Multinational enterprises have to climb a pretty steep mountain when it comes to compliance and employee relations. Cultures, laws, and regulatory standards vary widely from country to country—even, in some cases, from city to city. Local managers must learn to cope with, and adapt to, each of these differences, while at the same time adhering to company-wide policies and codes of conduct.
The obvious question is whether it is best to adopt a centralized or decentralized approach to Misconduct Investigations. Just how much control should the people at the head office seek to exert over the process? Should they back off and allow the folks on the ground to deal with any problems, or is that a surefire recipe for disaster?
In most areas of their operations, multinational companies tend to favor decentralized structures. Decentralization allows employees to make decisions faster and to tailor product and service offerings to local customers. Local units are typically considered to be more efficient and capable of responding quickly to changes in the market and the business environment.
On the flip side, decentralization can be a Compliance and Human Resources nightmare. With so many different people at different levels of the organization responsible for gathering information and making decisions, it is all too easy for important details to fall between the cracks and for seemingly isolated problems to spiral out of control.
The Case for Centralization
Although there is no perfect strategy, experience suggests that a balanced or two-pronged approach makes the most sense. Companies often empower local compliance teams to investigate policy violations and allegations of misconduct, and in most cases this yields good results. Having said that, I believe there needs to be centralized oversight for two major reasons.
First, centralized oversight makes it easier to identify and deal with repeat offenders. Over time, employees tend to move around the organizational chart, climbing the corporate ladder, or even transferring to a new division or business unit. The risk is that if an incident is reported only to the local or regional compliance group, there may be no way to ensure that managers in other parts of the organization are aware of that particular employee’s history.
One of my clients recently told me about a case in which an employee had transferred to new positions within the company no less than five times in five years. In each new job, the employee’s misconduct was reported to the regional compliance group for investigation. Disciplinary action was taken each time. The problem, however, was that each of these cases was treated separately, as though it was a first offence. The disciplinary action should have been escalated with each successive infraction, but due to the absence of a comprehensive case history, that did not happen. If one of the offender’s victims had taken the company to court, the organization’s failure to detect a pattern of misconduct could easily have be seen as negligent.
The second reason why companies should consider centralizing employee relations data is that it enables managers to identify and implement corrective measures proactively. It also provides the compliance department with the insight it needs to develop programs targeted at “problem” areas within the organization. If each region acts as an island, it can be difficult or impossible to identify enterprise-wide trends or to take advantage of serendipitous discoveries. Using advanced analytics across the entire data set makes it possible for executives to detect global patterns and to determine the appropriate response. This may lead to recognition of the need to rewrite policies or to roll out enhanced training in areas identified.
Brave New World: The Impact of Social Media
In the age of the Internet, it only takes one person, one action, and one second to put a company’s reputation on the line. The popularity of social media in particular has hugely magnified the challenge of managing information about your organization. An incident or alleged misconduct at one location can quickly become an enterprise-wide public relations headache.
For global companies, the stakes are even higher. Consumers typically expect multinational companies to behave in a manner consistent with the laws, values, and cultural norms of the home country. It’s not enough to stay on top of regulatory requirements and regulations in the home country; the same attention must also be paid to compliance with laws and expectations in the other countries in which the corporation operates.
Bear in mind that the court of public opinion is often even more demanding than a court of law. No matter how well managed your company is, allegations of workplace misconduct are bound to arise that pose a risk to your brand and hard-earned reputation. It’s how you respond to such incidents that determines the degree of any lasting damage to the company.
A Timely Response to Allegations
Employers and investigators need to understand the importance of handling every case of alleged misconduct in a timely, professional manner. That means taking a systematic approach to employee misconduct allegations. At a minimum, we advise our clients to:
1. Document every allegation.
Local compliance officers should maintain an electronic record of every complaint or report of misconduct, regardless of its perceived credibility. Not every report or allegation will necessitate a full investigation, but over time the data you collect will provide managers with a global view of the company and any likely problem areas. Where investigations do take place, all documentation must be completed thoroughly and in conformity with court requirements, to ensure you are prepared if and when the case goes before a judge.
2. Categorize risk potential.
Every allegation should be assessed for risk. The process does not have to be overly scientific. Something as simple as a “high, medium, or low” rating system might well suffice. The key is to make it easier for the Compliance department to identify and monitor high-priority investigations.
3. Keep everyone in the loop.
All relevant information should be stored securely in a centralized database that can be accessed easily by investigators in the field, regional managers, and head office executives. At the same time, your case management system should provide the ability to restrict access to personal or confidential information. This approach allows corporate headquarters to identify trends and analyze data while ensuring compliance with country-specific privacy laws.
4. Make sure investigations stay on track.
Your case management system should include automated workflow alerts and reminders to ensure that investigations proceed efficiently and on schedule. You may also want the ability to rigger notifications based on case-related factors, such as geographic location, the nature of the complaint or allegation, risk potential, and any applicable regulatory milestones or deadlines.
Again, the important thing is to ensure that individual allegations are fully documented and that all appropriate personnel are kept informed at every significant stage of the investigation. For global companies in particular, it’s vital not to let anything fall between the cracks.
This article previously appeared in the SCCE’s Compliance & Ethics Professional Magazine, reprinted with permission.