Blog | Best Practices for Whistleblowing
“We need to make sure our laws are worth the paper they are written on. Protecting whistleblowers who report suspected breaches of EU law is one way of doing this…”
Frans Timmermans, European Commission First Vice-President
Dieselgate, Cambridge Analytica, LuxLeaks—these are a few high-profile scandals that come to mind when discussing the European Commission’s proposed legislation to strengthen whistleblower protections. The new legislation comes not a moment too late as Barclays’ CEO faces up to a £2M fine for trying to uncover their 2016 whistleblower. As noted by the Financial Times, “Faith in companies’ internal procedures for protecting whistleblowers has also been shaken.”
The proposed legislation would require extra measures from organizations, public and private, aimed to protect whistleblowers. Even companies in European countries with more advanced whistleblower protections—like the UK—would need to take extra measures under the new legislation.
Internationally, the evolution of whistleblowing (and protection for whistleblowers) seems to accelerate post massive scandals. The US securities and finance sector strengthened its whistleblower protections in the aftermath of the financial crisis in the late 2000s; under part of this strengthened whistleblower program, the US Securities and Exchange Commission (SEC) recently awarded a record $83M to three whistleblowers in relation to a Bank of America Merrill Lynch tip.
Love Your Whistleblowers
The onslaught of high-profile scandals shines a spotlight on whistleblowers—and how to protect them in today’s world laden with seemingly pandemic corporate misgovernance. It is an issue that touches organizations of all sizes in all industries. For business leaders, how can you encourage and protect whistleblowers? And how can you leverage their insight to drive higher performing organizations?
Those are the questions asked of international General Counsel and Compliance Officer, Sara Habberstad, in the webinar, “Love Your Whistleblowers.” The following are four best practices recommended as a good place to start:
Step #1: Protection
The first step absolutely required for any organization to have whistleblowing in place is protection. If an employee cannot be protected from sanction, they will not come forward with their issue. Then, the company is at risk of not getting much out of whistleblower insight; employees won’t dare to come forward!
That being said, there are examples where employees have come forward regardless of retaliation and repercussions. But, as an organization, you cannot be guaranteed that employees will take such a risk. Most don’t. As a best practice, you need to protect whistleblowers if you want employees to genuinely come forward and share their insight.
As with the proposed whistleblower legislation, protection is partly provided by legal regulations and requirements. The US, UK and Nordics, for example, have laws that protect whistleblowers and limit the ability of companies to retaliate against employees that bring forward issues. However, even where there are whistleblower regulations, it's still important to implement your own organizational rules. Have your own Code of Conduct and your own Whistleblowing Policy. Establishing internal standards that adequately protect your employees is of huge importance. If you don't do that, you risk not getting any input at all. Protection—that's the baseline.
Step #2: Incentives
The next step is incentives. There should be something that encourages whistleblowers to come forward. This element might drive an individual to report an issue even if they are at first reluctant to do so. For example, the US has incentives, monetary rewards, for some types of whistleblowing under the US SEC.
It’s not always possible for an organization to have a monetary reward, but businesses can also provide incentives in other ways such as public praise (if agreed to by the whistleblower, of course!). There are things that a company can do to create incentives for their employees. The bottom line is there needs to be a positive drive to blow the whistle. What that is can vary from market to market, company to company.
Step #3: Blowing the whistle must be possible
The third step is that it must be possible to blow the whistle. There needs to be a system in place for the person who wants to blow the whistle. There may be an employee that need to report an issue, feel safe doing so and have incentives, but they have no idea how to go forward. Who do they call? How do they send a report? There needs to be a clearly articulated method to blow the whistle.
Legislation varies by country here too. Some countries have legal requirements around whistleblowing processes. In Norway, it is a legal requirement for a company to have a system in place for employees to blow the whistle. That’s not the case everywhere. But any company can create a whistleblower policy outlining to all employees how blowing the whistle should be done.
Lastly, the whistleblowing process must be supported by systems in place whether that is internal hierarchy, internal communications or software. The crucial element is that employees must know what they need to do to report an issue—and be able to accomplish that process in practical terms. If this isn’t in place, you run the risk of not getting all issues reported.
Step #4: Blowing the whistle must be easy and safe
Finally, the fourth step is to make blowing the whistle easy and safe. The process that you have in place should be extremely easy and time efficient to use. Just like other business areas, if your process isn’t easy, there are built-in barriers which automatically lowers your adoption and usage rates. That means you are losing critical insight.
Related to step one but slightly different, the process must also ensure the safety of the employee after they blow the whistle. An employee may be protected in practical terms but feel unsafe with their manager, other colleagues, the organization, or within the work environment altogether. It’s not enough to protect employees; blowing the whistle must be safe.
In today’s environment, this basically boils down to technology. Technology can ensure ease of use, and thus adoption, as well as ensuring safety within the work environment after they blow the whistle. With technology, it is possible people within the organization might not even know who blew the whistle in the first place. To that, there's really only one path that protects and ensures employee safety—to provide an easy system with the possibility to give anonymous reports.
The Value of Anonymity
There can be many reasons why employees want to be anonymous when blowing the whistle. Some may fear losing their job or getting laid off, others fear their manager or colleagues knowing they reported an issue. The social pressures and the types of retaliation that can occur within the work environment are very real and strong fears when employees go to blow the whistle.
Anonymous reporting addresses a lot of these issues around whistleblowing. It can also address the lack of legal protection. For example, anonymity overcomes a country’s lack of whistleblower protection because by its nature, it will be a lot easier for employees to come forward while being safe and protected.
How can organizations encourage, protect and leverage whistleblowers and their insight? The answer to this question is invaluable as executives everywhere look for ways to reduce their operational risk, protect the business and drive higher-performing teams. It is not enough for organizations to have a just a whistleblower policy, they need to embrace a proactive approach to whistleblowers and continuously listen to their employees throughout the organization.
As an employer, if you want to be sure that you get the information that is among your employees—insight that you need to reduce your risk, protect the organization and improve operations—these four elements are required for a successful whistleblower strategy.
About the Speaker
Sara Habberstad | General Counsel at Questback
Sara Habberstad is a formidable attorney with more than 20 years of contract and legal experience in international enterprises. Contributing an impressive track-record of legal, risk management and compliance expertise, Sara serves as general counsel for Questback. She leads the legal, compliance and risk management functions for Questback’s operations spanning 19 countries. Sara’s passion for equality, transparency, accountability and compliance is second to none. She regularly contributes thought-leading pieces on executive leadership and enterprise operations focusing on governance, compliance, stakeholder relations and risk management.
Sara joined Questback in 2014. Prior to Questback, Sara held legal counsel positions at some of the world’s largest international companies. She was previously senior legal counsel at Siemens and contracts director at SAS Institute. Sara is an alumnus of the University of Oslo where she completed her Cand. Jur.