Whistle-blowing Insight: Technology is just the start

I thought I would share some insights from some of the work we are doing with a range of clients at present around the hot topic of the moment: whistle-blowing.

There is a lot of talk about whistle-blowing at present (and for good reason) and with scandals now becoming a weekly occurrence across major corporates, sporting organisations and now universities, often I am asked for advice and assistance from clients on how they can tackle these issues head on, get an early heads up on potential misconduct before it becomes a crisis and encouragingly – how can they protect those who are brave enough to speak up in the first place.

Flavour of the month: Technology platforms

Perhaps one of the hottest topics around this discussion of late is the use of technology platforms in Whistle-blowing programs. For example in our business, we have partnered with Whispli – a tool that enables secure, anonymous two-way communications with whistle-blowers. It’s a great tool and our clients love what it brings to their program.

Globally, the largest company that specialises in ethics-style hotlines is Navex Global. Navex have literally thousands of clients and over time they have developed their own proprietary technology platform to help them manage disclosures for their clients. I have never used it so I can’t comment on how good it is.

Closer to home, other whistle-blower hotline service providers are going down the same path of developing their own in-house technology platforms to protect whistle-blower disclosures.

These are all positive developments. Positive developments for whistle-blowers who should now have access to safe and secure methods to report suspected or actual improper conduct and positive for organisations that are serious about dealing with whistle-blowing properly and can see the value an effective program has on improving their organisational culture and the conduct of their employees.

As much as these tools are great, they really are just that – a tool. They are simply a tool that can be used and leveraged to manage your program. But an effective whistleblower program is more than just the technology that supports it and that is why we are often called upon for our advice and support.

So you have chosen a technological solution to support your whistle-blower program but what’s next? Good question. Often organisations realise that implementing a technological solution is not as simple as it sounds and in fact, the entire program needs to be designed to support the technological solution.

Is the policy right? Does the framework and underlying operations of the program support the intent of the policy and the organisation’s commitment to whistle-blowing? Are those charged with overseeing or responding to whistle-blowers adequately trained? These are all good questions which often only lead to more questions and less answers.

This is where we often get called in. Companies make a decision to overhaul their whistle-blower program and decide to implement a new technology solution but soon realise it’s not as simple as it sounds.

So what is involved in getting your whistle-blower program up to scratch and implementing a technological solutions?

Let’s go over a few important elements that can make a massive difference to you having an effective whistle-blower program that your employees actually use (crazy concept I know right?), versus one that simply ticks a compliance box while senior management sit around holding their breath and hoping for the best.

1. Commitment and Tone from the Top

This might sound obvious and should go without saying, but for a whistle-blower program to be effective it needs a firm commitment from the senior executive team and the Board. Easier said than done.

The reality is I often hear from folks who say they are too worried about letting their employees speak up for fear of what might actually come out. What they don’t realise is that regardless of their position on the topic (think bullying, harassment and misconduct at a minimum), improper or unethical conduct is most likely occurring within the organisation and when it is left unchecked it has a detrimental effect long-term on the culture of the organisation, morale of employees and the organisation’s ability to recruit and retain top talent.

2. An effective and simple policy

Let’s be honest. Policies are boring. They are essential for any organisation to set the tone of expected behaviour and to articulate the organisation’s attitude and response to certain issues but, often these policies are too wordy, overly complicated and difficult for employees to understand, providing they could locate them in the first place!

Often the whistle-blower policies we see ¬†are written with the organisation in mind and put employees second. Some have really onerous obligations on the type of conduct employees can report and the information they need to supply and leave employees feeling little confidence that their matter will be taken seriously and that they won’t be adversely impacted for speaking up.

A good whistle-blower policy, at a minimum, should clearly articulate the organisations commitment to whistle-blowing, encourage persons covered under the policy to report suspected or actual improper conduct as early as possible (i.e. not placing the onus on the employee to collect evidence and investigate before reporting) and make it very clear that those who seek protection will not be persecuted or adversely impacted as a result of them speaking up.

This is just a start. We are focusing on getting clients to consider what happens post a whistle-blower investigation to ensure the individual isn’t adversely impacted and there are mechanisms in place to check in and monitor this over an extended period of time.

3. Scope & Operating Model

This is where we really get in and roll our sleeves up and is the part I enjoy the most. This is where you get into the trenches and have some really interesting discussions with those who are trying to improve the way the organisation responds to and treats whistle-blowers.

Whilst a technology solution is great, in order for it to work you need to spend time working through the scope of your program, who is covered, what types of matters can be reported and who will receive those reports in order to respond. This isn’t as easy as it sounds and often organisations get bogged down at this part of the process.

We call this developing the operating model. If you are trying to do this yourself and are getting stuck, email or call me and I am happy to answer any questions you have. Each organisation is different and therefore has different requirements for their operating model.

