RSM Australia

Unleash the power of whistleblowers in war on fraud

Rather than putting a black mark against them, Australian firms should recognise the power of whistleblowers as an early warning system in the fight against fraud and corruption.

The commonly held misconception that there’s no place within a company’s culture for those with the temerity to inform management on the misconduct of their peers, is progressively being replaced with a new found respect for the role whistleblowers can play within any business.

Admittedly, legislation that protects and/or rewards whistleblowers is still playing catch-up with these emerging trends. Nevertheless, companies of all sizes should proactively tap into new dynamics continuing to evolve in the whistleblower space both here and overseas.

In the 2016-17 Federal Budget the government announced the introduction of new arrangements to better protect tax whistleblowers as part of its commitment to tackling tax misconduct.

Whistleblower protection missing

While broader whistleblower legislation is in place federally and in states and territories, most of the legislation focuses on the public sector. For example, part 9.4AAA of the Corporations Act 2001 does extend some whistleblower protection to officers and employees of companies and subcontractors.

Where guidance is required and where there is an absence in the law, Standards Australia’s AS 8004 on whistleblower protection programs for entities are aimed at encouraging appropriate procedures in companies and other organisations.

Standards Australia has also been instrumental in recommending guidelines for whistleblower protection.

However, to gain protection under the Corporations Act, whistleblowers must give their name before making the disclosure and have reasonable grounds to suspect that the information disclosed indicates the company or an officer or employee of the company has, or may have, contravened the corporations legislation and act in good faith.

In light of the lingering gap in private sector whistleblower protection, last November the Senate referred an inquiry into whistleblower protection in the corporate, public and not-for-profit sectors to the Joint Parliamentary Committee (JPC) on corporations and financial services. basic_illustrations-04-risk_management_legal_advisory - Copy.png

Submissions to senate inquiry closed on 10 February 2017, with the report on its findings due by 30 June 2017.

What the JPC is recommending is the comprehensive legislation, including a consistent approach across all industries and sectors, and consideration of rewards for whistleblowers.

The power of formal reporting mechanisms

While these initiatives are encouraging, companies are urged to consider implementing a formal reporting mechanism, whereby whistleblowers can accelerate their concerns to independent third party. Interestingly, the Association of Fraud Examiners (ACFE) 2016 report on Occupational Fraud and Abuse found telephone hotlines were the most common [whistleblower] reporting mechanism in their global data.

However, local firms should be reminded that when it came to the Asia/Pacific, telephone hotlines were used in only 27.8 percent of reported cases.

Every organisation must have some whistleblowing avenue and there’s a strong business case for outsourcing specialist service providers to operate a hotline and incident management solutions on their behalf.

Local firms heed lessons from global research which proves convincingly, that organisations bothering to document reports from all communication channels, into one centralised incident management system, have better risk visibility, more opportunity to spot trends and take action on emerging problem areas.

Hotline data that’s carefully tracked, reviewed, benchmarked and presented with sufficient context to management, via an incident management solution, invariably provides the early warning signs needed to take corrective action before minor issues escalate into major ones.

Given that no one is beyond checks and balances, it’s important to have independent professionals who can investigate on reported incidences, without the finger being pointed at individual staff.

With a straightforward lack of controls primarily to blame in more than one-quarter of cases in ACFE’s Asia-Pacific region survey data - making this the top contributing factor –there is a strong argument for implementing some form of incident management solution.

Given that in 24.1 percent of the frauds existing controls were overridden by the perpetrator and, in nearly 17 percent of cases a poor tone at the top was the main factor contributing to the scheme, there’s a strong argument for outsourcing incident management solutions to independent third party professionals.