Bill Piwonka – Compliance Building

Portugal and Ethics Hotlines

Under guidelines published by the Portuguese Data Protection Authority on the 1st October 2009, a whistleblower cannot make a report anonymously. I have to admit that I can’t read Portuguese, so reading Deliberação Nº 765 /2009 does not help me much in interpreting the limitations. (Google translate helps.)

Most EU member states allow anonymous reporting as a last resort. Portugal went a step further and outlawed anonymous reporting completely.

The Portugal guidelines also limit hotline use to reports of corruption, banking and financial crime and internal accounting controls. It’s not allowed for breaches of general codes of conduct. To go a step further, whistleblowers may only report against individuals in managerial positions.

If you are a public company with operations in Portugal and required to have whistleblower hotline under Sarbanes-Oxley, you need to look at these limitations. They seem to be in direct conflict.

Thanks to Bill Piwonka of EthicsPoint for letting me know about this. EthicsPoint supplies my company’s hotline.

Sources:

Deliberação Nº 765 /2009 (in Portuguese) Principles Applicable to the Treatment of Personal Data the Purpose of Acts of Internal Communication Management Financial Irregular (Lines of Ethics)
Anonymous whistleblowing banned in Portugal by Robert Bond of Speechly Bircham LLP

Winding Down From Compliance Week

My head is full of compliance goodness after spending 2.5 days at Compliance Week 2010. The Mayflower Hotel is a great place for a conference this size, with plenty of places to run into people.

Substance

The agenda was full of great substantive information from fellow compliance professionals. There were sessions on metrics, social media, corporate governance, ROI, organizational structures and communications. There were lots of closed door sessions that have not made their way into the blog, where compliance professionals could have more open discussions without the presence of media or vendors.

On top of that, we heard some great perspectives from top government officials, like Lanny Breur, Gary Grindler, Shelley Parratt, Barney Frank and Luis Aguilar.

Of course the best part of any conference is being able to interact with your peers. This was a great gathering of people in the compliance field.

Old Friends

For me, it was great to once again spend time face-to face with old friends like Scott Cohen, Matt Kelly, Bruce Carton, Francine McKenna, Melissa Klein Aguilar, Bill Piwonka, Carole Switzer, Kathleen Edmond, and Scott Giordano.

New Friends

One of the great things about have a blog, or micro-blogging on Twitter is being able to get in touch with people prior to meeting them in person and then staying in touch with them.

Here are some of the Twitterati I was finally able to meet face-to-face:

	Tom Fox @tfoxlaw http://tfoxlaw.com
	David Seide @davidSeide
	Scott Mitchell @mitchell360
	Doug Jacobson @tradelawnews
	Doug Chia @dougchia

Of course, I met more people who don’t blog or use Twitter. It’s just harder to keep those weak ties.

Behind the Scenes

Gina Imperato, Elizabeth Busch, Anne Frey-Mott, Beckie Jankiewicz and the rest of the Event Studio team did a great job of running the conference, getting the attendees where they need to go and making the speakers look good.

Next year

…..

Social Media and Your Compliance Program

Bill Piwonka, Amanda Mayhew and Rodica Buzescu from EthicsPoint gave a webinar on social media and compliance. These are my notes:

The presentation started with a user poll on the approach to social media at the attendees’ organizations:

27% block all social media sites
42% block a few social media sites
only 29% allow all social media sites

In a second question, I was surprised to see that 37% of the attendees said they were using some form of Web 2.0 in their ethics program. That seemed like a big number to me.

Bill started off with a brief discussion of his view of web 2.0 and social media. He also highlighted some of the approaches and tools used by EthicsPoint. He moved on to the need of companies to monitor their brand. It easy for customers, employees and competitors to craft your brand for you (and not in the way you want). You need to know what is being said and be prepared to respond when necessary.

On the call, 11% of the attendees did not use any social media platform, 11% used one, and 40% used 2 or three. The rest (like me) used more.

Why should compliance care about Social Media? It is here to stay. Generation Y and the Millennials grew up an learned in the world of social media. They enter business organizations and are cut off from the tools they used to learn and communicate.

Rodica took over and shared her perspective. She is new to EthicsPoint. When she started, she was cut off from her networks since they blocked Facebook, instant messaging and many other social media tools.

Amanda took over and gave her perspective as the general counsel and privacy officer at EthicsPoint. She pointed out that younger workers may not have been in the business environment long enough to realize that there are limits on what you can say outside the organization and inside the organization. EthicsPoint focuses on privacy and protection of their clients information. They have a tight policy on social media to protect that information.

Bill stepped up and pointed out that you cannot ignore social media. Even if you block access, employees can easily access them from a mobile device or home. Blocking is not an effective policy. You need to let your employees know what they can and cannot do. You need a policy. Bill used Intel’s Social Media Guidelines as an example.

Bill also pointed out that even if the company does not want to engage in social media, they need to monitor what is being said about your company in social media. You also want to make sure that someone else does not use your brand on social media platforms.

Amanda came back to emphasize a few points. It is important to make it clear what is confidential and what is not public. Another point was to be respectful, realizing that your mother, friends and boss may ready what you say. Anonymity is also a hot button for her.

What can you do? How can compliance professionals use Social Media?

Create a Facebook group for your compliance team. Allow people to see who you are and develop a relationship and trust.

Use YouTube to host and distribute training videos. Why buy expensive video hosting servers and software when YouTube will do it for free.

Best Buy uses a blog to make ethics a completely transparent dialogue. Best Buy’s Chief Ethics Officer blogs on actual ethics and incidents at Best Buy. Of course, she does not use real names and disguises identifying information.

Use web 2.0 for professional development by joining online communities focused on ethics and compliance issues. EthicsPoint has user forums focused on its product.

In the Q&A there was a lot of discussion about how much to monitor and how much to limit. “Ignorance is not bliss.”

Another issue that came up in Q&A is who to friend on Facebook and who to make connections with on LinkedIn. In particular in the educational environment it is very tricky to friend or not friend. There is a similar dynamic in the workplace.

What about productivity? Does Facebook turn you into a slacker? Does blogging make you less useful? Bill turned this around and gave example of how he uses these tools as part of his job. (It was an impressive list.)

How do you develop your own policy? EthicsPoint started with Intel’s Social Media Guidelines as their model. (You can also take a look at one of my models: Blogging / Social Internet Policy.)

(In the interest of disclosure some of the material was borrowed from my presentation on Social Media at the Boston EthicsPoint Regional User Forum in Boston. Bill also noted this in the presentation)