4. Roles & Responsibilities

Setting aside say the ASX top 50 companies, the reality is most organisations don’t have the internal scale to justify having dedicated resources who are trained in whistle-blowing. As a result we see a range of approaches but one of the most common is where the Company Secretary is charged with overseeing the whistle-blower program and receives reports that are made, usually via a dedicated email address.

This can be problematic for a few reasons that we don’t have time to fully go into here in this article. Some of the issues with this approach include the reporting channel itself where the employee can be identified or has to create a bogus email address to remain anonymous.

In addition, if the Company Secretary is charged with receiving and actioning whistle-blower reports it can reduce the number of reports made about senior employees involved in improper conduct. Given we know that most serious fraud and misconduct issues are perpetrated by senior executives, this is perhaps one of the biggest reasons a whistle-blower program needs to be set up correctly to both encourage reporting and to protect the CoSec from being unfairly criticised.

Consideration also needs to be given to dedicated a formal Whistle-blower Protection Officer (WPO) and Whistle-blower Investigations Officers (WIO). If you need more information on these roles and why they are important, send me a message.

5. Marketing & Communications

What good is a kick-arse whistle-blower program if you don’t take the time to tell your employees about it? Not much. Funnily enough it still amazes me just how many organisations don’t place enough importance on this aspect. They have a policy, put it on the intranet, set up an email address and then don’t tell anyone about it.

The organisations who are doing well in this area (think ASX Top 20, Big banks etc) recognise previous deficiencies and now see the probative value of being proactive, communicating often and being transparent.

Check out the Australian Bankers Associations 6 Guiding Principles here for more information.

6. Education & Training

This is becoming an increasingly important focal point for organisations. Recent scandals and issues have highlighted that often, those charged with receiving and investigating whistle-blower complaints are either inexperienced or haven’t been trained on the organisation’s expectations.

When we work with organisations on designing and implementing their programs, education and training forms an important part of both the implementation process, as well as the ongoing management of the program.

At a minimum, you need to ensure that those who are accountable for receiving and responding to whistle-blower complaints understand the organisation’s policy and framework for treating whistle-blower complaints as well as any legislative obligations that may apply to their industry.

7. Regular audits or reviews

The size and maturity of your organisation will drive this last component. For smaller organisations it can be difficult to find the capacity, experience and dollars to conduct regular program reviews.

For larger organisations, with dedicated risk, compliance or audit functions, they are well served when they incorporate their Whistle-blower programs into their annual or bi-annual reviews.

Another good way to ensure your program is top notch and keeps pace with industry best practice is to periodically conduct an independent review of gap analysis.

Independent reviews can be highly valuable to identify how the program is performing, any gaps between the policy and intended operating model to what is actually occurring. Throw into the mix conducting a dip-sample review of reported issues and the whistle-blower’s experience and you will be in pole position to continually evolve your program.

In closing

Technology is great, and you really should be looking at what you are currently using to manage your whistle-blower disclosures and whether it is cutting the mustard. Look into what exists in the market but remember, technology is just a tool and underpins your program. It is how your program is structured, and how your technology is implemented that is the important part.

If you would like more information on any of the above feel free to reach out to me directly. We are always happy to answer questions and our aim is to transform whistle-blowing, one organisation at a time.


Dirty Rotten Scoundrels


We are all familiar with the 1988 classic comedy film Dirty Rotten Scoundrels, starring Michael Caine and Steve Martin, where two con men from different backgrounds try to out do each other in swindling $50,000 from a wealthy heiress. The film is set in the French Riviera where the rich and famous play. As the movie plays out, both men try and out do each other to gain free meals and access to large sums of cash.

Sound familiar? If you have been paying attention to the news over the past few years it sounds like it could be set in a local council, state government ministers office or union headquarters.

Dodgy councillors, crooked government ministers and entitled union reps. The past few years has seen a raft of public officials exposed for fraud and corruption ranging from multi-million dollar frauds, conspiracies to defraud, large scale bribes and kick-backs, not to mention the misuse of public and member contributions to fund lavish their lifestyles.

It’s great to see some of these issues starting to get exposed but the real question is: Just how big is this problem?

Answer: I reckon its Big with a capital B. This is only just the tip of the iceberg.

The disturbing part is to stop and think for a moment at just how long this type of behaviour has been going on and just how much money has been defrauded and misused across councils, unions and government departments over the years.

There is no doubt the tide is turning in the court of public opinion, perception and expectations when it comes to this dodgy conduct.

Whilst it has never been acceptable to commit fraud, have undeclared conflicts of interest and use public money as your personal piggy bank, the tide is now turning with those witnessing dodgy conduct more willing to speak up and report it.

