C-RM 1-2: Policy Addressing Reporting of Violations
This standard requires your organization’s compliance policies to:
- Protect individuals reporting violations of ethical, regulatory, or legal requirements;
- Address the consequences of failing to report violations; and
- Protect the confidentiality of anyone reporting violations.
It will be important that your entire staff know about the mechanisms described in this standard. Be sure to include it in your compliance training.
The same set of P&Ps and/or program description you use for C-RM 1-1 should work here. Just make sure those policies have solid whistleblower protections and mechanisms to require reporting of violations.
This standard will be covered in the interviews of compliance-relevant management (including but not necessarily limited to the Compliance Officer), as well as interviews with staff throughout the company.