PKF surveyed 41 organisations and held in-depth interviews with representatives from 10 large organisations. Of the 41 organisations who responded to our survey, 80% indicated they received 25 or less disclosures per year from their whistleblowing channels (internal and external). This is consistent with the results of the Navex Global 2019 benchmark report[1], which showed an average rate of disclosure of 0.8 (for all channel disclosures) per 100 employees for the APAC region. However, this rate is low compared to rates for other regions[2] and is expected to increase as stakeholders gain greater trust in their organisations to clearly exhibit that they will support a culture of speaking up and when they do, do something about the matters disclosed.
Of the organisations we interviewed, the following observations and challenges were noted:
- Whistleblowing is managed by different functions across organisations, including Risk, Audit, Integrity, Governance, Company Secretariat, Compliance or Legal departments, with no clarity about who is ultimately responsible.
- Organisations can receive multiple allegations from one discloser, disclosures about non-whistleblowing matters, e.g. workplace grievances, and disclosures from non-eligible whistleblowers. Where how to handle these scenarios are not articulated in written procedures, confusion about what is required often occurs.
- Whistleblowing arrangements are not well understood by staff and those running the whistleblowing function are unsure of how best to handle whistleblowing matters and advise whistleblowers. Consequently, organisations indicated they would be willing to outsource whistleblowing training and the independent assessment and investigation of whistleblowing disclosures.
- Organisations found it difficult to identify whether the subject of a whistleblowing disclosure had been involved in some other misconduct. This was often brought about by internal departments holding relevant information in disparate systems, e.g. information held in a Human Resources system may be relevant but not accessible to those assessing a whistleblowing disclosure.
- Disclosures often need to be handled by different people or via different processes due to the subject matter of the disclosure. This can give rise to inconsistency in the process used and protections made available. As such, organisations need to ensure adequate training for all relevant staff and secure systems that facilitate the sharing of information relevant to whistleblowing whilst maintaining confidentiality.
- There was a growing demand for useful management reporting on whistleblowing and conduct matters generally. Often disparate and manually maintained data sources add to the challenge of collecting and using this data effectively for decision making.
The wake-up call
As the first anniversary of the legislation approaches, our research provides a timely reflection of the state of whistleblowing. The results show that there needs to be improved awareness of the regulatory requirements on whistleblowing and, in order to progress from the ‘tick box’ mentality, a greater appreciation of the value of whistleblowing as a best practice corporate governance mechanism. Management should not wait until Directors concerned about their individual accountability begin to challenge them about conduct, culture and compliance issues and the quality of the whistleblowing data provided.
Practically, significant work is still required to design effective whistleblowing systems. Organisations must take the time to adequately consider the operational requirements that make whistleblowing systems effective. This includes the implementation of user-friendly policy and complementary training and awareness activity.
In our view, these issues increase the risk of non-compliance with the whistleblowing legislation, and more importantly, undermines stakeholder trust. Getting on the front foot to implement effective systems that are adequately articulated in policies builds trust and reduces the risk of regulatory intervention.