: Seven: Follow-up and Investigations of Complaints and
embezzlement). Violations (4-606-5696).
„„Explain who has access and when, why, and how to use the hotline. „„Facilitate the company’s communication with hotline reporters to

„„Offer multiple communication channels for reporting information request additional information and follow up on the progress of
(in addition to the hotline), such as: the investigation.
zz an internal reporting chain (such as the employee’s manager, the „„Emphasize and maintain the confidentiality of reports (see Practice

corporate ombudsman, or the human resources, compliance, or Note, Handling Employment-Related Internal Investigations:
legal departments) for in-person reporting (for a sample internal Confidentiality (1-501-9452)).
complaint form, see Standard Document, Discrimination/ „„Include a support strategy for reporters that identifies and
Harassment/Retaliation Complaint Form (8-501-8053)); addresses risks of reprisal, workplace conflict, or other adverse
zz a dedicated email address; treatment (see Prohibit Retaliatory Conduct).
zz a dedicated fax number; and „„Enforce the company’s policy of non-retaliation (see Prohibit
Retaliatory Conduct).
zz a dedicated mail address (for example, a P.O. box).
„„Comply with local law (see Understand Local Laws and Culture).
„„Outline the procedural steps involved in investigating any concerns
and the steps that the company may take if the investigation PROHIBIT RETALIATORY CONDUCT
establishes misconduct (see Best Practices for Employee Discipline
Checklist (0-501-7972)). Retaliation against employees for reporting misconduct may be a
SOX violation, expose the company to liability under state laws for
„„Emphasize that employees who report concerns in good faith will
wrongful discharge, and run afoul of local whistleblower protection
not be subjected to retaliation and set out the consequences of laws in non-US jurisdictions (such as Canada, China, Japan, and the
retaliation (see Prohibit Retaliatory Conduct). UK). To minimize the risk of retaliation, the legal, compliance, and
„„Clarify that employees: human resources departments should take precautionary steps,
zz are not protected from the consequences of their own including the following:
misconduct by using the hotline (but may be granted immunity „„Discuss with reporters any concerns they may have about
or more lenient treatment); and retaliatory conduct and ask reporters to flag any potentially
zz face disciplinary action if they provide false or deliberately retaliatory acts (for example, being reassigned to an undesirable
misleading information. location or being excluded from important meetings).
„„Review any performance management (such as decisions
PREPARE OPERATING PROCEDURES concerning compensation, performance reviews, and promotion)
Prepare operating procedures for the hotline that: or disciplinary action before implementing against a reporter to
„„Set a protocol for case management and investigation of hotline ensure that the action is not:
reports, including: zz being taken for retaliatory reasons or timed in a way that creates
zz routing and assigning incidents to appropriate personnel while that impression;
managing conflicts of interest and segregation of duties; zz less favorable because the employee came forward with
zz if collective bargaining agreements are in place, properly concerns; and
directing hotline reports that are covered by a grievance process zz dissimilar to how other employees in a similar situation are
treated.

