If you’ve made the decision to implement an internal reporting system (or whistleblowing hotline), you might be wondering what to do next.
A natural first step is to identify companies that are able to provide the service you’re looking for. As this is a foundational piece of your risk and compliance program, you’ll want to make the right choice first time – so it’s important to have a comprehensive list of your needs and non-negotiables before you receive any sales demos or presentations.
This brief guide provides some useful tips to help you better understand your requirements in order to help you identify and assess potential providers.
All whistleblowing hotline providers are the same – aren’t they?
As with any business service or system, the devil is in the details. But significant differences also exist even at a high level.
For example, while one vendor may offer a range of reporting options (a proven way of generating a higher volume of reports), other vendors may offer just one or two.
Security and data privacy standards can vary too, while the tools provided to help you manage and investigate cases can range from non-existent to enterprise level.
So, where should I start?
You may already have a preferred vendor in mind. While this is a great start, you should always aim to speak with more than one vendor. Speaking to multiple providers will not only increase your chances of finding the most appropriate solution, it will also expose you to different viewpoints and philosophies, enabling you to become a more informed buyer.
Beyond that, here are our recommendations for helping you find the best reporting system for your organization.
How to select the best whistleblowing service provider for your organization
1. Define what you’re looking for
The obvious starting point is to define your organization’s need for your hotline.
The fact you’re reading this article suggests you understand the type of solution you’re looking for – but it is always worth revisiting your key requirements at the outset.
Your brief doesn’t necessarily have to be detailed at this stage, but you should be able to clearly articulate the problem you’re trying to solve and the basic features your service should include.
For example:
- Are you attempting to comply with a legal or regulatory requirement?
- Do you want to gain intelligence about any type of wrongdoing, or just specific areas like fraud or loss prevention?
- If you have an international presence, do you want a multilingual service?
- What multi-lingual capabilities are needed for your hotline based on business locale and employee demographics?
Thinking about your needs upfront will make it easier to rule in – or rule out – potential providers early in the process.
As part of this, you may want to prepare a list of questions to ask potential providers. These may aim to explore providers’ processes, approaches and security measures, while also attempting to discover whether the solution can scale (alongside your evolving needs) in the years to come.
2. Look for reputable whistleblowing hotline providers
When you’ve decided on the features your solution might require, it’s time to start researching the market. You can use a number of approaches to identify possible providers – these are a few of the most popular.
Peer recommendations (word of mouth)
As with any important buying decision, a great starting place is to speak to people who’ve recently made a similar purchase. This might be challenging when it comes to something as niche as a whistleblowing service, but your professional network often proves to be invaluable.
Ask former colleagues, managers and industry connections if they can recommend providers for the type of service you’re looking for. Even if they have not recently contracted with a provider, they may have a similar service in place within their organization. Find out who they use and ask them what they know about the provider and their service.
Even if you don’t place value on the subjective feedback you might receive, it can be the fastest way to obtain the names of a few reputable providers.
Events and conference
Professional and industry events can be a great way to make connections and keep up with the changing landscape. Use these opportunities to discuss the challenges your company is facing – it’s more than likely that you’ll find people who’ve faced similar issues.
If you do, remember to ask whether their solution met their original need (and whether they would do things differently next time). If you can’t find people facing comparable challenges, ask for introductions to people within their organization who may be able to help.
Outsourced whistleblowing services are more or less the norm for most organizations – particularly among medium-large organizations spanning virtually every sector, and those in regulated industries – so you’re likely to gain some useful knowledge from those around you. Outsourcing your hotline to a trusted provider is also a cost effective solution for small-and medium-sized businesses that may not have the resources to adequately run an internal program that meets business needs and regulatory requirements.
Online search
Online research is often the starting point for the majority of B2B purchases. But before you begin, make sure you know the search terms that are likely to return the information you’re seeking.
For example, if you’re purely looking for an outsourced hotline service, you will likely get relevant results using the terms ‘whistleblowing hotline’, ‘ethics line’, ‘compliance line’ or ‘speak up’ coupled with ‘provider’, ‘service’, ‘solution’ or ‘software’.
