Whistleblowers may feel gagged in the current UK corporate climate
Despite legal protection, whistleblowers may feel gagged in the current UK corporate climate. Mike Comer explains
Sherron Watkins at Enron, Cynthia Cooper at WorldCom and Coleen Rowley at the FBI all demonstrate the value of employees bringing wrongdoing to light. But the treatment of Paul Van Buitenen, an internal auditor at the European Commission, and Marta Andreasen, the chief accountant there, must make people wonder why they should risk voicing their concerns, and clearly sends a very discouraging message to any other Commission staff with concerns.
Coleen Rowley was praised by the director of the FBI for bringing its ineptitude to light, whereas Marta Andreasen was suspended by the Commission. The different treatments demonstrate the essential conflict in our attitudes to whistleblowers. Some say they are to be praised for their public spirited honesty; others maintain that they are just disgruntled employees who are not part of the team and not to be trusted. Of 230 whistleblowers questioned in a mid-90s survey, 84% lost their job within six months of reporting an incident. This may indicate which view is prevalent.
Directors who are intent on falsifying the position of a company can put considerable pressure on staff to go along with the scam. They will play the loyalty card, saying that their actions are for the greater good of the company and shareholders. They will play the risk card, implying your job is in danger if the position is not falsified. "You are a key part of the team for going along with it, and you will be rewarded - trust me, I built this company and I can dig us out of this temporary difficulty."
Regardless of our attitudes to whistleblowers, it is clear that they ought to play a key role in revealing wrongdoing. The US has for many years had legislation to protect and reward whistleblowers who blow the lid on cheating government agencies, but until recently it has only given limited protection to other employees who reveal criminal acts, unless there is a potential loss to the public sector.
Since 1998, whistleblowers in the UK have enjoyed protection from the Public Interest Disclosure Act. This aims to protect workers of all kinds who disclose employers' criminal offences. However, the Act falls short of making it mandatory for organisations to introduce whistleblowing policies. While the law may alleviate some of the whistleblower's fears, the jury is still out on whether it is making informing more acceptable. A recent KPMG Survey revealed that 83% of respondents said they would report their colleagues or boss for major fraud and 44% said they would report minor offences. More worryingly, 39% said they had lied to cover up mistakes.
If it is accepted that whistleblowers have a role in revealing wrongdoing, what systems are needed to encourage the practice? If a scam is being generated by the most senior people in the company, to whom can the whistleblower report it? In the UK, the Financial Services Authority (FSA) has established a dedicated whistleblowing telephone line and e-mail address to encourage staff in the financial services sector to report wrongdoing. The FSA chairman, Sir Howard Davies, is on record as saying that he expects companies to put in place internal whistleblowing reporting systems, and that rules will be introduced if this does not occur voluntarily. He has also said that any firm that unjustly penalises a whistleblower may have its fitness and propriety questioned by the FSA. But this, of course, only applies to businesses regulated by the FSA.
Revelation of wrongdoing within an organisation cannot be left to whistleblowers alone. Like military defences, protections against fraud and other wrongdoing need to be comprehensive, interlocking and in depth. Key to this are recent developments in corporate governance in the UK and US.
The events at Enron and WorldCom sent out a shock wave that struck at the heart of markets' confidence in the probity of management. It spawned the Sarbanes-Oxley Act of 2002, which aims to introduce more cohesive countermeasures and to deter CEOs and CFOs from falsifying the financial position of a company. The Act makes them subject to criminal liability with fines of up to $5m or 20 years in prison. They are also subject to much greater restrictions on bonuses, obtaining loans from the company and dealing in its shares. These are attempts to reduce the situational pressures and conflicts of interest that may cause a director to favour his own personal position rather than that of the company and shareholders.
For the first time, the Act enshrines the rights of the whistleblower, stating that a company may not 'discharge, demote, suspend, threaten, harass, or in any other way discriminate against' a whistleblowing employee. The Act also places an obligation on the audit committee to set up procedures for the proper handling of confidential or anonymous complaints about financial reporting, the audit or internal controls.
