The Whistle Blowing service helps the board and management to monitor possible blind spots
What your employees know about your company that you don't?
Internal whistleblowing channels will become mandatory for listed companies and insurance companies. This obligation is based on an upcoming update to the Finnish Securities Market Act and the amendment to the EU Directive, which will constitute the obligation to cover the whole of Europe. This obligation already exists for investment services firms as well as credit institutions. Additionally, the EU Directive on money laundering or terrorist financing, which includes obligation for an internal whistleblowing channel, is currently being discussed in Finland as well as in other European Union countries.
The new requirements set forth obligation for listed companies to organise a whistleblowing channel through which staff can report their suspicions of any market distortion to an independent party. Although the change may seem like yet another new addition to listed companies' plethora of obligations, the whistleblowing channel can bring both further depth and the needed tools for an internal audit, internal control and risk management. Carefully structured whistleblowing functions formed as a part of code of conduct are an integral part of a company's risk management and responsible corporate culture.
The whistleblowing channel – or the Ethical Channel, as we call it, is according to the ACFE's recent survey the most effective way of detecting unacceptable behaviour and practices within an organisation. According to the ACFE survey, almost half of the fraud cases detected were brought to attention through tips from the whistleblowing channels. This survey also found, that the organisations that put their whistleblowing channel in the public domain received more than half of the tips from their own employees. The ACFE's survey also estimates that a typical organisation loses approximately 5 % of the annual revenue to fraud. What would your organisation do with an additional 5 % revenue?
According to BDO's international network of experts, the integral part of the success of this ethical channel function is that the local language selection is made available in all jurisdictions. This significantly increases the chances of receiving tips of unethical behaviour. The importance of the local language is highlighted within companies with elevated volumes of employees working specifically in manufacturing or service production.
A study on Corporate Governance and Compliance Hotlines which was conducted by Navex and supported by BDO expertise revealed that about 80 % of the reports came directly to the channels without prior notice to management. Therefore it is a noteworthy observation that there is a high demand for skip-level reporting. The impact of the ethical channel function can have a significant effect on corporate culture and other aspects, such as the internal atmosphere and procedures.
Whistleblowing channels are perceived in various ways due to a country’s political history. This emphasises the importance of clear communication and independence of the position of the personnel in the process of handling the reports that come through the channel. The stereotypical Scandinavian company is often perceived as accountable and flat organisation with a low-key expert type of professionalism. This however, is a red flag for being too naïve, and it has been said that every now and then, controls may be lacking, and questioned how strong is the blind trust on the local executive management. The ACFE survey shows that management fraud committed by management and executives collectively adds up to approximately half of the total volume of fraud cases. Therefore the Ethical channel monitors where the boards and management teams’ eyes do not necessarily see.
The best practice in whistleblowing is considered to be conducted outside the chain-of-command. Good candidates for this work within an organisation are the legal and internal audit functions. In many cases the actual work is given to external parties to ensure both independence and an objective view. According to BDO's experience, in countries where anonymous reporting is made possible, about 70 % of the reports are sent anonymously. This brings to our attention that there is a fear of retaliation and forms of backlash. The flip side of this anonymity is that the anonymous reports are often more difficult to properly investigate. In Finland and Western society anonymous reporting is permitted by law, but it is recommended that the anonymous reporting should not be the primary option used to expose wrongdoing.
We who work within the internal audit and forensic services are convinced about the necessity of the changes in regulation. However, the way the new requirements become applied to practice is in the hands of the board members and audit committees. While some companies will want only to formally fulfill the requirements of the legislation, some others will observe its benefits as broader part of the GRC (Governance Risk Compliance) entity. Which one of these two approaches is more beneficial for your business?
The article is based on a blog entry first published in Talouselämä online magazine
This blog is also available in Finnish