A case management system is a key piece of any best-in-class compliance program. This system provides the compliance department with a means to handle potential misconduct, investigate allegations of wrongdoing, and then dispense discipline. Ensuring you have a strong and robust case management system is imperative, especially as many investigations are conducted virtually during the pandemic.
Based on my experience, here are four key missteps that compliance practitioners should avoid:
1. Failing to Document Everything
If there is one thing that I stress over and over and over again with regards to case management, it’s this: document, document, DOCUMENT. Document everything—all of the information you obtain and all of the procedures you followed. This includes documenting all the information you collected and reviewed, everyone you spoke to, who was in the room, how long the interviews last, and your impressions following the interview. It is important to note that this also includes gathering all the data together. Important information is not considered “documented” simply because it exists in an email somewhere. The information or communications must be included in the case file in order to be truly “documented.”
The goal here is to create a complete record of all pertinent information relevant to the matter at hand. That way, anyone reviewing the file in the future has a full and complete picture of all that was done on the matter, all information that was acquired, and how the team arrived at the final disposition. As employees come and go, important information may be lost if it’s not written down and included in the case file.
Further, you can never know if an incident will eventually mushroom into a much larger issue down the road where that information would be extremely useful. It’s an issue I’ve seen with some of our clients. They’ll bring in outside counsel for a serious incident, and they’ll reference a prior investigation or earlier actions, but lack the documentation to provide any guidance or support. The records are lacking key information that would be extremely relevant to the case at hand. This hamstrings any subsequent efforts. So while this may seem onerous initially, understand that a good case management system can automate most of these steps and make things much easier in this regard.
2. Letting Valuable Data Go to Waste
As a company continues to utilize a case management platform over a period of time, it begins to build a library of data that can be leveraged in a variety of unique ways. Most companies now track reports and substantiation rates and benchmark those against their peers. But there’s more that can be done with this data. Just for a few examples, the data obtained can be used to identify trends, tailor training, and communications, and potentially recognize potential issues before they grew into major problems.
Notably, the takeaways from investigations can be applied in a variety of ways. For larger companies, lessons learned in one unit are surely applicable to other business lines throughout the organization. We’ve suggested to some clients to form a cross-business investigations committee, to review key investigation reports and share the findings and remediation with each other, to figure out how they can be applied throughout the organization.
The lessons learned also make great training material. Collecting all of this data in one place provides a number of real-life examples that can be used as case studies in future internal training sessions. These types of case studies tend to make a much bigger impact when the trainees realize these are actual cases and actual events that happened in this very company. Using case studies from external sources can be helpful, but there can always be that nagging thought that “this would never happen here.” Internal examples cut away at those thoughts and take hold much better.
In addition to benchmarking, reviewing trends throughout different cross-sections of the organization may point towards budding problems. Often times, major compliance failures result from degradation in culture. Sometimes a rise in retaliation reports, multiple behavioral allegations against a specific manager, or other similar incidents can be the “canary in the coal mine” that warns of impending compliance concerns. Rarely will happy, productive employees compromise the integrity of the organization. Therefore, it is imperative to identify these trends as quickly as possible and take appropriate action to investigate and remediate, in order to maintain the desired culture throughout the entire organization.
3. Ignoring the Importance of Confidentiality
Ensuring the confidentiality of each case takes a consistent effort throughout the life of the program. Most companies focus on confidentiality issues initially as they lay out their case management procedures. At that point, compliance carefully curates a list of individuals that have access to the data in the shiny new case management system. These individuals may include case managers, an investigation committee, and the entire C-Suite. But then an allegation comes through the hotline alleging financial fraud that directly implicates the CFO. An investigation is appropriately commenced and underway, and information is being collected, documented, and input into the case file. No one thought to restrict the CFO’s access to this file, and if the CFO were to access the file while the subject of an active investigation, it would taint the entire process.
I also recall a client years ago that maintained an investigations committee that held a standing meeting at the same time every month to discuss the ongoing investigations. This meeting was conducted by phone, with a conference line that included a password to log on. The problem is that the phone number and password were never changed. There was also no way to know who was on the line at any given point unless that caller announced themselves. By the time we were involved, the meetings had gone on for years and a wide variety of individuals had been invited to join at various points—me, for example, as outside counsel. By this point, there was really no way for them to know who else had the call-in information or where it had leaked to. We made sure to flag this issue for them in our final report.
Now, this doesn’t mean you need to begin speaking in codes or any other drastic measure. For the previous example, it would suffice to simply change the passcode periodically or move to a platform that can identify everyone in attendance. This is simply a reminder to be vigilant in ensuring confidentiality because failing to do so will negatively impact your entire case management program.
4. Using Outdated and Inefficient Processes
You’d be surprised how many times we begin working with a new client, only to find that their case management program consists of an endless number of spreadsheets and Word documents. Nothing integrates with anything else, it takes a significant amount of time to pull any kind of useful data, and just finding a specific document can be like searching for a needle in a haystack. Moving away from these dated processes to a modern, integrated platform will help boost any compliance program.
For years we’ve been harping on the need for compliance programs to focus on new technology, specifically systems that can provide automation of key processes. A company’s case management program is a key area where technology can drastically improve the efficiency and efficacy of the process. Leveraging technology to handle tedious and manual processes allows the compliance department to instead focus their time on moving the program forward, and focusing on proactive measures. Even my prior suggestions in this article can all be enhanced by using a quality platform. For example, a quality platform will automatically log and track a majority of items that we suggest documenting—dates, times, users, reports, etc. It will also provide an audit trail throughout the investigation.