Did you miss our webinar on whistleblowing a few weeks back?
If so, as an AGRC member, you can review the event’s full transcript in your Member’s Area.
Just log in below to access this and plenty of other resources.
A special thank you to our two panellists for taking the time to discuss this fascinating subject with us and providing us with plenty of insight into its nuance, regulatory framework, and interesting case studies.
- Sarah Afshari, Founder & Managing Director, DISS-CO, Germany
- Steve Young, CEO, Association of Corporate Investigators, UK
For now, we leave you with some of the event’s main highlights.
What are some of the main challenges that individuals face when they want to blow the whistle?
Steve Young: “I think their biggest challenge, although I do think it’s changing, is that for a lot of people, there’s some different camps that think we should no longer call it whistleblowing, I think they should maybe call them a reporter, but I think that’s kind of difficult because whistleblowing is the word that people understand, even if they don’t know the definition, they pretty much get what it is. But I think that challenges really are to do in the retaliation space, it’s the fear of losing their job, it’s the stigma that’s attached to it, it’s the fear of what the future holds in terms of future employment. But it’s challenging on, certainly ones that I’ve dealt with, I would also put health and well-being and the impact on their family if they have one, it’s pretty much high on the list.”
What are some of the factors that would encourage an individual to come forward and blow the whistle? Do reward systems for whistleblowing actually work?
Sarah Afshari: “I think there are two kinds of motivations: intrinsic and extrinsic motivation. So the one part is looking for a better working environment, so they think that when they report something, a misconduct, fraud, or bribery, then it will change something. So this is intrinsic. But I also experienced that many people or some people report when it’s too late, when they already are at the end of the process, they are leaving the company or they have already left the company, not physically, but mentally already left the company, and report something because they say, “Okay, the negative consequences do not bother me anymore because I’m leaving.” So, yes, there are different motivations for that and our work is motivated by awareness raising to implement a process for the employees to report misconduct earlier, not when it’s too late.”
How can organizations prepare to handle whistle blowers or protect whistle blowers? Can you give us three, four or five tips that organizations can take to better protect whistle blowers?
Steve Young: “That one’s always challenging because if we take the biggest cases and the biggest sort of whistle blows in the world, certainly the ones we know about, for some reason these whistle blowers always get exposed, whether they make the decision themselves to go public or through other means, so the whole thing is only going to work for employees at all levels if they’ve got absolute confidence in the process. So it’s absolutely imperative that when we say you will be kept confidential, you will be anonymous, that that is upheld. And I think that’s enormously challenging because if I say at the beginning it’s their fear of retaliation that drives them to the whistleblowing channel, then satisfying them that we can do this and we can keep them confidential, it is probably the most challenging thing. Certainly, from the investigation side, it takes slightly more skill for whistleblowing investigations than ordinary investigations because you don’t want to say something or do something which inadvertently points a spotlight at who may have raised the concern. And I mean that is enormously challenging and takes great care.”
“Again, if I might just say on this point, my view is where you want to be as an organization is that the tone from the top and the culture is such that employees and staff can raise issues in the complete confidence that the company or organization are going to deal with them properly and give you respect without the need for you to resort to a whistleblowing hotline or email and even resorting to that being anonymous. For me, the ideal state, which is probably unattainable, is that the people working within an organization feel comfortable in the environment to raise a concern without having to resort to whistleblowing, and I think all the people on the call would agree we’re a long way from that.”
Sarah Afshari: “Totally agree on the steps done from the top, policy implementation, speak up culture, and implementation of learnings to raise awareness, practical tips.”
“And there is one point, Steve, I do not agree. We know that emails are not secure, so I’m not doing an advert for my company, but I’m just saying there is a possibility with many providers to have a very secure communication channel and provide anonymity to the user with a web-based solution. And the use of the web-based solution is rising. You have a look at emails. Let’s take the email example. You have a general email like compliance at Association of Corporate Investigators .com, and I want to blow the whistle, I want to send you a fraud case. So what should I do or what I need to do to stay anonymous when I think that email is anonymous, and I create an account and then send you sensitive information through this email account, which is not encrypted to your account.”
“So who has this information? I have it on my private device, I have it in my private email folder, and I send it to you non-encrypted, non-blackened, and without removing metadata, which many users don’t know what it is, to your account. So I mean it’s obvious but it’s a big risk for the company because the email provider, which is usually a US provider, processes the data without letting you know who has the data and, on the other hand, maybe I’m liable because I use the private account and my private-end device to send to your company internal information, which might be sensitive. If we look at a hospital, which deals with patient information, this is a very sensitive area or other areas, so email is a no-go for me.”