The importance of independence, objectivity and confidentiality cannot be underestimated in the operation of an effective whistleblowing service.
Historically organisations have been keen to retain whistleblowing services in-house in an effort to prevent leaks and protect their reputation. The view was taken that if report volume was low then there were fewer problems. Many organisations also regularly sought or demanded the identity of whistleblowers in order to explore concerns effectively. Of course over time, as unreported issues continue to surface, sometimes publicly, it became apparent that low levels of reporting is likely to be a reflection of a lack of trust in the reporting process and resultant under reporting of concerns.
Employees are right to be concerned; the ECI Global Business Ethics Survey 2018 found that 36% of whistleblowers faced almost immediate retaliation and almost half believed their supervisors and managers were not committed to assuring ethical workplace conduct.
Many of these views have changed rapidly over the last decade with the emergence of a number of trusted independent partners and recognition of the reputational value of having a trusted process which can surface concerns as early as possible and using robust processes to resolve issues.
The value of a trusted service is also underlined by the findings of the ECI Global Business Ethics Survey 2018. They found that one in three employees had observed misconduct in the last 12 months, 38% of these did not report their concern. Some of the primary drivers of the failure to report concerns were;
- The report would not have been confidential (74%)
- They could not report anonymously (64%)
- That they would be labelled a snitch (63%)
In order for a whistleblowing service to operate optimally its independence must be enshrined and promoted. We have seen a number of trends in the market which threaten the independence of some services;
White-labelling / co-labelling
Organisations go to great effort to develop and promote their brand and associated culture. It is therefore understandable that they want to associate their own brand with the ethics and compliance service they put in place.
However, regardless of the strength of the brand and transparent culture of an organisation, replacing or co-branding the independent whistleblowing service damages its impact and discourages reporting. An individual that has concerns must be assured that they will be protected from reprisals; the anonymity provided by a truly independent provider does this.
Integrations and single sign on
Interoperability is an enormous trend in technology. Modern systems are designed to work well with each other to deliver slick user experiences and process efficiencies. Integrations however inherently dangerous as they are designed to allow data to move;
Tempting as it may be to integrate the independent ethics and compliance platform with other technology solutions, it can lead to significant issues as integrations represent;
- an attack surface to malicious actors.
- a risk of error in processes / programming moving sensitive data to inappropriate locations.
The convenience provided by integrating with HR systems or using single sign on tools is far outweighed by the cost as the real or perceived risk of data leakage between systems will again damage the confidence of reporters.
In addition given the sensitivity of the data concerned and increasingly stringent regulation with regard to data protection and whistleblower protection the consequences of a data leak in these circumstances are extremely serious.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.