Nor does the Act spare the auditors, imposing a requirement for an independent audit committee. Some might say that a significant contributory factor to Enron and WorldCom was the cosy relationship that developed between the audit partners and the directors of the companies. These days, the big accountancy firms see little profit from audit work, which is deliberately lowballed as a means of getting into the much more lucrative special consultancy work. It stands to reason that, if the budget for an audit is lowballed, the audit is unlikely to be conducted with the thoroughness it deserves. To avoid this conflict between audit and more lucrative work, the Act now proscribes the audit firm from carrying out many areas of special work, and the lead audit and review partners must be rotated at least every five years.
Could scandals such as Enron and WorldCom happen in the UK? Are the UK's defences to the same standard as the Sarbanes-Oxley Act? The answer to the first question is they already have happened here. In the late '80s and early '90s, the UK led the way in top level management fraud, with examples to be found in Bank of Credit and Commerce International, Asil Nadir and Polly Peck and Robert Maxwell.
With typical British understatement and abhorrence of legislative regulatory regimes, the British solution revolved around reviews and guidelines to improve corporate governance and enhance the role of the non-executive director. The Cadbury, Greenbury, and Hampel Reports gave rise to the combined guidelines on best practice. Key to this is the role of the independent non-executive director as an independent watchdog to curb the excesses of executive directors. The non-executive director is, in theory, someone to whom a whistleblower could turn without fear of being immediately compromised.
But how many companies hire non-executive directors because they think they will make effective watchdogs, and how many non-executive directors want to be watchdogs? The reality is that most non-executive directors are hired for the access they provide, or for their expertise in areas other than regulation.
Are the UK's defences against fraud at the most senior levels of the same standards as those being imposed by the Sarbanes-Oxley Act? Clearly not, as they are only guidelines without any real teeth. Will they change? Where the US leads, the rest of the world follows. Sir Howard Davies is sending a very clear message on whistleblowing to the financial sector and there is no reason why this should not apply to all companies. The writing may be on the wall for voluntary guidelines.
All organisations would be well advised to stay ahead of the game by taking their fraud risk management policies and procedures off the shelf and having a long hard look at them. What, if anything, does your policy say about whistleblowing? To whom should whistleblowers report? Is there an anonymous reporting hotline and is it monitored independently? What are your current criteria for recruiting non-executive directors? Are they qualified to monitor the activities of executive directors?
If organisations wish to avoid the prospect of legislation being imposed upon them, now is the time to ensure that they are meeting the evolving standards of best practice in fraud risk management.
David Gamble, executive director, AIRMIC, says: "Having a corporate culture that allows whistleblowing is important. There is a significant risk management issue when people become so focused on the business that they don't see the wider picture of how their actions fit into society.
"The bonding that can occur in a male-dominated workforce where it is seen as 'not playing the game' to inform on your colleagues can be a strong deterrent to whistleblowers. For this reason, it could be claimed that women and those from minorities make better whistleblowers. They are more likely to see the whole picture.
"In some company cultures, playing devil's advocate is seen as being negative. It can be risky to stand up and say that you don't agree with the way that the company is going. But having a culture where people know they can put their point of view strongly without being sacked or otherwise penalised is valuable and can avoid situations where employees feel they have to blow the whistle to make their voices heard. Open communication is a crucial element of good risk management.
"One of the best examples of a CEO who allowed passionate debate was Shoichiro Honda, the founder of Honda Motor. His engineers in R and D remember him as being full of engineering ideas which he would only give up if they came up with a better one. At that point he would laugh loudly and congratulate them. This attitude was crucial when Honda decided to switch from water-cooled to air-cooled engines. It was only after a long and heated argument, lasting several months that he was persuaded to drop the idea. How many other founder CEOs are able to admit their mistakes and listen to the staff before they get into difficulties?"
On its website, consultants Human Resource Solutions suggest a format for a whistleblowing policy. The concerns that can be raised internally could include:
- financial malpractice, impropriety or fraud
- failure to comply with a legal obligation or statutes
- dangers to health and safety or the environment
- criminal activity
- improper conduct or unethical behaviour
- attempts to conceal any of these.
- Mike Comer is managing director, Maxima Group plc, Tel: 0207 227 3300, E-mail: firstname.lastname@example.org