The security of sensitive information is highly critical, not only because the attorney-client privilege may be jeopardized (for investigations conducted under the supervision of an organization’s counsel), but because the risk of unauthorized access carries with it the possibility of retaliation against would-be reporters.
In an age where U.S. and international laws and regulations prescribe considerable penalties for retaliation against whistleblowers, it is critical for companies to be vigilant in partnering with an established and reputable compliance solutions provider that takes access governance seriously.
While recent innovation in the compliance solutions space has resulted in a plethora of so-called “best in class” reporting and incident management platforms, too often these platforms lack the customizable access features that permit visibility into the compliance function but scrupulously guard against unauthorized access.
Moreover, even where companies purport to offer “integrated” solutions that are billed as a one size fits all solution for corporate compliance programs, such solutions are often incapable of providing the level of customization necessary to preserve transparency between relevant stakeholders while protecting more sensitive details from unauthorized disclosure.
The popularity of reporting and incident management mechanisms has resulted in the proliferation of compliance solutions of variable capacity and quality. Many compliance solutions providers, for instance, purport to offer reporting solutions but lack the capability to integrate those reporting solutions with incident management systems.
Conversely, some compliance solutions providers that offer incident management platforms lack the ability to receive confidential and anonymous reports. This perpetuates the fragmentation of compliance operations and results in a lack of efficiency and transparency–two attributes that are critical to the proper functioning of an organization’s compliance role.
Among other things, the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) and U.S. Securities and Exchange Commission (“SEC”) regulations–applicable to all publicly traded companies–require organizations to implement an internal reporting mechanism for the receipt of confidential and anonymous reports of potential malfeasance.
While the requirement to maintain such a reporting mechanism pertains mainly to financial and accounting irregularities, publicly listed companies–and increasingly, privately held companies–have generally utilized hotlines on a more expansive basis to encompass all types of potential malfeasance, including but not limited to, violations of a company’s code of conduct, potential legal and regulatory infractions, and even reports concerning third-party misconduct that might implicate the principal organization.
GAN Integrity is an industry-leader in the compliance solutions space, offering a fully integrated compliance management platform that allows compliance officers to receive, prioritize, investigate, and appropriately disposition reports of potential misconduct.
GAN Integrity’s compliance management platform is fully customizable, permitting an organization’s compliance function to replicate existing investigative workflows and share the results of pending and completed compliance investigations with stakeholders across the company.
Access to investigative details can be restricted with the click of a mouse, allowing compliance officers to preserve the confidentiality of highly-sensitive internal reports with considerable ease.
GAN Integrity’s embedded access governance feature also tracks access to such critical details, allowing the company to generate audit trails that attest to the organization’s commitment to preserving the integrity and confidentiality of sensitive information.
GAN Integrity’s robust reporting features enhance the ability of the compliance function to identify major investigative trends and engage in “root cause” analysis. Increasingly, such “root cause” analysis is required by regulators and enforcement authorities as an integral part of demonstrating that the organization has adopted appropriate remediation measures.
Proper case control
By empowering compliance officers with the ability to categorize and subcategorize incidents and investigations, GAN Integrity facilitates the identification of major compliance program deficiencies and consequently, equips compliance officers with the empirical evidence needed to justify corrective action.
Learn more about the importance of granular access controls.Explore the platform