Patrick Wellens (firstname.lastname@example.org) is currently working as a Global Compliance Business Partner for one of the divisions of a multinational pharma company in Zurich. He is also a board member of Ethics and Compliance Switzerland, a nonprofit organization promoting the establishment and sharing of compliance best practices to Swiss-based companies.
Shaun McMillan (email@example.com) has certificates from the University of St. Gallen Department of Ethics in Corporate Social Responsibility and Cornell University in Servant Leadership, with a Master’s degree in Sociology. She advises and implements social innovation and corporate social responsibility strategies with ethics and values as a core foundation, driving local and global impact for Swiss-based companies.
Most organizations have a corporate policy on compliance incidents. This policy provides the definition of what constitutes a compliance incident and how to report it in an organization. It is of utmost importance that the policy include the various channels that employees could use to report a compliance incident and which department (compliance, internal audit, corporate security, external law firm) would be authorized to investigate compliance incidents. Further, the policy should encapsulate what steps might be followed should an investigation occur of the compliance case (including informing the supervisor of the person being investigated and procedures to be followed during interviews) and the composition of a sanction committee and/or how decisions are to be made (majority vote vs. uniform decision).
Criminal offenses (violations of anti-corruption and/or anti-trust laws and regulations, insider trading, money laundering, fraud, falsification of documents), violations of law (data privacy law, export control, promotions law), violations of internal company regulations (conflict of interest, information technology security, travel and expense regulations), and/or violations of industry codes (e.g., International Federation of Pharmaceutical Manufacturers & Associations) would undoubtedly be classified as compliance incidents in most corporations.