What’s in that whistleblower report?

Since the Sarbanes–Oxley Act was passed in 2002, all publicly-traded companies in the United States have been required to have internal whistleblowing programmes. In a research paper by Stephen Stubben and Kyle Welch, which was updated March 2020 and published in the Journal of Accounting Research, the researchers described their findings after studying nearly two million internal whistleblower reports submitted to over 1,000 publicly-traded companies in the United States.

Stubben and Welch found that 54.9% of whistleblowing reports were in relation to human resources–related matters, 15.7% were about business ethics matters, 11.8% were regarding the misuse of corporate assets, 8.1% were in relation to workplace safety concerns, and 0.7% were about accounting and financial issues (8.7% of the whistleblowing reports were not classified).

The strangest whistleblowing case in recent years may well be the anonymous complaint in 2019 that Donald Trump and Rudy Giuliani pressured Ukrainian president Volodymyr Zelensky to investigate the appointment of Joe Biden’s son Hunter to the board of a Ukrainian natural gas company, Burisma Holdings Limited. However, corporate whistleblowers have predominantly focused on issues such as harassment in the form of unwanted physical or verbal behaviour (that offends, humiliates or harms), corporate fraud, wastage or abuse (such as false expense claims), workplace safety concerns (which during COVID-19 have increased dramatically) and financial misreporting (such as materially misstated earnings).

Whistleblower protection

Many countries (including Belgium, China, France, India, Italy, Japan, the Netherlands, South Korea, the United Kingdom and the United States) now have specific whistleblower protection laws and companies that have whistleblowing programmes will normally implement internal policies to protect whistleblowers from retaliatory acts by the employer. To ensure whistleblowers of security, privacy and reliability for themselves and the information being disclosed and processed, many companies now:

• outsource the implementation of whistleblowing programmes to third party specialists
• ensure full data encryption throughout the reporting and recording process via multiple channels
• employ AI technology for case management, such as using chatbots to provide a user friendly, efficient experience and handle every report in a consistent manner without human errors (such as departures from protocol)
• hold regular whistleblowing training for the entire firm (from senior management to trainees), to emphasise that whistleblowers will not suffer retaliatory acts by the employer.

Mitigating reputational and financial risks

Not surprisingly, companies that promote whistleblowing along with compliance and internal controls received more reports per employee than companies that did not. Internal whistleblowing channels allow companies to identify and remedy issues at an early stage, helping to reduce the risk of reputational damage suffered when an external whistleblower makes a sensitive issue become public knowledge. These companies were also found to have been fined smaller amounts in terms of regulatory breaches and to have fewer material lawsuits to handle. Whistleblowing programmes are now accepted by companies as an effective method to mitigate reputational and financial risks.