A fish rots from the head down; bad leaders will cause the culture of an organization to deteriorate. Leaders of an organization play a vital role in promoting values and ethical conduct in their business.  Departments like Ethics & Compliance (E&C), and Human Resources (HR) are comparable to a “keystone species.” A keystone species is a species on which other species in an ecosystem largely depend, such that if it were removed, the ecosystem would change drastically.  Without these departments, or when they are dysfunctional, an organization will feel the impact. When these keystone leaders fail their employees, the damage they can do to the culture of their organization is significant.

Uber is an unfortunate example of how a corporation can be destroyed when leadership fails; HR loses the trust of its employees and Compliance is brought in as an afterthought. Uber may have implemented an anonymous hotline after Susan Fowler wrote a blog post about how HR completely dismissed her sexual harassment report, but I have my doubts that they effectively overhauled their human resources practices.  Uber’s Chief People Officer resigned a week ago following an investigation into how she dealt with concerns regarding racial discrimination claims from Uber employees.  

Having an anonymous hotline in place is only a small step in setting up an effective compliance hotline. If issues aren’t taken seriously and investigated appropriately, a company’s culture will fall and employee fear will rise.  When Uber setup their hotline, they should have also put a process in place to ensure all allegations, whether reported through the hotline, to a manager or to HR are investigated swiftly, thoroughly, impartially.   

Here are some best practices for investigating ethics and compliance allegations

  1. Consistent – Regardless of how the concern comes in, whether it’s through the anonymous 3rd party hotline, directly to management, to HR, or to Compliance, the investigation process should be the same.  Many companies leverage a case management system as a central repository.  Ideally, the solution they are using will have a built-in workflow for managing and documenting those investigations.
  2. Timely – From responding to the initial report promptly (even if only to say you’re starting to review their concern) to completing the investigation, timeliness is a must.  One reason is that  if your organization fails to resolve an employee tip within 120 days of being reported to a compliance or audit professional, they can report the lapse directly to the SEC and potentially receive 10-30%  of reparations as a whistleblower . The main reason is that addressing an issue quickly is the polite thing to do. No employee wants to think their concerns are going into a black hole and not being taken seriously. Uber and many other companies are proof of that when their employee turn to social media and blogs to air their issues. 
  3. Triage – Every organization’s needs and priorities are different, so a one-size-fits-all approach won’t work when it coming to managing reported compliance issues.  However, taking a page from the medical field, using a triage approach can work for all.  Creating a triage process will manage your organization to efficiently prioritize who’s responsible for what risk areas and which ones need to be delt with first.  Moreover, this is a process that can either be managed by your organization or by your 3rd party hotline vendor manager.
  4. Process – Just like with triage, you want to create documented processes that can be, and are, followed. If an investigation procedure or process is a best practice, but doesn’t work for your company, then it doesn’t work.  Create an investigation process that works for your organization, and take the time to train your employees on those investigation processes and procedures. 

Every organization should have realistic, repeatable and defensible processes that allow their compliance, legal, and HR teams to quickly assess, prioritize, and respond to employees concerns regardless of the reporting channel they come in through.

And please do not think this post is intended to mock Uber and all the challenges they have recently faced.  I think it’s important to learn from the mistakes of others and not fool yourself into thinking that something like this couldn’t happen at your organization.  Take the time to look at your company’s current hotline, open-door reporting and investigation program, and process.  Chances are, if they aren’t reporting any type of concern, compliance related or not, either they don’t know where or how to report the issue, do not think their report will be taken seriously, or worse, have a fear of retaliation.  If your employees report on all sorts of things, none ethics and compliance related, all the time, that’s great, and that’s why a triage process is so important. (My favorite one is someone calls the hotline to say someone else is parking in the unassigned parking space- the compliance struggle is real.)  Sometimes you will have to weed through the random and non-compliance related concerns to catch the ones that really matter.  

And to Scott Schools, the new Chief Compliance Officer of Uber, I say good luck and remember, in the words of Winston Churchill and Spiderman, “Where there is great power, there is great responsibility.” 

Stephanie Jenkins is the Chief Compliance Officer of ETHIX360.  At ETHIX360, our goal is simple, to provide an affordable, flexible and comprehensive answer to employee communication and case management on issues related to corporate ethics, code of conduct, fraud, bribery, environmental, health & safety and workplace violence.  To learn more about ETHIX360, please visit ethix360.com, or follow us on twitter @ethix360 and LinkedIn.