{"id":53,"date":"2016-05-07T00:29:00","date_gmt":"2016-05-07T00:29:00","guid":{"rendered":"http:\/\/blogs.luc.edu\/compliance\/?p=53"},"modified":"2016-05-07T00:29:00","modified_gmt":"2016-05-07T00:29:00","slug":"elemental-internal-or-external-hotlines","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=53","title":{"rendered":"Elemental: Internal or External Hotlines?"},"content":{"rendered":"<p><em>Ryan Meade<\/em><br \/>\n<em>Editor-in-Chief<\/em><br \/>\n<em> Director of Regulatory Compliance Studies at Loyola University Chicago School of Law<\/em><strong><br \/>\n<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Yesterday\u00a0I gave a webinar on compliance program hotlines and an interesting question came in after the broadcast: \u201cInternally staffed compliance hotlines seem like a bad idea. \u00a0Doesn\u2019t an internal hotline increase the company\u2019s regulatory risk?\u201d\u00a0 Internal hotlines could increase legal exposure if the hotline reports are ignored.\u00a0 Thinly staffed internal hotlines risk information being missed if the communication box isn\u2019t checked very often or the information is buried in a mountain of other work the compliance office has on its plate.\u00a0 There is nothing about internally staffed hotlines that inherently increases liability; the liability turns on what a compliance program does with the information (or doesn\u2019t do with the information). \u00a0The legal exposure be that as it may, if a compliance office can&#8217;t properly manage an internal hotline in order to get the information into a good triage pipeline, then the effectiveness of the entire compliance program is threatened.<\/p>\n<p>The Federal Sentencing Guidelines do not explicitly reference a \u201chotline,\u201d but hotlines are the most common way to demonstrate a company is living up to \u00a78B2.1(b)(5)\u2019s admonishment to have a workforce reporting mechanism:<\/p>\n<p style=\"text-align: left\"><em>&#8220;The organization shall take reasonable steps\u2026(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization&#8217;s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.&#8221;<\/em><\/p>\n<p>There are many ways to manage this expectation, anonymous electronic reporting platforms and old-fashioned drop boxes fastened to a wall are some of the approaches even as hotlines remain the most popular solution.\u00a0 Hotlines are typically phone numbers (usually toll free) that are publicized for the workforce to report suspected non-compliance and sometimes are even promoted to the public or consumers.\u00a0 It is important that the company not put restrictions on the purpose of the hotline so that callers are in no way deterred from calling and are not burdened with thinking through which hotline to call for which problems.\u00a0 Since the best hotlines are all things to all people, there\u2019s a risk the hotline morphs into a gripe-line, but that\u2019s the price to make sure someone doesn\u2019t think twice about calling the hotline.<\/p>\n<p>Amidst the debates on how best to afford workforce members an opportunity to report issues, we can lose track of making sure there is someone on the other end of a phone line when a caller calls.\u00a0 There is nothing in the Federal Sentencing Guidelines that remotely implies that a live human needs to be on the other end of a hotline phone number, but it is common sense to have someone there.\u00a0 Some companies that manage hotlines internally use voicemail for callers to leave a message when the office is closed or the person staffing the phone is otherwise busy.\u00a0 It would be a natural response for a person to shy away from leaving a message if the caller thought their voice would be analyzed in the recording or that the recording would be forever captured.\u00a0 Companies are increasingly linking voicemail to email, rendering the voicemail message easily recoverable after being deleted.\u00a0 Having a live human on the other end around the clock seems a good way to encourage people to provide the compliance program with information.\u00a0 If a live person staffs the hotline 24\/7, then it would be good to mention that in training or other hotline promotions.<\/p>\n<p>This gets us back to managing the hotline internally.\u00a0 Is the company able to staff a compliance program 24\/7?\u00a0 If so, then having an internal hotline seems just as good as having a vendor-staffed hotline.\u00a0 If the organization cannot staff the hotline at all hours, then it needs to seriously think about whether its program is doing all it can to make it easy for workforce to report suspected non-compliance.\u00a0 And this brings us full circle to the webinar question, whether an internally staffed hotline increases a company\u2019s risk.\u00a0 It seems to me this splits off into two streams: (a) Could the company have had a better compliance program by outsourcing the hotline? (b) Is an over-worked compliance office prone to dropping the ball on information reported to an internal hotline?<\/p>\n<p>With respect to the first question on risk, I would say the larger the organization and the more complex the regulatory environment the more the company has a burden to make sure the hotline is staffed with a human at all hours. \u00a0Once a company sets up a voicemail box for after-hours calls, it\u2019s a fairly easy slippery step to increase reliance on the voicemail box during business hours \u2013 all sorts of excuses creep up; breaks, sick days, vacations for the person staffing the line all default to a voicemail box. What the company doesn\u2019t know in these situations is whether the voicemail box has become a deterrent to reporting.\u00a0 All could appear to seem well managed.\u00a0 It might not be long before the company wonders why a human should staff the hotline live at any hour.\u00a0 If that is the road a company takes, then the effectiveness of the compliance program will grow weak.\u00a0 It will never know what it\u2019s missing.<\/p>\n<p>With respect to the second question on risk, an over-worked compliance office may just as easily drop the ball on an issue reported to an internal hotline as it may for an issue reported to a vendor-staffed hotline.\u00a0 Over-worked is over-worked.\u00a0 But there is a greater likelihood that a vendor-run hotline will have a tracking mechanism to log the hotline calls for reference.\u00a0 Having the vendor maintain a tidy call log frees up the compliance staff to manage the calls when they are lobbed over the fence from the vendor.<\/p>\n<p>All in all, vendor-run hotlines seem to make sense, assuming a company can afford the price tag.\u00a0 Then again, the price is likely to catch up with the company one way or another, whether through vendor fees (for externally managed hotlines), increased internal staff (for internally managed hotlines), or a failed compliance program (for hotline breakdowns).\u00a0 So, does an internal hotline increase a company\u2019s risk?\u00a0 Not necessarily, but it\u2019s better never to find out the answer to that question.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ryan Meade Editor-in-Chief Director of Regulatory Compliance Studies at Loyola University Chicago School of Law &nbsp; Yesterday\u00a0I gave a webinar on compliance program hotlines and an interesting question came in after the broadcast: \u201cInternally staffed compliance hotlines seem like a bad idea. \u00a0Doesn\u2019t an internal hotline increase the company\u2019s regulatory risk?\u201d\u00a0 Internal hotlines could increase &#8230;<br \/><a class=\"read-more-link btn btn-outline-secondary\" href=\"https:\/\/blogs.luc.edu\/compliance\/?p=53\">Read more<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[1060,2091],"class_list":["post-53","post","type-post","status-publish","format-standard","hentry","category-compliance-the-law","tag-hotline","tag-vendors"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/53\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}