Whistleblowing is amongst the most powerful and effective means of uncovering fraud, corruption and other forms of mismanagement within organisations.
Given that the majority of whistleblowers are likely to be reporting on mismanagement occurring within their own companies or institutions, it is critical that these organisations are equipped with secure channels to receive and address any concerns raised. It is also of paramount importance that any potential whistleblowers are afforded the necessary levels of security and protection. This can be achieved through the implementation of safe and effective internal whistleblowing systems (IWS). An effective IWS should provide a secure mechanism for stakeholders and employees to receive reports, while simultaneously protecting individuals reporting concerns from retaliation.
As part of their 2022 Occupational Fraud Report, the Association of Certified Fraud Examiners (ACFE) examined over 2,000 cases of occupational fraud across 133 different countries and established that roughly 42% of the fraudulent activities were detected as a result of tip offs. This amounted to nearly three times the number of incidents as the next most effective method, internal audits. This research performed by the ACFE also indicated that maintaining an effective reporting mechanism or IWS significantly increases the likelihood of earlier fraud detection and can aid organisations in reducing potential losses as a result [1].
Despite global rates of financial crime remaining moderately stable, the potential ramifications of these risks remain substantial, and therefore so does the need to safeguard against them. According to PwC’s Global Economic Crime and Fraud Survey 2022, 52% of organisations with global annual revenue above €9.25bn (equivalent to US$10bn) had reported experiencing some form of fraud over the course of the previous 24 months. At a broader level, when examining all organisations surveyed, 46% reported incidents of fraud and/or economic crime, with cybercrime, customer fraud and asset misappropriation risks posing the most significant threat [2].
Establishing an efficient and robust IWS can substantially aid organisations in ensuring that the necessary instruments to mitigate potential wrongdoings or misconduct are in place. The substantial benefit of an effective IWS has been further reflected by the increasing number of national laws being introduced enforcing the implementation of these systems. As of late 2019, the European Union (EU) Directive 2019/1937 (“the Directive”) came into force regarding the protection of persons who report breaches of Union law.
The Directive outlines the minimum standards that should be in place regarding the protection of persons reporting breaches in the context of their work-related activities. It was transposed into Maltese legislation on 24 December 2021, shortly after the 17 December 2021 deadline set by the EU. Further provisions introduced as part of the Directive, include obligations for private sector entities with 50 or more workers to establish internal reporting channels and procedures. Organisations with fewer than 50 employees may also be required to implement internal discourse channels and procedures (in accordance with Section 2 of Part III of the Directive), depending on the nature of the activities they are performing and the resulting level of risk.
The EU Directive serves as a minimum standard that organisations should strive to achieve when considering best practices with regards to the implementation and maintenance of an IWS. The numerous adverse financial, reputational and legal repercussions of misconduct reinforces the position of IWSs and internal whistleblowers as vital assets to organisations operating in the current global risk landscape.