COM 05/2019

Whistleblowing – Cultural Challenges and Opportunities

By Peerapan Tungsuwan, Partner and Head of Compliance, Baker McKenzie, Bangkok

peerapan.tungsuwan@bakermckenzie.com

Whistleblowing, broadly speaking, is a mechanism for employees or others to report wrongdoing, non- compliance and misconduct, or any suspected misconduct or wrongdoing, on a confidential basis.

The whistleblowing mechanism could be different from one company to another but the most common tool is setting up a hotline and appointing a designated compliance officer to handle communications.

Whistleblowing is a tool that allows companies to obtain or gain information from their employees. The 2018 Report to the Nations, released by the Association of Certified Fraud Examiners (ACFE) and was based on 2,690 cases of occupational fraud reported from 125 countries, suggests that employees are those who know about the wrongdoing (see the below chart) of their peers. According to the report, tips are by far the most common initial detection method and employees provide over half of tips.

 

Who reports the fraud
Source: ACFE 2018 Report to the Nations

 

One needs to recognize that a whistleblower has to fight with their fear and other challenges before they decide to report any non-compliance. Let’s explore a few of them below.

Often, people misinterpret the term “trust” or being trustworthy, loyal or loyalty. Mostly these terms are conceived as being associated with a person or a group of people without considering the underlining context or action. The term “trust” and a sense of loyalty often get translated to be that you will not disclose anything even though you are aware of a wrong-doing, such as someone misappropriating properties of the agencies or companies. Put it another way, the wrong doers just abuse the trust people have for them. In this trust area, we perhaps have to also instill in the minds of our young people to call those who come forward and report wrongdoings “hero” or “superhero” – they should not be called “rat” or “snake” or “snitch” or “traitor”. Trust and loyalty must be thought of as being related to fairness and righteousness, and the truth and sense of protecting the organization. Loyalty should be weighed against our duty and responsibility to act for the public good.

People are often concerned about the consequences they might face, if they raise concerns. When I say “consequences” I mean both what they might be getting from the organizations or companies they work in and possible retaliations from their peers or colleagues, whether it be violence or any forms of bullying or even death threats.

Concern over future career advancement is another challenge that makes people reluctant to volunteer information.  This concern frankly is quite valid and, most of the time, obliges people to go with the flow and not to stand out.

People do not feel or think it is worth their time to get involved in possible investigations. Often these investigations end up in court and going to court or working with lawyers are something most people want to avoid. This unwillingness to testify is one of the key challenges to whistleblowing.

People ought to stop turning a blind eye on misconduct and wrongdoing.

With the above examples of misunderstood values, this could mean that while it is considerably more difficult than just training for people to use hotlines or understand the compliance policy, it is perhaps more imperative to help people change their misconception and redefine those values that are fundamental to a strong compliance culture. No amount of training and coaching would be effective, if values are misinterpreted and compliance culture is not there in the first place.

In short, my point is that while it may not be the duty of the private sector, but in order to slowly improve the compliance standard, we may need to add social values on top of legal and compliance policy training to instill and reinforce a culture of good governance and intolerance of bad behaviors, as well as celebrate good behaviors. On this latter point, developing suitable compliance incentives not only demonstrates companies’ commitment to ethics and compliance culture but also motivates employees and fosters trust within the organization that speaking out is respected.

Change of perception and cultural redefining are not easy tasks – it will take a lot of time and effort. However, the private sector, which is more flexible in moving or driving certain standards at least within their working environment, could take the lead and start working on the values in their organizations. This could meaningfully contribute to changing the perceptions and behaviors of those in the organizations.  

As critical as getting the values right, to report wrongdoings, employees must have a full trust in the protection that the company will provide to them. They must feel assured that they will be protected and certain that there will be no retaliations against them, either from their employer, management or their colleagues. Without the trust that the information will be treated confidentially and that sufficient protection measures are in place, whistleblowing measures or tools will not be anything more than just pieces of documents which only serve routine auditing purposes and not something that will assist us in detecting frauds or misconducts.

Protection measures for whistleblowers are even more critical in countries which do not have specific laws governing whistleblowing and protection of whistleblowers. Thailand is one among such countries. Companies or employers must do their utmost to create a culture of good governance and promote trust among their personnel so that they can overcome some of the key challenges and be willing to give information. To achieve these objectives, training and rigorous enforcement against non-compliance matters or fraud must be conducted consistently alongside one another regardless of who the perpetrators are. Personnel who hold high corporate positions or otherwise must also be treated equally and fairly.

Having whistleblowers protection measures in place should be considered a duty of an organization, whether public or private. Without strong protection mechanisms, the whole idea of fighting non-compliance or fraud in the private sector might fail altogether.