Whistleblowing Systems: a curse or a blessing? How to assure that it’s not used as a complaint management.
Enabling employees and external partners to report compliance irregularities and infringements anonymously, not complaints, via the fair use of the whistleblowing portal is a challenge for compliance officers. Can you describe your experience in this matter and give some concrete examples?
Maria: There is an easy remedy to avoid that employees use the whistleblowing portal only to report complaints and frustration about their job or their managers. Give them compliance training. Explain to them in person the function of the whistleblowing line. I always begin to underline this first step to my clients who intend to introduce a whistleblowing line in their organisation. It’s not simply communicating about a new working tool available for employees, and it is often overlooked. Confidentiality provides the employee with an appropriate guarantee, trust and courage to report a compliance infringement that is often not possible in a direct escalation with his or her manager, ethical/HR referent or a worker council representative. But both procedures, confidential whistleblowing system and non-anonymous direct escalation, should be established in an organisation. Indeed, they strengthen the protection of the company against risks. The second and crucial step is the management of those whistleblowing cases received by the compliance officer. Processes must be defined up front to deal with each case in full confidentiality and in compliance with data protection. It’s a complex and sensitive topic that can be a nightmare for an organisation neglecting the two steps that have been mentioned.
Bénédicte: I can only confirm this pitfall. Having to deal with an incorrectly reported whistleblowing case is not only time- and budget-consuming, but is also misleading for a company. To check the veracity of the case, the compliance officer launches an investigation, which sometimes requires the involvement of an external lawyer or ombudsman. You can’t expect to do it for all whistleblowing cases. Process clarification and awareness communication must be done from the beginning in the company, which is to say that the process is clarified with top management, HR and the workers’ council, and communication addressed to all employees.
Regarding anti-corruption, how do you assess the adequacy of an invitation received? It remains common that employees receive invitations to events from external partners that are not exclusively business oriented.
Maria: When you are doing business, it is normal to receive incentives from clients and suppliers. Of course, it depends on the nature of the incentives. If a sales person is invited to an exclusive event where 90% of the agenda is business oriented and only 10% is entertainment, the invitation can be compliant. The costs are paid by the employer of the sales person and not the client, the 10% entertainment is checked in advance by the compliance department, and the invitation is tracked internally on a documentation list. All those criteria confirm that the event can be accepted and there is no compliance issue. Compliance does not forbid participation to all events received from partners for employees. If the event is more about entertainment, then there is obviously an issue.
Bénédicte Querenet-Hahn advises and represents international companies, in particular from German-speaking countries, in matters of French business and labour law. Her subjects are labour law, commercial law, corporate governance and risk management, compliance.
Maria Lancri assists and advises international companies in French, English and Spanish. Her subjects are compliance, data protection, corruption, product safety, distribution, competition law.
Chloé Saby, M.A., binational studies of political sciences (Aix-en-Provence/Freiburg) and guest Compliance lecturer at Parisian universities. Chloé Saby is Compliance Officer in charge of the Compliance Management System (CMS) at the Haufe Group. Before that, she developed the CMS of a French-German procurement joint-venture in Paris and Bonn. She was involved on key compliance topics such as risk assessment, data protection and ethics.
Colline Jux, LL.M. in Compliance and Corporate Security (Köln/San Diego) and Certified Compliance Officer. She is, as an compliance expert, Editorial Compliance Manager and inter alia in charge of the Compliance-Portfolio at the Haufe Group in Freiburg. Before that, she worked as a consultant and advised international clients by implementing, developing and checking Compliance Management Systems.
Ihre Premium-Fachdatenbank für Personal, Rechnungswesen und Steuern
Haufe Business Office Professional
Rechtssicheres Fachwissen, optimale Arbeitshilfen: Haufe Business Office Professional ist die Premium-Software für Unternehmen mit höchstem Anspruch. Profitieren Sie von einer großen Wissensdatendank inkl. Tools für die Bereiche Personal, Rechnungswesen und Steuern.
Schlagworte zum Thema: Compliance, Whistleblowing, Compliance-Kultur, Compliance-Beauftragter
- Compliance Regeln und Richtlinien
- Corporate Compliance
- Compliance Management System
- Aufbau eines Compliance Management Systems
- Behörden warnen vor gefährliche Maleware-Mails und Online-Betrug via Pop-ups
- Legal Compliance
- Walk the Talk - Führungskräfte als Vorbild
- Compliance Abteilung aufbauen
- Treuepflicht des Gesellschafters in der Krise: "sanieren oder ausscheiden"
- Existenzstrategie: Risikoanalyse
- Wie lange dürfen Bewerbungsunterlagen gespeichert werden?
- Wann muss eine öffentliche Ausschreibung erfolgen?
- Compliance Regeln und Richtlinien
- Last Minute DSGVO-Informationsangebot für Vereine und Klein(st)unternehmen
- Compliance Officer: Aufgaben und Berufsbild
- Welche Formulierungen in einer Stellenausschreibung können diskriminierend sein?
- Bring Your Own Device: Vorteile, Nachteile, Rechtsrahmen
- Dürfen Teilnehmerdaten an Referenten weitergeben werden?
- Geschenke und Einladungen: Was lässt Compliance zu und was ist tabu?
- Berufsgeheimnisträger müssen E-Mails mit sensiblen Daten verschlüsseln