They’re an organisation’s last line of defence against crime and corruption—but they are as vulnerable as they are valuable. Speaking to whistleblowing experts, we find out what best practice looks like, and where EAs fit in.
Meet Rosemary Rogers. For nearly a decade she served as chief of staff to multiple executives at National Australia Bank (NAB), and in that time Rogers lived in the lap of luxury.
A jaw-dropping amount of money was spent on holidays, parties, properties, private jets and helicopters. It’s been reported that one of Rogers’s holidays to the US racked up a $485,000 tab, and over $70,000 was dropped on a no-expense-spared birthday party for her friends and family. But in early 2018, Rogers’s high-life came to an abrupt end. A whistleblower at NAB alleged that Rogers was conspiring with executive events company, Human Group, to defraud the bank out of millions of dollars.
Police claim that Rogers approved inflated invoices for Human Group’s services and in return she reportedly received kickbacks totalling $5.4 million. Rogers has been charged with over 56 counts of ‘being an agent corruptly receiving benefit’ and ‘dishonestly obtaining financial advantage by deception’, or in layman’s terms—bribery.
If proven to be true, and if Rogers is convicted, NAB’s internal watchdog and management may have all failed to detect or stop her alleged fraudulent behaviour. This story demonstrates just how important a whistleblower can be, and why every organisation should have appropriate policy in place to protect them.
Why blow the whistle?
Whistleblowing is an insurance policy, and the last line of defence against criminal behaviour. But the real value in whistleblowing is not what it produces, but what it prevents. Whistleblowing can be twice as effective as any other method of fraud detection, in fact, 40 percent of cases are brought to light by whistleblowers.
In Australia fraud costs $8.5 billion a year and organisations typically lose five percent of their annual revenue as a result. ‘Business insiders’ commit a majority of the crimes and on average it can take 18 months to detect and stop the wrongdoing. If a whistleblower takes action, organisations can potentially avoid an immense financial loss.
Despite the positives, whistleblowers are often seen as ‘snitches’. Blowing the whistle—particularly in high-profile cases—can come at a huge personal cost. Employees who speak up are at risk of retribution and put their careers, financial security, friendships and freedom on the line.
HR expert and author, Karen Gately says, “treating whistle blowers as ‘trouble makers’ is an all too common attitude taken by people who would rather be free to act without consequences. Courageous organisations acknowledge their short comings and sincerely value the role whistleblowers play.”
Recently an Australian law passed that requires listed and larger companies to have a whistleblower protection policy in place by late 2019. Organisations are now obliged to give whistleblowers safe and anonymous channels to speak up. If the protections are breached there are heavy consequences, including jail time.
It’s all well and good to have an open and honest workplace, but sensitive complaints (like the one made by the NAB whistleblower in the Rogers case) require discretion. Good whistleblower policy should encourage employees to speak up on sensitive matters without fear of reprisals.
Now there’s legislation in place that compels companies to draft policy, it’s important to understand what best practice looks like. Nathan Luker, CEO of external whistleblowing service YourCall, gave us his perspective.
“Organisations need to act and allocate internal resources to construct whistleblowing policy,” Nathan explains.
Correct whistleblowing policy should cover a few fundamental points. Firstly, an organisation needs to appoint the appropriate staff to deal with confidential reports, otherwise known as a ‘Whistleblowing Officer’. This position is generally given to a senior executive, and we’ll go into more detail on that role a bit later.
Secondly, an organisation needs to work on creating a smooth process. A whistleblowing procedure needs to outline how a report can be made, who to make it to, when and how the organisation will investigate, and how the outcome will be managed.
“There should be policies and procedures laid out for whistleblowers by the organisation for each stage. What the person’s responsibilities are, what the organisation’s responsibilities are, and what legislation is available to them,” Nathan says.
Thirdly, once a procedure is established, it must be communicated throughout the workplace, and be available to any employee at any stage. According to Karen Gately, “taking time to ensure every team member is educated about the policy, the expectations it sets and protections it provides, demonstrates commitment to creating an ethical and accountable environment in which everyone is expected to play a role.”
