Ethics hotlines are growing in popularity. In 2017 the South Africa Home Affairs Minister Malusi Gigaba announced over 3,000 officials were found guilty of misconduct related to cases reported via the National Anti-Corruption Hotline (NACH). “The closure rate underscores a commitment by government departments to investigate allegations of corruption as reported through the NACH.” Ethics and compliance hotlines work! Organisations must have an ethics and compliance hotline to help promote the organisation code of conduct and nurture a culture of honesty and accountability. 

Ethical code of conduct: What should be covered?

Don’t opt out of an ethics hotline

The 2019 Global Business Ethics Survey found that more reports of misconduct were made to direct supervisors (a median of 51 per cent) compared to hotlines (6 per cent). However, it is still crucial to have an Ethics and Compliance Hotline in place. Why? Having ethics and compliance hotline shows employees that the business leaders genuinely want to hear from them, making it a great employee relations tool.

Ethics and compliance hotline is an anonymous reporting mechanism. So when the normal channels of communication fail a hotline can facilitate any flagging. They provide an accessible way for employees to report potential wrongdoing, possibly illegal, unethical, or improper conduct; which means a company can better protect itself from fraud, learn of employee misconduct and proactively mitigate any corruption-related risk. Any organisation, despite industry or size, should be 110% committed to having an open dialogue on ethical dilemmas regardless. 

CRI Group encourages everyone to report any wrongdoing. Everyone must seek to maintain transparency to comply with the code of conduct and compliance regulations. We believe that everyone should have a voice, protect yourself, colleagues and organisations that they work for. If your organisation is considering an ethics and compliance hotline, here are some must-knows.

Who can report? And what can you report?

All individuals – employee, clients, contractors, vendors and others in a business relationship with you or your organisation – have a duty and responsibility to report any known or suspected noncompliant behaviour or violations with any regulatory mandates and/or local policies including but not limited to:

  • Ethical standards violations;
  • Violation of laws and company policy and internal control;
  • Risk and safety;
  • Theft, embezzlement or misappropriate of assets and fraud;
  • Bribery and corruption;
  • Employee rights, employee relation, work environment;
  • Privacy laws or security of personal information;
  • Discrimination;
  • A dispute related to a supervisor, HR and other departments;
  • Physical and verbal harassment on the workplace;
  • Issues related to job responsibilities;
  • The report related to a suspicious activity being a witness; and/or
  • Unfair dismissals.

How to report?

You can report your concern using the Ethics and Compliance hotlines at any time 24/7. And an effective Ethics & Compliance Hotline should allow reporting via phone, email, web-based compliant forms and even walk-ins.

How does it work?

This will depend on your organisation structure, however, if you allow reporting directly by telephone, the caller should speak with the Compliance Department directly. The caller can remain anonymous or may want follow-up in which case(s) he will give contact details. If the individual submits a report online, the system should guide the individual through the reporting process, and a PIN number would be generated automatically once they complete the report. The compliance department specialist who receives the tip is then in charged with validating it. This compliance officer typically receives special training on how to gather enough information to ensure the complaint is credible. The tip is then routed to the right department within the organisation such as audit, legal, or human resources. 

What is the process of the investigation?

The Compliance Department or Committee should then review the report and conduct an investigation. The investigation may include an interview with relevant witnesses, review of records, computers, telephones and other equipment in accordance with relevant personal data regulations. The individual that reported will be able to follow the status of the case and to communicate with the Compliance by giving their case number. However, no party can contact the individual directly if you have chosen to remain anonymous. The investigation conclusions and recommendations are reported to Management.

Can we generate anonymous reporting?

Yes, if the individual wishes to remain anonymous when reporting their concern, they can. However, you should encourage the individual to identify themselves where/when possible as this will enable your organisation to investigate the report more effectively. If they provide their names, your compliance department should protect their confidentiality to the greatest extent possible during the investigation. The organisation should have a Non-Retaliation and Whistleblower Policy to help ease the process.

What is a Non-Retaliation Policy?

While on the surface, hotlines may seem a convenient option to receive employee complaints, tips or concerns, often it’s the process that surrounds the hotline which can determine whether it ultimately succeeds or fails. Areas such as employee relations are particularly challenging when it comes to anonymous tips. An organisation needs to have a whistleblower process in place – this is a critical component of any compliance monitoring system. It enables companies to identify and mitigate potential risks at an early stage before they impact on operations, reputation and ultimately financial performance. 

How can we make sure they deliver a credible report?

When reporting an issue, encourage individuals to ensure that they provide as much relevant information as possible, for example, the names of persons involved in the alleged conduct; potential witnesses; appropriate documentation or data; visual evidence etc. Provide them with forms that allow understanding of what they need to submit a credible report, with the appropriate questions and empty spaces for further feedback, including the ability to upload any initial profs. This will allow your Compliance to effectively follow up on the case.

What makes a successful implementation?

  1. A strong and clear message delivered to employees and stakeholders by a senior individual who champions the overall programme.
  2. A clear understanding of how best to engage with your employees at all levels, and in all countries. Remember to take into account country and cultural differences.
  3. A robust internal process to deal with reported issues as laid out in your code of conduct policy or ethics programme.

Are you addressing corporate compliance?

Prove that your business is ethical. Complete our FREE Highest Ethical Business Assessment (HEBA) and evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let our experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.

Find out what’s a Gap Analysis, and why do you need it?

Report with CRI® Group!

If you find yourself in an ethical dilemma or suspect inappropriate or illegal conduct, and you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously use the reporting process in this Code of Conduct, including the Compliance Hotline. The Compliance Hotline is a secure and confidential reporting channel managed by an independent provider. When reporting a concern in good faith, you will be protected by CRI® Group Non-Retaliation Policy. 


CRI® will not accept any retaliation or discrimination against any employee or external stakeholder who uses our Compliance Hotline in good faith or participates in an investigation. Any employee who breaches the policy will be subject to disciplinary actions.

About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.



Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (, a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organisations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.


Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e:

Share Insights