What is interesting is that in the public sector there are pretty strong mechanisms in place around fraud and corruption as it relates to public officials. There is prescriptive legislation by virtue of the Public Interest Disclosures (PID) Act which outlines expectations, requirements and protections for those making disclosures on fraud, corruption, misconduct and maladministration.

The legislation is often supported with various government agencies charged with investigating corrupt conduct involving government employees and public officials.

When compared to the private sector, the government appears to be streets ahead from a policy and legislative perspective. And perhaps the scandals that have come to light over the past 5 years around the country are indicative of the progress being made.

Despite these scandals, I suspect the problem is much, much bigger than any of us realise across federal, state and local government departments when it comes to undeclared conflicts of interests, hidden beneficial ownership in companies, kick-backs and cash-in-kind benefits. Likewise in the private sector, I suspect there is far more fraud and corruption than is being uncovered.

The relative success achieved in the past few years across both the public and private sector in uncovering fraudulent conduct and corrupt schemes should be applauded but it’s just a start of what is sure to be a long journey as we turn the dial on integrity and appropriate conduct.

To support this we need strong public messaging from government and corporate leaders far more regularly who make it clear that this type of conduct is not acceptable. And for those being caught, strong sanctions need to apply. I was thoroughly impressed (which is rare) in the sentence handed down to former NSW Resources Minister Ian Macdonald who was sentenced to 10 years for misconduct in public office. It is tough sentences like that, along with sacking and referral to police for private sector employees that will assist in turning the fight against fraud and corruption.

It is often easy to enact a new piece of legislation or a new corporate policy to say that you are taking these issues seriously however one of the most important aspects often overlooked is the effectiveness of your underlying operation to support the policy.

Here are some questions to consider:

How does it work in practice? Do the leaders of your organisation regularly promote their position on speaking up? It is one thing to have a policy and tick the box but how often do the leaders of your organisation talk about fraud, corruption and the organisation’s expectations? Leaders should be weaving into their messages regularly their stance on encouraging people from across the organisation to speak up.

Can your employees or members report issues safely and easily without fear of either being identified or suffering retribution? Can they report suspicions without being ridiculed? I often hear from those charged with managing their fraud and corruption response that they don’t want people to report all kinds of issues, have too many reports and so on. This is crazy talk. If you set the tone and make it safe to speak up you can put measures in place to effectively assess reports. Sometimes you need a few data points on an issue to launch an inquiry, if you discourage people from reporting hunches or suspicions you might miss an issue.

Is there a clearly defined process for assessing those reports and ensuring there is an independent approach to investigating the issues? Too often organisations handle tip offs internally which discourages people from speaking up, especially against senior executives for fear the matter will be swept under the carpet. An email managed by the CEO or Company Secretary’s PA. This isn’t really an effective way to encourage people to speak up. Sure you have ‘ticked the box’ and complied with your obligations but more can be done.

Are there the right mechanisms in place to protect those who speak up? How often do we hear about a whistleblower or someone who speaks up being made redundant a few months later through an organisation-wide restructure? Too often and it’s disgraceful. Have a person charged with overseeing your whistleblower or PID program is essential and their role is to ensure that both the protection and welfare of the person reporting is maintained.

Do those investigating have the right skills, capabilities and independence to do their jobs effectively? How many times do we hear about a personal assistant, the cleaner (joking) or chief executive conducting the investigation themselves? Too often. Last time I checked there aren’t too many PAs or CEOs who have been trained to conduct investigations, interview witnesses and table allegations to those suspected of committing fraud. There should be a clear separation between those charged with looking into an issue and those who will review the outcome and make a determination regarding consequence. Sounds simple I know but you would be surprised how often this doesn’t happen.

Lastly, does the organisation walk the talk when it comes to consequences? Once fraud or misconduct has been proven do they do the right thing and take appropriate action on those found guilty by terminating their employment and where they suspect criminal conduct refer to law enforcement? This is one of the biggest areas where all organisations tend to let themselves down. Too often I hear of examples where companies fail to apply an appropriate outcome, refer the matter to law enforcement and communicate to the rest of the organisation the consequences of committing fraud.

In Dirty Rotten Scoundrels, we see our two main characters Lawrence (Caine) and Freddy (Martin) so focused on their own misdeeds that they fail to realise that they have in fact been duped themselves. The parallel here is for those charged with mopping up a fraud or corruption issue. Don’t get so bogged down in the issue and trying to keep it quiet that you miss the bigger opportunity in front of you. Be firm on applying an appropriate consequence for those who commit fraud, be as clear and transparent as you can legally in your communications to the rest of the organisation regarding what has happened and what actions you and the organisation have taken.

It might not seem it at the time, but you have a real opportunity to turn a negative incident into a positive learning opportunity for your organisation.