Deal Radar 2010: EthicsPoint,Oswego, Oregon

EthicsPoint helps clients to mitigate and manage compliance and organizational risk. The company offers integrated telephone and Web-based reporting hotlines and case management services that clients can use to identify, report, investigate, and resolve issues and events that may not be in line with their codes of conduct or governance policies.

The impetus for EthicsPoint, based in Lake Oswego, Oregon, came from two certified fraud examiners – one a former police officer, the other a former Secret Service agent. They envisioned combining the then-exploding use of the Internet with their real-world expertise in fraud awareness and investigations. In 2002, David Childers, an expert in compliance, risk, and governance, was brought on as CEO to further grow the company.

Prior to EthicsPoint’s market entry, “whistleblower” hotline providers offered their services via the telephone only. If someone wanted to file a report, they would call a designated number and operators would transcribe the information and fax or mail the report to their client company.

The founders of EthicsPoint, which operates solely though an online, subscription-based model, recognized a number of opportunities to make such reporting more efficient: the Internet provided another way in which people could make anonymous, confidential reports, and an SaaS solution streamlined the transfer of the initial report to the client organization; rather than waiting for a fax or mailed report to arrive, it could notify the appropriate person immediately. Third, this software solution could be used to ensure consistency in methodology and documentation through the investigation of the reported issue. And finally, by storing all the information in a centralized database, customers would have the ability to run analytical reports to identify patterns or trends of risk within their organization.

The hotline market had been created in the 1970s in response to government spending abuse, but when EthicsPoint entered the market in 1999, there had not been a new entrant in eight years. Initially, EthicsPoint designed and deployed its solution to support best practices with respect to laws, regulations, and standards such as Sarbanes-Oxley because it thought it would be working primarily with internal audit and corporate compliance stakeholders to collect and manage information they received regarding financial irregularities such as fraud, waste, and abuse.

As reports began flowing into the system, however, EthicsPoint observed that it would not be possible for an organization to control the nature of reporting and simply limit intake to a single component of its code of conduct. Financial misconduct was reported, but employees, coworkers and in some cases, the general public, reported all issues that they felt breached the company’s code of conduct and/or presented a possible risk to the integrity of the organization. These included harassment, discrimination, theft, wage/hour violations, unsafe working conditions, and so forth. Individual departments were taking the data collected from their hotline and storing it, along with data received in face-to-face conversations and other venues, in disconnected local databases that lacked cohesiveness and transparency. The owner of the hotline – typically the compliance office – became dependent on the ability of multiple individuals from multiple departments to accurately record, manage, and present the information held in their local databases in and to report back to the hotline owner the resolution of the cases that had come in through the hotline because senior management and/or the board of directors wanted to know more about the risks to the organization.

EthicsPoint thus realized the benefits of offering a centralized solution that could be configured to meet the individual needs of departments while enforcing consistency in terminology and investigative methodology. As the company shared these observations with prospective clients, its growth rate accelerated.

In 2009, the market for integrated hotline and case management solutions was approximately $75 million. However, one analyst has posited that the addressable market is $5 billion, with the difference being the prevalence of spreadsheets, homegrown databases, and ad hoc processes. EthicsPoint says that this $5 billion claim is defensible: Sarbanes-Oxley mandates that every public company provide a mechanism for employees and others to anonymously report potential financial misconduct. This mechanism, however, does not have to be outsourced to a provider such as EthicsPoint, and it is estimated that more than 30% continue to operate internally. What’s more, both public and private companies as well as not-for-profits and educational institutions have numerous areas to monitor: discrimination, harassment, pollution, labor policies, badge access, student safety, NCAA compliance for athletes, research regulations, corporate social responsibility (CSR), and donor regulations, to name a few.

EthicsPoint is currently profitable. On a GAAP basis, 2009 revenue was $15.88 million (~23% YoY growth). Revenues have grown approximately 350% over the past five years and EthicsPoint has consistently been one of the fastest-growing companies in Oregon. The past two years have been especially good: EthicsPoint added more than 50 employees and has begun 2010 well above budgeted revenue projections. The company’s historical average for customer renewal exceeds 96% (98% in 2009) on a client basis. All investments ($4.1 million) were seed and angel investors, each of whom owns no more than 10% of the company. No institutional funding was used. EthicsPoint is growing at a double-digit rate and has no current plans to raise any money.

EthicsPoint currently has more than 2,300 customers across a range of industries from aerospace and defense to media and communications. Banking and financial services clients are the most heavily represented, and there are a significant number of clients in education; healthcare, pharmaceuticals, and life sciences; and construction and manufacturing. Customers range from Fortune 100 to small publicly- and privately-held companies.

EthicsPoint operates in a crowded, rapidly growing market. As the Portland Business Journal points out, there are more than 500 competitors. But EthicsPoint believes it has a first-mover advantage in various aspects of its service: integration of the hotline with other incidents, customized Web reports, reporting via cell phones and handheld devices, software and services to address European Union data privacy laws, and a data center outside of the United States for foreign companies storing confidential data within its borders.

The company plans to grow organically and through acquisitions and is investing in expansion to international markets for the core business. While there are no immediate plans for an exit, “Consolidation is a fact of life,” says Childers, who realizes the company could be an acquisition target itself.

Recommended Readings
Deal Radar 2008: Archer Technologies
Deal Radar 2010: Firm58
Deal Radar 2009: Sonoa Systems

This segment is a part in the series : Deal Radar 2010