Fraud and Compliance Hotlines: Benchmarks, Trends, and How They Can Yield Greater Security Value

Reports to fraud, compliance, and ethics hotlines tell the story of a workforce increasingly willing to voice complaints, less worried about the pandemic, and increasingly intolerant of discrimination and harassment. The volume of reports also underscores their potential value as a tool to identify and investigate loss and security events.

“Our number of reports is higher than ever,” said Justin Ross, chief compliance officer at FedEx, in a NAVEX webinar March 30 on the release of data from its Global 2022 Risk & Compliance Hotline Benchmark Report. “The last two quarters, we’ve had the highest quarters we’ve seen in total number of reports.”

Ross attributes the increase, in part, to a successful “speak up” campaign that encouraged workers to report concerns and its efforts to improve workers’ understanding of how reports are handled, but high turnover in warehouses and greater workplace incivility also appear to be factors.

- Sponsors -

Benchmark data from NAVEX and ComplianceLine’s 2022 benchmark report paint a clear picture of employees more ready to report misconduct than ever before, according to the firms. “Employees have a very different view of their rights in the workplace post-COVID,” explained Carrie Penman, chief risk & compliance officer at NAVEX. “Pair this with the tight labor market where employees know they have other readily available employment options and it’s easy to see why employees feel emboldened to openly report workplace issues.”

Notable in the new data is an increase in fraud reporting and allegations of misconduct, which hit an all-time high in NAVEX’s decade-long annual study. Ninety percent of all reports in 2021 were allegations of misconduct, up from 86 percent last year and 79 percent in 2012.

Reflecting today’s more emboldened workers, anonymous reporting fell to an all-time low of 50 percent, according to NAVEX data derived from more than 1.3 million global incident management reports. Though down overall, ComplianceLine data showed the commercial sector (which consists of retail, logistics, hospitality, real estate, and professional services) has one of the highest anonymity rates.

Key benchmarks from NAVEX data:

  • The average number of reports remains slightly below pre-pandemic levels at 1.3 per 100 workers.
  • Case closure time averaged 42 days in 2021.
  • Original issues—as opposed to follow-up reports—constituted 67 percent of reports.

Key trends:

  • Security or theft was the primary issue in 5 percent of reports and saw a 38.9 percent in 2021.
  • Organizations continued to see elevated levels of safety-related cases although they were the subject of fewer reports than in 2020 as concerns over the pandemic started to recede.
  • Workplace civility related issues, including retaliation, harassment, and discrimination, jumped significantly. Reports of harassment rose above levels seen in the height of the #MeToo movement and reports of discrimination rose above the levels reported in the year George Floyd was killed, note NAVEX analysts. “Together, these findings suggest employees are paying closer attention to workplace civility issues, which reflects growth in conversations about systemic racism and political divisions, as well as increasing protection for whistleblowers in society at large.”

Is Your Company’s Hotline Serving Security & LP Goals?

Matt Kelley, CEO of Radical Compliance, said the wide range of issues that employees are reporting to fraud and compliance hotlines stood out to him more than increases in certain categories of reports (see accompanying figure).

“What strikes me is that the spread and the diversity of cases that compliance officers hear about on the hotline is really quite wide,” said Kelley, a panelist on the NAVEX webinar. He warned that it is easy for reports to become a tangled mess of concerns. “It really drives home the point that you need a disciplined case management capability, because you’re going to get all sorts of stuff that is going to need case management, and it is that poor handling of cases, or the lack of discipline in how you triage and investigate and gather evidence…that can make your company fall on its face at some point.”

Companies need a system to triage, investigate, and escalate reports to the appropriate people. They also need to effectively close the loop. If companies fail to timely review allegations and communicate effectively with employees, they may find that workers are quicker to turn to outsiders, including media, attorneys, or the government, when they see wrongdoing.

The value of a company compliance/ethics hotline as a theft prevention and investigative tool is not assured. Operational and technical issues—or simple neglect—can limit the effectiveness of hotlines. Several years ago, for example, after abuses were uncovered at a poultry supplier to Purdue Farms, it was noted that the phone number for a Perdue hotline went straight to a fax machine.

Company hotlines serve many stakeholders, including human resources, finance, and environmental, health, and safety. Additionally, for companies who operate hotlines to satisfy regulatory requirements, the goal of leveraging reports to help meet the objectives of loss prevention teams may not be on the radar. To that end, security leaders, consultants, and hotline providers suggested some questions that are worth asking:

Is it being promoted? The number of security tips that a hotline receives directly correlates with how familiar employees are with the program. In addition to a traditional integrated communications campaign, security leaders should extend program awareness to include the employees of suppliers and contractors. Employees of a supplier are often willing to alert a client to fraud by his/her company and listing the hotline number in correspondence with suppliers is an inexpensive action that has helped uncover fraud for many companies, according to hotline providers. To maximize incident capture, hotlines should be available 365/24/7—only half of hotline calls occur during business hours—and intake operators who can communicate with non-English speaking employees should be available.

Is it being promoted as an alternative to security incident reporting? People prefer internal, in-person reporting, according to some research. This suggests that not everyone who has information about theft, fraud, or other security issues will want to use a hotline—especially one run by an outside company—to report it. A hotline provides an alternative way for employees to report security problems, but it should not be presented as a substitute for reporting security concerns to the LP department or through other internal channels.

Some companies find it best to promote an ethics hotline for complaints and concerns on accounting matters but to direct employees to report concerns relating to security issues to their supervisor, HR, or the security department. Others maintain a unique security hotline managed by internal security staff in addition to an ethics hotline. In all cases, however, intake operators should be directed to accept calls of all types, as it’s unwise to tell a caller to hang up and call a different number.

Are you getting the reports you need? A hotline program needs a clear set of rules for how, when, and to whom information from tips is disseminated. Since many types of calls are received by hotlines, security directors should be sure that the protocols are such that security and asset protection leaders are receiving notice of all reports that it wants to receive.

Are operators sufficiently trained? To discourage bogus calls, operators should be able to conduct probing, in-depth telephone interviews so they can distinguish legitimate information from that which seems solely designed to intentionally damage an individual’s career. For this reason, hotline reporting via live operators is considered by many to be preferable to anonymous email, website complaints, or answering machines, although online reporting mechanisms have grown more popular. FedEx, as an example, received 47 percent of reports in 2021 via phone hotlines, but that has gradually decreased from 55 percent in 2019, according to Ross.

While often preferred by individuals making reports, online reporting methods don’t permit interviewers to ask follow-up questions or seek clarification, and so are more likely to be used by individuals making false reports, which can result in countless wasted hours by investigators.

Are emergency protocols clearly identified? A call to a hotline to report minor theft and a call that suggests an imminent threat of violence demand different responses. Call centers or internal call handlers must have clear direction for the types of incidents that demand immediate, expedited reporting, such as threats of workplace violence or the release of proprietary information, versus incidents that can be processed via the normal dissemination process, such as a report of falsifying expense account charges.

Are you periodically testing the hotline for performance? To ensure hotlines are serving your security goals, periodically test intake operators’ interview style, questions, and performance, as well as the quality and timeliness of the subsequent report to the security department.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.