For companies that want to keep their Compliance programs in line with U.S. government expectations, there are few sources better than the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (ECCP) guidance. The ECCP guidance sets out the DOJ’s expectations and is used to federal prosecutors’ playbook when assessing whether and how much to punish a company for a compliance breach. The guidance is frequently updated, and the changes made in the June 2020 version of the ECCP are particularly worth noting.


The changes in the June ECCP guidance reflect the DOJ's continuing focus on drilling down to determine whether corporations' compliance programs are real or just window dressing. Expectations are high that corporations will put teeth into their programs. The burden is on corporations to keep up and to demonstrate their commitment to an effective program. The more detail the DOJ adds the more important it is to demonstrate that commitment. This isn’t something corporations can put off until they DOJ comes knocking – if they wait until after a problem arises and an investigation has begun, it will be too late.


ECCP guidance has long included an explicit focus on the confidential reporting mechanism – whistleblowing – as an element that prosecutors must assess when determining sanctions. With each new iteration of the guidance, the importance of the mechanism grows. The June guidance makes it plain: “(a) hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations”.


It’s important to emphasize that the guidance judges a program on two elements – is it efficient, but is it also trusted? No matter how well-designed, no whistleblower program can be effective if people are afraid to use it. The right messaging from senior management is important, but the design of the system is what will really persuade employees that it’s “safe” for them to raise issues. Systems that clearly explain the protections embedded in the process are likely to be the most trusted, and therefore most effective, confidential reporting systems.

 

Just as importantly, whistleblower programs are an important part of other elements of the Compliance program as well. They are a source of information regarding policy violations and potential misconduct, alerting Compliance staff to potential violations which likely have not been uncovered by other means. Whistleblower programs also provide a valuable metric with respect to the effectiveness of existing programs and help pinpoint areas for improvement, another issue of regulatory and legal scrutiny. More broadly, they provide context and detail to the overall risk assessment process, indicating which issues are high risk and where the controls are weakest. Implicit in the DOJ guidance is the notion that the whistleblower program should be tailored and configured to meet the needs of the corporation employing it.

 

Lastly, data from whistleblower programs tells a story for senior management as to what the corporate culture really is, as opposed to what they aspire it to be. But that’s not all – an efficient, trusted whistleblowing program helps drive the culture, not just reflect it. Employees notice when management demonstrates a commitment to gaining their trust; providing a mechanism where they can report potential violations without fear of retribution is the clearest way of showing that commitment.


Whispli understands the importance of whistleblower programs – to employees, to companies, and to regulators and prosecutors. Founded by a whistleblower, it emphasizes a clear user interface, customization to fine-tune the company using the system, and demonstrable confidentiality which builds the level of trust that makes or breaks a confidential reporting system.

It wasn’t long ago that whistleblower programs were deemed to be a “nice to have”, a gesture that was meant to be seen but not heard. Now, corporations that lack an effective whistleblower program have little hope for having an adequate Compliance program in the eyes of prosecutors and regulators. To learn more about how you can create and maintain an efficient, trusted, and cost-effective program tailored to you needs.