© 2018 Thomson Reuters. All rights reserved. 5


Setting Up and Operating a Company Hotline Checklist

„„Document the precautionary steps taken by the company to root zz explain that hotline reports may be made anonymously (to the
out the risk of retaliation (for a sample form to record retaliation extent permitted under local law);
investigation findings, see Standard Document, Discrimination/ zz emphasize that information received through the hotline is
Harassment/Retaliation Investigation Determination Form kept confidential (to the extent appropriate) (see Practice
(4-501-8050)). Note, Handling Employment-Related Internal Investigations:
For more information on whistleblower protections in the US, see Confidentiality (1-501-9452)); and
Practice Notes, Whistleblower Protections Under Sarbanes-Oxley zz confirm that all reports are considered seriously and acted on
and the Dodd-Frank Act (7-501-7799). appropriately.
„„Initiatives to create and maintain awareness of and use of the
For an overview of whistleblower protections across multiple
hotline. For example, consider having:
jurisdictions, see Financial and Business Crime: Country Q&A Tool,
Question 33 (W-006-7086). zz hotline posters placed in conspicuous, public spaces (such as
breakrooms and restrooms);
For resources to help the company minimize the risk of retaliation, zz hotline wallet cards and brochures distributed to all employees
see:
with instructions on how to access the hotline online or via the
„„Preventing and Responding to Retaliation Complaints Checklist. toll-free telephone numbers listed;
„„Practice Note, Retaliation (5-501-1430). zz targeted hotline messages included in regular employee
„„Practice Note, Health and Safety in the Workplace: Overview: communications (such as newsletters, intranet postings, town
Employee Complaints and Prohibition Against Retaliation halls, and department meetings);
(9-500-9859). zz interactive games and contests offered throughout the year to
„„Standard Document, Anti-Retaliation Policy (8-503-5830). promote the hotline, with awards and prizes promoting hotline
information; and
PROMOTE AND LAUNCH THE HOTLINE zz periodic reminders of the purpose of the hotline, integrated into
the larger corporate awareness programs on compliance and
Ongoing marketing and promotion are integral parts of a successful
ethics and loss prevention.
hotline launch and its continued operation. A hotline marketing
campaign should generally include the following: „„Demonstrations of the hotline’s effectiveness. For example,
consider:
„„Strong communication from senior management. Best practices
include conveying a message that: zz following up with employees on the actions taken in response to
their reports;
zz management clearly supports the hotline and demonstrates
leadership commitment to the program; zz explaining the positive changes made as the result of hotline
reports;
zz the hotline is not a “big brother” tool, but a positive way to
maintain a culture of integrity (for example, by using words zz publicly acknowledging successes, such as assets recovered and
such as accountability, transparency, responsibility, fairness, attempted misconduct prevented; and
opportunity, and corporate citizenship instead of fraud, zz communicating investigation outcomes in generic or
corruption, embezzlement, bribery, and crime); anonymized terms to build confidence that employees are using
zz the company values employees coming forward with concerns; the hotline and their disclosures are encouraged and dealt with
and appropriately.
zz if the company desires, reporters may be eligible for incentives TRAIN MANAGERS
(such as cash rewards or extra vacation days) for substantiated
reports that identify misconduct and corporate waste or that The company should train its directors, officers, managers, and
recover resources and savings for the company (see Article, supervisors to understand:
Whistleblowing: New risks, new responses: Whistleblowing „„Their role in setting the tone from the top and tone from the
incentives (7-520-4201)). middle by modeling ethical behavior and creating an environment
„„Meetings with employees (including new hires). Introduce the that encourages the reporting of concerns (for a discussion of
hotline program and: the board’s role, see Article, Board Assessment of Compliance
Programs: Reporting (W-006-5910)).
zz review the company’s policy on compliance and business abuse
(see Practice Note, Developing a Legal Compliance Program: „„Hotline operating procedures and use of the hotline.

Four: Ongoing Training and Communication on Compliance „„The steps to properly address complaints of misconduct and
Matters (4-606-5696)); avoid retaliatory actions (see Standard Documents, Whistleblower
zz encourage employee buy-in by explaining how the loss caused Reporting: Presentation Materials (W-002-7300) and Responding
by employee misconduct results in the loss of resources and to Employee Concerns: Supervisor Guidelines (7-501-8765)).
opportunities for everyone at the company; „„Company protocols for keeping detailed records of employee
zz assure employees that their good faith reports are protected and performance so that an employee who is disciplined or
can be made without fear of retribution (see Prohibit Retaliatory terminated cannot falsely claim protection under whistleblower
Conduct);

6 © 2018 Thomson Reuters. All rights reserved.


