--- name: afrexai-whistleblower description: "Whistleblower Ethics Hotline" --- # Whistleblower & Ethics Hotline Framework Build a confidential reporting system and ethics investigation workflow for your organization. Covers anonymous intake, case triage, investigation protocols, regulatory obligations, and retaliation prevention. ## What This Skill Does When activated, guide the user through: 1. **Intake Channel Design** — Set up anonymous reporting (web form, hotline, email alias, physical drop box). Ensure no metadata leaks caller identity. Recommend third-party platforms (EthicsPoint, NAVEX, AllVoices) vs self-hosted. 2. **Case Triage Matrix** | Severity | Examples | Response SLA | Escalation | |----------|----------|-------------|------------| | Critical | Fraud >$50K, safety hazard, harassment by exec | 24 hours | Board/Audit Committee + outside counsel | | High | Policy violation, discrimination, data breach | 72 hours | General Counsel + CHRO | | Medium | Conflict of interest, expense abuse | 5 business days | Compliance Officer | | Low | Policy questions, minor conduct | 10 business days | HR Business Partner | 3. **Investigation Protocol** - Preserve evidence before interviewing - Separation of duties: investigator ≠ accused's manager - Interview template: open questions, avoid leading, document verbatim - Chain of custody for digital evidence - Timeline reconstruction framework - Findings memo template (facts only, no opinion) 4. **Regulatory Compliance by Jurisdiction** - **US**: SOX Section 301 (public companies must have anonymous channel), Dodd-Frank (SEC bounty program, anti-retaliation), False Claims Act (qui tam) - **EU**: EU Whistleblower Directive 2019/1937 (mandatory for 50+ employees, 3-month feedback deadline) - **UK**: Public Interest Disclosure Act 1998 (PIDA), FCA whistleblowing rules - **Australia**: Corporations Act 2001 Part 9.4AAA - **Canada**: PSDPA (federal public sector), provincial variations 5. **Retaliation Prevention Checklist** - Document reporter's current performance rating, comp, role BEFORE investigation - No adverse actions (termination, transfer, demotion, schedule change) without compliance sign-off - Monitor for subtle retaliation: exclusion from meetings, workload changes, peer pressure - Mandatory retaliation training for all managers annually - Exit interview flag: "Were you ever discouraged from reporting concerns?" 6. **Board Reporting Template** - Quarterly: # reports received, # open, # closed, avg resolution time, category breakdown - Annual: trends, benchmarking vs industry (NAVEX Hotline Benchmark Report), policy changes made, training completion rates 7. **Policy Document Generator** Output a complete Whistleblower Protection Policy covering: - Purpose and scope - Protected disclosures definition - Reporting channels - Confidentiality and anonymity guarantees - Investigation process overview - Non-retaliation commitment - Record retention (7 years minimum) - Annual review clause 8. **10-Industry Benchmarks** | Industry | Avg Reports per 100 Employees | Top Category | Compliance Focus | |----------|-------------------------------|-------------|-----------------| | Financial Services | 1.4 | Fraud/Theft | SOX, BSA/AML, FCA | | Healthcare | 1.8 | Patient Safety | HIPAA, False Claims Act | | Manufacturing | 0.9 | Safety/Environment | OSHA, EPA | | Technology | 0.7 | HR/Discrimination | SOX (if public), GDPR | | Government | 1.2 | Waste/Abuse | Inspector General, PSDPA | | Education | 0.8 | Title IX, Safety | Clery Act, Title IX | | Retail | 1.1 | Theft/HR | FLSA, state wage laws | | Energy | 1.0 | Safety/Environment | NRC, EPA, OSHA | | Legal/Professional | 0.6 | Conflicts of Interest | Bar rules, SOX | | Construction | 1.3 | Safety/Wage | OSHA, Davis-Bacon | ## Output Format Deliver as structured markdown with clear sections. Include jurisdiction-specific callouts based on user's location. Provide copy-paste policy language where appropriate. --- *Built by AfrexAI — AI agent context packs for every business function.* *Browse all packs: https://afrexai-cto.github.io/context-packs/*