Anonymity is also paramount throughout the whole procedure. Organisations have a responsibility to keep a complainant safe from public exposure, and the unwanted attention than can follow. The new legislation was formulated in part because of the repercussions that some Australian whistleblowers were facing, and deals out heavy penalties for breaches of trust.
Discretion is key
There’s a lot of work involved when dealing with whistleblower reports. Serious cases generally find themselves on the desk of an executive, and many c-suite jobs incorporate a ‘Whistleblower Officer’ role. Gina Mavrias (read her profile on page 22), COO and Whistleblower Protection Officer at Australian Hearing, spoke about how she and her EA handle reports.
“My role is to take all the steps to protect and support a whistleblower. It’s very important to have a senior person in that role. I have a strong desire and interest to support people if they have a concern.”
Alongside their internal system, Australian Hearing uses an external whistleblowing service (like YourCall) called Stopline. An external whistleblowing service is an additional part of a whistleblowing framework, where employees can contact what Nathan Luker describes as an “external report partner” to make a disclosure without notifying anyone inside the organisation.
“The way Stopline works is the whistleblower has to nominate the person that receives the disclosures. That’s me, so everything comes in a very secure and protected parcel. I’m the only person that sees it, and at that point I make a decision about the people that need to be involved in the investigation,” Gina says.
When the time comes for a report to be dealt with, Gina and her EA, Sharon Wilson, share an understanding. The report must remain confidential, and Gina must be the only person who can see it.
“EAs are incredibly discreet. I trust Sharon, but the legislation and the acute need to protect people in this process means I don’t disclose details to her. I do seek her support if something requires our urgent attention, or if I need her to help juggle things,” Gina says.
The Whistleblowing Officer is responsible for dealing with a confidential complaint and they need to take the time out of their schedule to do so.
“Sharon is aware of my movements and the meetings that I conduct. I trust her to know that she can’t disclose, talk about, or share any of the details of other people. I wouldn’t be able to do my job if I couldn’t then book meetings and fit it into my diary. She never asks or pushes, she knows that this sort of stuff needs to be treated a certain way,” Gina adds.
Discretion in whistleblowing cases isn’t just a measure to comply with the law, it’s an important step to make sure that future whistleblowers come forward, and prevent situations like the one below.
There is always a risk when it comes to blowing the whistle and if there isn’t a secure reporting system in place, a whistleblower can face severe repercussions.
Sally McDow is someone who is intimately familiar with the consequences of failed whistleblower protections. Sally is now a lawyer and partner at CPR Partners, but she was also a whistleblower at one of Australia’s largest ASX listed companies. Sally lodged the first ever case in Australia that tests whistleblower protections under the Corporations Act, in response to her treatment after making a disclosure at her now-former employer.
Sally explains that many whistleblowers are, in a way, forced into making a disclosure.
“People don’t wake up and want to be a whistleblower. People don’t come forward because they’ve decided one day that an issue needs to be raised. Usually there’s background and there’s issues which are pressing on that person that make it untenable to continue in their role without raising the issue,” Sally explains.
According to Sally, many organisations’ internal policy doesn’t adequately protect the whistleblower. She believes “the internal channels that are set up to receive whistleblowing reports are often not as good as they should be. There can be a lot of complexities and complications that arise using that channel, which possibly the organisation didn’t foresee, and certainly the whistleblower doesn’t foresee.”
Some of those complications involve breaches of confidentiality. Under the new legislation, the penalties for a breach of anonymity can result in jail time. EAs and organisations now have a responsibility to protect whistleblowers, prevent poor behaviour, encourage open communication, and comply with the law.
What to remember
There isn’t an easy way to handle sensitive whistleblower cases. These situations are as delicate as they are important, and it’s crucial that organisations take the necessary steps—like implementing policy—to ensure that whistleblowers are protected.
EAs play a crucial role in supporting and assisting executives while they handle whistleblower cases. They require the utmost secrecy to ensure that all business regarding whistleblowers is kept entirely confidential. Good practice can prevent cases like the alleged fraud at NAB. Not only can it potentially save huge amounts of money, it can set a precedent of honesty and accountability that promotes better corporate culture.