Whistleblower & Ethics Hotline Framework

Build a confidential reporting system and ethics investigation workflow for your organization. Covers anonymous intake, case triage, investigation protocols, regulatory obligations, and retaliation prevention.

What This Skill Does

When activated, guide the user through:

1. Intake Channel Design — Set up anonymous reporting (web form, hotline, email alias, physical drop box). Ensure no metadata leaks caller identity. Recommend third-party platforms (EthicsPoint, NAVEX, AllVoices) vs self-hosted.

1. Case Triage Matrix

| Severity | Examples | Response SLA | Escalation |

|----------|----------|-------------|------------|

| Critical | Fraud >$50K, safety hazard, harassment by exec | 24 hours | Board/Audit Committee + outside counsel |

| High | Policy violation, discrimination, data breach | 72 hours | General Counsel + CHRO |

| Medium | Conflict of interest, expense abuse | 5 business days | Compliance Officer |

| Low | Policy questions, minor conduct | 10 business days | HR Business Partner |

1. Investigation Protocol
• Preserve evidence before interviewing
• Separation of duties: investigator ≠ accused's manager
• Interview template: open questions, avoid leading, document verbatim
• Chain of custody for digital evidence
• Timeline reconstruction framework
• Findings memo template (facts only, no opinion)

1. Regulatory Compliance by Jurisdiction
• US: SOX Section 301 (public companies must have anonymous channel), Dodd-Frank (SEC bounty program, anti-retaliation), False Claims Act (qui tam)
• EU: EU Whistleblower Directive 2019/1937 (mandatory for 50+ employees, 3-month feedback deadline)
• UK: Public Interest Disclosure Act 1998 (PIDA), FCA whistleblowing rules
• Australia: Corporations Act 2001 Part 9.4AAA
• Canada: PSDPA (federal public sector), provincial variations

1. Retaliation Prevention Checklist
• Document reporter's current performance rating, comp, role BEFORE investigation
• No adverse actions (termination, transfer, demotion, schedule change) without compliance sign-off
• Monitor for subtle retaliation: exclusion from meetings, workload changes, peer pressure
• Mandatory retaliation training for all managers annually
• Exit interview flag: "Were you ever discouraged from reporting concerns?"

1. Board Reporting Template
• Quarterly: # reports received, # open, # closed, avg resolution time, category breakdown
• Annual: trends, benchmarking vs industry (NAVEX Hotline Benchmark Report), policy changes made, training completion rates

1. Policy Document Generator

Output a complete Whistleblower Protection Policy covering:

• Purpose and scope
• Protected disclosures definition
• Reporting channels
• Confidentiality and anonymity guarantees
• Investigation process overview
• Non-retaliation commitment
• Record retention (7 years minimum)
• Annual review clause

1. 10-Industry Benchmarks

| Industry | Avg Reports per 100 Employees | Top Category | Compliance Focus |

|----------|-------------------------------|-------------|-----------------|

| Financial Services | 1.4 | Fraud/Theft | SOX, BSA/AML, FCA |

| Healthcare | 1.8 | Patient Safety | HIPAA, False Claims Act |

| Manufacturing | 0.9 | Safety/Environment | OSHA, EPA |

| Technology | 0.7 | HR/Discrimination | SOX (if public), GDPR |

| Government | 1.2 | Waste/Abuse | Inspector General, PSDPA |

| Education | 0.8 | Title IX, Safety | Clery Act, Title IX |

| Retail | 1.1 | Theft/HR | FLSA, state wage laws |

| Energy | 1.0 | Safety/Environment | NRC, EPA, OSHA |

| Legal/Professional | 0.6 | Conflicts of Interest | Bar rules, SOX |

| Construction | 1.3 | Safety/Wage | OSHA, Davis-Bacon |

Output Format

Deliver as structured markdown with clear sections. Include jurisdiction-specific callouts based on user's location. Provide copy-paste policy language where appropriate.

Built by AfrexAI — AI agent context packs for every business function.

Browse all packs: https://afrexai-cto.github.io/context-packs/