The whistleblower channel / ethical channel is a key element in many compliance systems . Both the UNE16901 and the new ISO37301 need a complaints channel to properly monitor and follow up on the management system. In labor and IT compliance, a complaint channel is also necessary, without forgetting the already consolidated channels to comply with the Money Laundering regulations. The new European directive 2019/1937 will speed up the process of introducing complaint channels in many organizations, since it will make their use mandatory in companies with 50 or more employees.
It is important to remember that the channel is just one more piece in the compliance strategy . Without a channel we will not be implementing the strategy correctly, but only with the channel, either. Therefore it is a necessary piece, but not sufficient.
At present, many organizations either do not have a reporting channel or have it implemented using an email or a simple form on the web. But, Do we have better alternatives to implement a key piece in compliance management?
With the changes in the data protection regulations (Organic Law 3/2018), and the inclusion of Article 24 on information systems for internal complaints, both email and a form on the web do not seem to be the best tools to implement a channel, since in most cases they will not comply or require an extra effort to comply with the different criteria of anonymity, confidentiality and conservation of the information. Many current systems are out of date and should be updated shortly to avoid, at a minimum, potential penalties.
The management of the complaints channel can be carried out by members of the organization itself, as it can be outsourced to specialists. Therefore, a first alternative would be to outsource the management to a specialist in compliance / complaints channel management. Doing this does not relieve us of the responsibility of ensuring that our channel complies with current regulations.
Large organizations, with their own development teams, they can consider implementing the channel internally . Although it is a feasible alternative, from our point of view the complaints channel is not a strategic tool and although regulatory compliance is very important, the tool that supports it is not. Therefore, although it is a totally valid alternative, we consider that the costs of its development, and especially its maintenance and applied security regulations, discourage this alternative, unless there are “idle” resources that recommend this development.
If we analyze the IBEX 35 companies, we can see that some still use email as a reporting channel, but little by little they are migrating to specific software solutions to manage compliance in general or simply the complaints channel . There are several multinational software companies on the market with suites that offer a multitude of functionality, designed for large organizations.
There are other highly focused whistleblower channel solutions that are ideal for small and medium-sized businesses . Generally, these solutions are offered in Saas (Software as a service) mode, they do not require specific infrastructure and are very easy to implement. The complaints channel has a very clear and defined functionality and also clearly defined regulatory requirements. It is important to ensure that they comply with the regulations and security requirements that are required for this type of solution, when managing highly sensitive information.
Finally, is there any open-source / open source solution in the market. Although the initial costs may seem low as it generally does not have the associated license cost. The maintenance and operating costs are high and are the hidden cost of this type of solution. We only recommend it in organizations that have a large enough IT team to be able to manage these platforms.
Many compliance attorneys / consultants develop their own whistleblower channel tools. In our opinion this is a mistake. Shoemaker to your shoes, compliance specialists must manage the channel or support their clients in managing it, but they should not focus on developing a specific tool that does not really offer differential value to their clients. The differential value is in the management and professional services . Likewise, technology specialists should not enter to provide professional channel management services, for that there are already specialists who know much more and can give a better service on the platforms developed by the engineers.
On ithikios We have developed a complaints channel for small and medium-sized companies and for lawyers who want to offer a complaint management service to their clients. A lightweight tool, which makes a functionality, that of the complaints channel, efficiently.
- Forget the email and simple form on your website as a reporting channel. It does not comply with the regulations.
- If you are very large, look for a very large solution or develop it internally, the first is better.
- If you are medium or small, look for a simple and efficient saas solution that complies with the regulations. If you want to outsource the function, have the lawyers / consultants use this tool.
- Open source solutions, which may seem cheap at first, have very high hidden costs.
- If you are a lawyer / consultant and you want to offer these services, forget about developing and look for a third party that can give you a solution to offer this service to your clients.