Responding to anonymous whistleblowers
By Willie Cheng
The Business Times, 13 November 2017
Many studies have found that whistleblowing is often the most common channel for exposing corporate irregularities, including fraud. For example, the KPMG and SMU Singapore Fraud Survey 2014 showed that 54 per cent of frauds detected were the result of notification by employees and customers.
For that reason, Guideline 12.7 of the Code of Corporate Governance encourages listed companies to establish, and disclose whistleblowing policies and procedures.
A key essential of an effective whistleblowing policy is protecting whistleblowers from being victimised. There is therefore usually an assurance in whistleblowing policies on respecting the confidentiality of information and identities of whistleblowers, and measures to protect them against any unfair treatment subsequent to their disclosures.
Many jurisdictions, including most OECD countries, have also enacted dedicated whistleblower protection laws. In Singapore, there is no universal whistleblower protection legislation but whistleblowers of certain offences are protected under specific legislation; for example, Section 36 of the Prevention of Corruption Act ensures that the identity of a complainant as to a corruption offence will not be disclosed even during court proceedings (subject to exceptions, for example, if there is a willfully false statement).
Nevertheless, despite these protections, a significant number of whistleblowing reports tend to be anonymous. In its 2016 EMEA and APAC Whistleblower Hotline Report, leading ethics and compliance software provider NAVEX Global put that number at over 65 per cent.
To investigate or not?
Whistleblowing cases are usually referred to the internal auditor, and come before the audit committee. The conundrum is whether anonymous cases should be investigated.
Interestingly, the Singapore Governance and Transparency Index awards additional points if the whistleblowing policy states that anonymous complaints will also be investigated.
However, there are many who believe that anonymous whistleblowing reports should be ignored. Not surprisingly, objections often come from the accused parties and those negatively implicated by the allegations. The common arguments are: “If whistleblowers do not have the courage to identify themselves, it is not worthwhile investigating” and “We should not encourage a culture of poison pen letters”.
For a number of reasons, these are not constructive responses.
First, whistleblowers may choose to remain anonymous because of a well-founded fear of reprisal. They may also anticipate discrimination in the workplace on the basis that team players do not “rat” on their own.
Secondly, many whistleblowing reports, especially poison pen letters, can and do go beyond the official whistleblowing channel to a much wider audience. If the allegations are left unaddressed, they will continue to taint the reputation of both the company and the accused parties.
In my view, the identity of the whistleblower should not be the primary reason for the decision to investigate a complaint or not. As an audit committee member, I have seen many spurious accusations (from both named and anonymous whistleblowers), but equally, I have seen more than enough anonymous whistleblowing reports – that have turned out to be accurate – to warrant my belief in the merit of pursuing such cases under the right conditions.
Basis for further investigation
I suggest two tests for deciding whether an anonymous whistleblowing letter should be investigated.
The first asks if the allegations are substantive: if the allegations are true, would this suggest that there is a significant irregularity or misconduct for which the company needs to take action, especially against the accused?
For example, if the complaint is that the award of a major project went to a vendor who failed to deliver, but there was no complaint that the procurement process was irregular, then this is not a substantive whistleblowing case. The situation – with the benefit of hindsight – might reflect poorly on the business judgement of the procurer or procurement team, but this defect can be dealt with through the usual personnel evaluations.
The second test asks if the allegations can be substantiated with the details provided by the whistleblower.
For example, an allegation that “the head of procurement is crooked and on the take” is not helpful; nor can it, in and of itself, be substantiated. However, if the accusation is accompanied by details of specific instances of bribery and improper influencing of the procurement process, then the allegations may be substantiated or disproved through further forensics and audits.
When both tests are passed, a further investigation into whether the allegations are indeed substantiated and substantive should follow.
Identifying the whistleblower
If the identity of the whistleblower is not critical to the decision to investigate, then why even ask for the identity? In which case the need to protect him does not even arise.
There is, of course, value to the company in knowing the identity of the complainant.
A whistleblower who is willing to expose malfeasance should be recognised for his (or her) courage, and weight should be accordingly attached to his allegation.
In addition, whistleblowers are usually insiders to a situation, and know a lot more than what they may have provided in the initial letter. Identifying and having access to the whistleblowers would be helpful to the investigation team during the course of its enquiries.
That said, the fact is that most whistleblowers prefer to remain anonymous. This, by itself, is not a reason to invalidate or ignore the complaint. Anonymity may make it more difficult to assess and follow through on allegations, but it should not detract from the premise that whistleblowing is integral to promoting integrity and detecting misconduct in an organisation.
Willie Cheng is Chairman of the Singapore Institute of Directors.