If you’re looking for a provider that offers a software element too (to support logging, processing and tracking your reports), you may find the terms above coupled with ‘incident management’, ‘case management’, or ‘software’ return more relevant results.
The varying terms are often used to differentiate one provider from another in terms of its approach or philosophy, even though the competing services share similar tools, software and outputs.
NOTE: Services labeled as ‘helplines’ or ‘advice lines’ imply that legally-qualified advice is available to reporters. Clarify this point with the provider to avoid any confusion.
3. Understand the core whistleblowing service
Once you have a list of potential providers, you’ll need to look more closely at the specific services on offer and the differences between them. The fastest way to do this will be to visit their website service pages.
What’s the difference?
Broadly speaking, all ‘whistleblowing hotlines’, ‘speak up hotlines’ and ‘ethics helplines’ serve the same purpose: to facilitate the sharing of sensitive disclosures between an individual (usually an employee, and more and more, third-parties) and an organization.
However, once you begin to delve into the detail you will find a number of important differences between vendors that will influence the success of your program. These will relate to things like:
- Reporting channels (and how they’re managed)
- Approach
- Process
- Security and data privacy
- Technology
- Additional (or complementary) services
Reporting channels
Ask about the reporting channels offered by each vendor, and look for specifics about how they are administered. For instance, “telephone reporting” could mean voice messaging, live call handling in only one language, multilingual live call handling – or a combination of these.
Also try to discover whether their intake channels will be dedicated only to your organization, or shared between customers (e.g., one phone number shared among all customers, or a generic web reporting form). Shared channels can pose a data privacy risk and require deeper investigation.
Approach
Look for clues about how the provider approaches the reporting process and consider whether it matches your requirements.
For instance, your overriding goal may be to give your employees confidence and reassurance about speaking up. If it is, you might prioritize providers with a range of reporting options, anonymous reporting processes and channels that are dedicated specifically to your organization. Depending on your business’ jurisdiction, there may also be multi-lingual requirements. Many businesses operating in the EU, for example, are subject to the EU Whistleblower Protection Directive which has specific requirements on language requirements, follow up protocols, and more.
Process
The providers’ standard whistleblowing processes are also likely to differ slightly – both in the way reports are captured and processed, and in how they are shared with your organization. Look for details on both of these points.
You may also find that some providers will allow you to tailor elements of these processes, while others will follow a more rigid procedure.
Security and data privacy
Recognized certifications can provide reassurance about the security of a vendor’s solution, but check specifically what they relate to (is it the company, a process, or a piece of software that meets the standard, for example?)
Be sure to find out how (and where) your data will processed and stored, and that this complies with the laws and regulations to which you are subject (e.g., GDPR compliance, which is a major component of the EU Whistleblower Protection Directive).
Technology
The technology behind the reporting process and incident management software services will differ between providers. Try to discover whether technology offers the key features you require, appropriate security controls and ease of use.
You will be able to take a closer look at the systems on offer by requesting a demonstration from the provider.
Additional services
In addition to a whistleblowing hotline solution, most providers offer other services, such as online employee training, case management software, or policy and procedure management.
Finding a provider that can serve multiple needs in this way, especially if your compliance program is initial stages of development, will help ensure a more comprehensive risk and compliance program.
At NAVEX, one of our many additional service offerings is the thought leadership and benchmarking information we provide to the public. Publications such as our annual Whistleblowing & Incident Management Benchmark Report are a value-add tool that risk and compliance leaders can use to bolster their program with comparative insights and expert commentary.
Next steps in your whistleblowing service provider search
Once you’ve put together your shortlist, you’ll be ready to engage vendors to provide details, product demonstrations and costs.
NAVEX Whistleblowing & Incident Management solutions are trusted by over 13,000 organizations worldwide. We also offer a full suite of compliance program management tools that work together on the NAVEX One platform.
Want to join thousands of satisfied customers and use solutions that will streamline your compliance efforts and keep your business on the right side of compliance?
