Patrick Wellens (patrickwellens@hotmail.com) is currently working as a Global Compliance Business Partner for one of the divisions of a multinational pharma company in Zurich. He is also a board member of Ethics and Compliance Switzerland, a nonprofit organization promoting the establishment and sharing of compliance best practices to Swiss-based companies.
Shaun McMillan (mcmillan.shaun@gmail.com) has certificates from the University of St. Gallen Department of Ethics in Corporate Social Responsibility and Cornell University in Servant Leadership, with a Master’s degree in Sociology. She advises and implements social innovation and corporate social responsibility strategies with ethics and values as a core foundation, driving local and global impact for Swiss-based companies.
Most organizations have a corporate policy on compliance incidents. This policy provides the definition of what constitutes a compliance incident and how to report it in an organization. It is of utmost importance that the policy include the various channels that employees could use to report a compliance incident and which department (compliance, internal audit, corporate security, external law firm) would be authorized to investigate compliance incidents. Further, the policy should encapsulate what steps might be followed should an investigation occur of the compliance case (including informing the supervisor of the person being investigated and procedures to be followed during interviews) and the composition of a sanction committee and/or how decisions are to be made (majority vote vs. uniform decision).
Criminal offenses (violations of anti-corruption and/or anti-trust laws and regulations, insider trading, money laundering, fraud, falsification of documents), violations of law (data privacy law, export control, promotions law), violations of internal company regulations (conflict of interest, information technology security, travel and expense regulations), and/or violations of industry codes (e.g., International Federation of Pharmaceutical Manufacturers & Associations) would undoubtedly be classified as compliance incidents in most corporations.
Now, consider the following circumstances:
-
You, as an employee, received a poor performance rating from your manager, despite your performance being very good according to your colleagues and stakeholders.
-
You are a female employee, with the same qualifications and for the same type of work, and are not paid the same remuneration and benefits as your male colleague.
-
You are in a department of 12 employees, and a manager regularly excludes you from the departmental meetings.
-
A manager offers you a contract in a salary grade lower than the one you should have received.
-
The marketing head engages an external company to explain to senior managers within the company the new brand strategies. During the two-day presentation, the external company makes a number of inappropriate comments that make several employees uncomfortable.
-
You are a female employee and you are passed up for a promotion for the third year in a row despite being a high performer while a newly employed male colleague with less competencies obtains the new role.
-
At the coffee machine, several employees are gossiping about a male colleague. The gossiping is not in line with your company values, but above all, the conversation is filled with racial and ethnic slurs about the employee.
Would the above instances constitute a compliance incident in your company or not? Depending on the answer to the above question, the whistleblower or employee who feels inappropriately treated might decide to report this matter to compliance rather than human resources (HR). This has a number of implications.
Decision on sanctions
By looking at the facts, there are situations where both HR and compliance agree that a manager’s attitude or actions are not acceptable. If the matter is handled by HR, then a serious talk with the respective manager would occur to discuss the inappropriate behavior and provide recommendations in the areas where improvement is needed. Furthermore, HR and the manager might enter into a performance improvement plan with milestones for when the desired behavior is expected. Sometimes the behavior improvement is measured by a feedback survey conducted with the manager’s direct reports. The decision on what sanctions need to be taken to mitigate the behavior of the manager is entirely with HR.
Assuming the matter is brought to the attention of compliance and, after investigation, the allegations against the manager are confirmed, then the sanctions are decided by a compliance committee (consisting of the CEO, chief financial officer, head of HR, and head of legal/compliance) and not only the head of HR.
Transparency by HR
Inherent to their function, HR departments define the company’s performance management system and talent management framework and are a major driver of the corporate values, including the expected employee behaviors in a company. Employees within the HR function are very experienced in observing and listening to a multitude of employee asks. They are skilled at handling and resolving conflicts between employees and managers. Because HR handles the bulk of employee requests, demands, and issues, it could be assumed that all conflicts between employees (such as those mentioned previously) should be handled entirely by HR. As a result, incidents that are considered compliance incidents are not systematically reported in a company’s compliance case management tool.
The compliance department, through the code of conduct, compliance trainings, auditing, monitoring, and the sanctions given to individuals for misconduct, primarily ensures that the company is in line with laws, regulations, pharma codes, and internal guidelines (legal compliance). It also motivates and encourages employees to do the right thing all the time (integrity and ethics). Compliance with laws, regulations, and integrity can only be upheld if those who decided not to follow the regulations get sanctioned. Compliance therefore shares with HR the shaping of the (ethical) culture and (integrity) values of a company, so it would be logical for compliance to be at the table in the decision on how compliance incidents will be handled and how sanctions will occur.
Labor disputes
The HR department often mediates between managers and employees to resolve conflicts. Interpretation of time and attendance rules, performance management, or labor laws are also typically handled by HR.
If a labor dispute arises because an employee has been discriminated by race, religion, sexual orientation, age, or gender or was sexually harassed, then the labor dispute is not just an HR or legal matter but most likely also a compliance incident, given that most companies have internal policies on sexual harassment and a no-tolerance policy on discrimination of any kind.
Investigation skills
Compliance investigators are professionally trained in conducting investigations. Often such individuals are Certified Fraud Examiners or Certified Internal Auditors who can create a comprehensive investigation plan, including, but not limited to, document review, email review, interview of witnesses, and interview of the person being investigated; write a professional investigation report; and understand what evidence is needed in civil or criminal investigations.
It is possible that some HR managers might not be professionally skilled at conducting investigations and miss an action like securing and reviewing evidence from the laptops of suspects or witnesses, or obtaining and reviewing all relevant documentation from various information technology applications during the stages of an investigation.
Conclusion
Companies often provide employees with various options to report compliance incidents. Employees can talk to their immediate supervisor, the HR department, internal audit department, an external ombudsman, the compliance department, and/or they can make a report to a whistleblowing hotline (if one exists in their organization).
Criminal offenses, not adhering to industry codes, and/or violations of internal company regulations would undoubtedly be classified as compliance incidents in most corporations and typically be investigated by the compliance department.
In the case of labor disputes and/or incidents brought to the attention of the HR department, such as difference of opinion on managerial style, cultural differences, unfair treatment, managers yelling at employees, and other acts of discrimination, the decision of who should investigate such matters and whether something is a compliance incident might not be so clear in some companies. Therefore, an employee who wants to report misconduct, discrimination, and/or harassment—and who expects the company to conduct a professional investigation into the reported concerns—should take into account whether a company has a clear definition of what constitutes a compliance incident and who (HR or compliance) is appropriately positioned as independent adviser with the investigatory skills to conduct an independent and professional investigation.