Setting
Setting Up
Up and
and Operating
Operating aa Company
Company Hotline
Hotline Checklist
Checklist

laws. For guidance on effective performance management and zz make test calls to the hotline to check the quality of the operator
recordkeeping, see: service;
zz Practice Note, Conducting Employee Performance Reviews zz check the vendor’s timeliness in conveying hotline calls and
(7-505-9572); translated hotline reports to the company; and
zz Best Practices for Employee Discipline Checklist (0-501-7972); zz evaluate the quality of those vendor reports.
and „„A review of the volume and quality of reports received by the
zz Standard Document, Employee Counseling Form (1-501-5595). hotline. For example, heavy hotline usage may indicate significant
compliance issues or conversely, that the hotline is working.
TRAIN EMPLOYEES
„„Interviews and surveys of employees. The company should
The company should conduct formal training programs (such as understand how employees view the hotline and if they feel
through live training at each employee site and e-learning) for all comfortable reporting misconduct.
managers and employees who are given access to the hotline to „„An assessment of the steps taken following receipt of a hotline
explain: report. Confirm that hotline policies and procedures are being
„„The laws and policies applicable to the company and them (for followed and action taken in a timely manner.
a collection of business briefings, memoranda, and presentation „„Benchmarking of hotline metrics across time or against industry
materials that can be used for training, see In-House Training and peers. For example, benchmark the:
Guidance Center (2-564-2345)).
zz number and types of reports and inquiries per period;
„„Who has access and when, why, and how to use the hotline.
zz rate of employee use;
„„Hotline benefits.
zz complaints by location, division, or claim type;
„„How to recognize red flags of fraud and bribery as well as unlawful
zz percentage of anonymous complaints;
sexual harassment, discrimination, immigration impropriety, or
other misconduct. For example, see: zz time spent per report from report receipt to case closure; and
zz Practice Note, The Foreign Corrupt Practices Act: Overview: zz percentage of complaints investigated and substantiated.
Recognizing Red Flags (0-502-2006); „„Continual updates to the hotline program as necessary. Hotline
zz Foreign Corrupt Practices Act (FCPA) Training for Employees: program updates should take into account the results and
Presentation Materials (2-586-5086); recommendations developed from the company’s assessment of
the hotline.
zz Complying with US Export Control Regulations Checklist:
Perform Due Diligence and Spot Red Flags (1-520-0908); For more information on compliance audits and hotline assessments,
zz Preventing and Responding to Sexual Harassment Complaints see Practice Note, Developing a Legal Compliance Program: Nine:
Checklist (4-500-4326); Monitoring and Auditing of Program Effectiveness (4-606-5696)
zz Preventing and Responding to Discrimination Complaints and Article, Whistleblowing: New risks, new responses: Evaluating
Checklist (5-500-1450); and hotlines (7-520-4201).
zz Drafting an Employment Eligibility Verification Compliance
Policy (8-509-5999).
For more information on compliance training, see Practice Note,
Developing a Legal Compliance Program: Four: Ongoing Training
and Communication on Compliance Matters (4-606-5696).

ASSESS HOTLINE EFFECTIVENESS


Counsel should partner with the company’s internal audit function or
engage external resources to regularly audit the hotline program (at
least annually) to ensure that: ABOUT PRACTICAL LAW
„„It is operating as intended. Practical Law provides legal know-how that gives lawyers a better starting
„„It is effective in preventing and identifying noncompliance or
point. Our expert team of attorney editors creates and maintains thousands of
up-to-date, practical resources across all major practice areas. We go beyond
potentially unlawful activity.
primary law and traditional legal research to give you the resources needed to
„„Employees are aware of the hotline.
practice more efficiently, improve client service and add more value.
„„Follow-up on hotline reports is timely.
If you are not currently a subscriber, we invite you to take a trial of our online
„„Feedback and closure are promptly provided to reporters.
services at legalsolutions.com/practical-law. For more information or to
The assessment should be conducted as part of the overall schedule training, call 1-800-733-2889 or e-mail referenceattorneys@tr.com.
compliance program audit and include:
08-18
„„Periodic assessments of the hotline vendor’s service level. For
© 2018 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the
example: Terms of Use (http://static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf)
and Privacy Policy (https://a.next.westlaw.com/Privacy).

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy