Most organizations have some form of procedure in place for reporting and escalating compliance issues, whether due to guidance from enforcement authorities or legal requirements. These procedures can range from informal chats with management to anonymous external hotlines.

The effectiveness of these mechanisms can be limited, however, if employees are not aware they exist or are hesitant to use them. Fear of retaliation and a lack of trust in the outcome of an investigation are often cited as common reasons for such reluctance.

The practice of reporting and escalation must be effectively embedded in the organization's culture, with a particular focus on the level of employee awareness and comfort in using these mechanisms. Identifying and addressing any deficiencies is also crucial.

View full image: How are staff, contractors and other responsible individuals made aware of your organization’s compliance escalation/reporting mechanisms? (PDF)

Companies are publicizing reporting mechanisms in various ways

The responses show that resources matter. Organizations with revenues in excess of US$1 billion are more likely to promote reporting mechanisms than those below this threshold. Better resourced organizations tend to have more employees, and the responses show that those with more than 10,000 employees do more to ensure the effectiveness of their reporting mechanisms. Similarly, publicly listed companies do more to raise awareness of escalation and reporting mechanisms than do private companies.

Training is seen as the most effective way to raise awareness of reporting mechanisms: 84% of respondents said they achieve awareness of their reporting mechanisms through training.

Internal communications and reminders also featured prominently. Comparatively few organizations (30%) said that they use compliance champions or ambassadors.

A small number of organizations (2%) revealed that they do not have a formal compliance escalation mechanism.

View full image: Does your organization measure… (PDF)

View full image: Does your organization measure employee awareness of the escalation/reporting mechanism? (PDF)

Companies are not consistently measuring hotline awareness and effectiveness

Despite the importance of employee awareness of reporting mechanisms, only half of respondents (51%) stated that their company measures employee awareness of those mechanisms. Conversely, 35% of the respondents stated that they do not track employee awareness. And a significant minority (14%) did not know whether any such testing occurred.

Large companies are significantly more likely to test employee awareness of hotline mechanisms than small companies. Approximately one-third (34%) of companies with less than US$250 million in revenues reported testing employee awareness of reporting mechanisms, compared to more than two-thirds (68%) of companies with more than US$10 billion per year.

Uncertainty about reporting mechanism testing also appears higher, however, in larger companies (17%) than in small companies (3%).

Of further interest is the number of frontline compliance personnel who did not know how or whether their organization monitors employee awareness of how to report concerns: 25% investigation directors; 19% Compliance and Ethics officers; and 33% legal teams.

The levels of uncertainty about these fundamental compliance functions seem surprisingly high and concerning given the surveyed population: the very personnel tasked with compliance and legal risk assessment. These responses suggest that a significant minority of respondents would have a limited ability to address questions from enforcement authorities about the effectiveness of their reporting procedures.

View full image: Our organization’s policies and procedures to protect employees who report suspected misconduct are working effectively (PDF)

View full image: What are the top reasons cited by employees, if any, for concerns with using escalation/reporting mechanisms?(PDF)

Companies that measure hotline awareness report greater confidence in whistleblower protections

Ensuring that employees are aware of reporting mechanisms in the first place is fundamental, but measuring employee comfort and experience with using hotlines is equally important in ensuring that such mechanisms are effective. While fewer companies reported measuring employee comfort with reporting mechanisms than with awareness, companies that measured employee comfort showed higher levels of confidence in the effectiveness of their anti-retaliation policies and procedures.

Companies that measured employee comfort with reporting mechanisms were much more likely to believe their anti-retaliation policies and procedures are effective (83%) than are companies that did not measure employee comfort (65%).

View full image: How many compliance escalations does your organization typically receive in a 12-month period through the escalation/reporting mechanism or other channels? (PDF)

Employees' concerns focus on hotline integrity, not technical implementation

Survey responses indicate that employee confidence in the processes in place following submission of a report is lacking, which, in turn, creates a potential barrier to compliance escalations being made. The survey results suggest there is more to be done across all industries to give employees comfort that reports made in good faith will be taken seriously and acted upon, and that reporting parties will be adequately protected against retaliation.

The persistence of familiar deterrents to reporting—fear of retaliation, futility and anonymity concerns—suggests that many organizations struggle to constructively make use of this frontline, internal information resource.

Roughly half of respondents identified the same three reasons why employees are reluctant to report potential compliance issues: fear of retaliation (55%); concern that nothing will be done (50%); and concern that reporting is not anonymous (47%).

These concerns were more pronounced among the largest companies, where three-quarters (75%) of respondents cited employee fear of retaliation, and approximately two-thirds were concerned that reporting would not be anonymous (67%) or effective (63%).

View full image: Compliance escalations volume compared with Compliance and Ethics team size (PDF)

View full image: Our organization’s policies and procedures to protect employees who report suspected misconduct are working effectively, by Compliance and Ethics team size (PDF)

Compliance escalations volumes: Benchmarking trends

Given that the number of escalations is likely to be a key metric for understanding how effectively reporting mechanisms are operating in practice, organizations may wish to track periodically the number and type of escalations as part of their monitoring processes.

Almost one-quarter of respondents (23%) stated that they did not know the volume of escalations in their organization.

Approximately two-thirds (67%) of respondents had fewer than 499 compliance escalations per year, with the largest percentage indicating that they typically received between one and 99 escalations (43%).

Escalations seem to increase roughly in proportion to the organization's size. More than half of companies with 499 or fewer compliance escalations a year had fewer than 20 Compliance and Ethics team members. Meanwhile, 72% of companies with 1,000 or more compliance escalations per year had more than 50 Compliance and Ethics team members.

This result is not necessarily cause for concern, as more escalations are reasonably to be expected in bigger companies and may, in fact, be indicative of a healthy reporting culture. Larger organizations also may have additional resources deployed to address the escalation of compliance concerns, resulting in greater familiarity across the business with reporting mechanisms.

Overall, companies with larger Compliance and Ethics teams reported higher levels of confidence that hotline policies and procedures are working effectively.

While the financial services industry has historically faced significant scrutiny of its compliance performance, it may not be leading the way in promoting awareness of escalation mechanisms, according to the survey results. Instead, the pharmaceuticals/healthcare and energy & natural resources industries appear to surpass the financial services industry in this regard.

Typical hotline volumes vary dramatically by company size and industry. One-quarter of respondents reporting more than 1,000 escalations per year were from companies with more than 50,000 employees. No companies with fewer than 10,000 employees received escalations at this level. From an industry perspective, technology, media & telecommunications (14%), industrial manufacturing (8%) and pharmaceuticals/healthcare (7%) were most likely to report more than 1,000 escalations per year.

View full image: Excluding HR/employment-related escalations, how many compliance escalations does your organization typically receive in a 12-month period through the escalation/reporting mechanism or other channels? (PDF)

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2023 White & Case LLP}