By Luis Alfonso Soria, professor “Compliance Plan: Complaints channel, disciplinary system and compliance bodies” in the Master in Compliance & Data Protection Directorate of the EIP International Business School.
Complaint channel as a control mechanism
«The most powerful weapon against fraud is not an algorithm or a checklist but a whistleblower».
Its translation comes to say that The best tool to combat fraud or any unethical behavior is through a whistleblower. The complaint comes from a person closely associated with the organization. In most cases the whistleblower is an employee, but occasionally it may also be a supplier or customer if the reporting channel is open to outsiders.
In this way, the complainant, through the reporting channel, informs the organization of "non-compliance" practices. Among these actions and behaviors are those that violate the company's code of conduct. However, The reporting channel can also be used as a means to seek advice for any ethical dilemma.
More than half of Spanish companies have been victims of some economic crime in the last two years. Most had a reporting channel implemented.
What are the keys for this corporate control instrument to be effective?
- Secure and anonymous. Reports from the reporting channel usually contain very sensitive personal information and potentially criminal data. Keeping data and identities completely secure and confidential must be a top consideration.
- Data Protection. The application of data protection regulations is a protection mechanism for the person reported. The accused is exposed to the risk of stigmatization even before knowing that he has been reported and that an investigation is being carried out. These increasingly strict regulations differ from one country to another, with the Compliance Officer being the person who must ensure compliance with each regulation.
- Easy access. The system needs to be simple and easy to access to obtain reliable reports. It should be multilingual and allow the complainant to report in his or her own language. Reporting increases when employees report anonymously and in their own language. Furthermore, for the reporting channel to be effective, it must be usable on multiple devices, phone, tablet, etc. allowing the employee to use it even outside the workplace.
- Build trust. The system must guarantee the anonymity of the user. During training on the reporting channel, the Compliance Officer must indicate how he will respond to reports, how he will initiate pertinent investigations and how he will maintain dialogue with the complainant. It is essential that the Compliance Officer offers a quick response and handles cases in a serious, methodical and respectful manner with the complainant.
- Communication. The reporting channel must be integrated into the code of conduct, and, therefore, must be made known as part of the Compliance program. The Compliance Officer will inform employees how and when to use the reporting channel through communications such as posting examples of recent compliances or non-compliances in the organization, or messages from management.
The figure of the Compliance Officer
Having a reporting channel as a control mechanism is part of the measures that are introduced in companies when implementing "a Compliance program." This system must be directed by the figure of the Compliance Officer, independent personnel from other organizations, who will be in charge of its implementation and management.
Do you want to specialize in Compliance and Data Protection Management?
He Master in Compliance & Data Protection Management will make you a highly qualified professional with the necessary skills to carry out specialized tasks in two of the most relevant areas for both private businesses as for public administrations: data protection and regulatory compliance or Compliance.
