Blow a whistle that resonates
By Lawrance Lai & Jack WongOnce the shortcomings of a poorly written complaint and a poorly conceived anti-fraud plan are eliminated, organisations should see an improved and coordinated approach to combating fraud. A whistleblowing reward will help too.
An anonymous tipster has recently received US$30m from the Securities and Exchange Commission in the US as part of a program that incentivises insiders to report wrongdoing.
According to Sean McKessy, the SEC's whistleblower chief, whistleblowers from all over the world should feel similarly incentivised to come forward with credible information about potential violations of the US securities laws.
While many are unlikely to be privy to information that may win them such a handsome bounty, an individual could have observed a potential wrongdoing in the course of work but chosen not to report the matter. Would a reward motivate individuals sufficiently to provide a tip-off?
While Singapore regulators do not reward whistleblowers, there are organisations locally that have some form of reward system in place within their internal anti-fraud framework.
Organisations increasingly recognise the importance of early detection, and the outlay to improve chances of early detection – monetary reward included – is often small in view of the larger costs of fraud.
Whistleblowers: make it count
Certainly not every complaint will be entitled to a reward. Chronic complainants adopt a "spray and pray" approach when dispensing complaints, which is onerous to the fraud response team and taxing on an organisation's fraud response mechanism.
In our experience, the quality of whistleblower complaints can be patchy, and whistleblower emails generally fall into two broad categories.
The first category is where the complaints carry opinions but is scant in detail. These are only helpful to corroborate evidence that already exists but such complaints are weak in substance and there is little useful information provided to enable an organisation to meaningfully investigate.
Examples of these complaints range from the incoherent to petty grievances to the ludicrous, such as suggestions on how management should punish its employees for taking extended tea breaks! More often than not, these emails end up on a pile labeled "KIV" and stashed away.
The second category comprises complaints that carries a high level of detail and are therefore investigation-worthy. These complaints may also include details and advise on how the investigation can take place.
When the content contains specifics, including date, time, persons of interest, and increasingly photographic evidence, a reader alludes to authenticity.
It is often difficult to discern between spurious claims and bona fide allegations. Coupled with the limited resource a company has – it is often not practical to investigate every complaint – some instances of fraud may not be uncovered due to the lack of thought that went into the complaint.
It is therefore important to educate individuals in organisations on what makes an effective whistleblowing complaint.
Organisations: enable whistleblowers
Organisations themselves are behooved to enhance the quality of whistleblower reports. Apart from incentivising whistleblowers, there are various elements to the fraud reporting and investigation procedures that should not be overlooked.
Firstly, there must be proper avenues for whistleblowing, which should be clearly communicated and made available to all employees and possibly even non-employees like clients, agents, and vendors.
Organisations must also have clearly defined response time. This is important for two reasons: Whistleblowers are anxious to see action taken and they become discouraged if the organisation is deemed to be not responsive.
Secondly, the days immediately succeeding an event are often critical in any forensic investigation. A clearly defined response time increases the likelihood of preserving evidence.
The organisation should also be clear in the incident reporting matrix, describing the people or departments who will be privy to the complaint. There should be an alternative reporting channel if the persons handling whistleblower complaints are the very ones that the complaints are directed toward.
The organisation should always update the whistleblower on the results of its investigation as proper closure. It could be the outcome that an allegation has been looked into and appropriate actions taken, or that there is insufficient evidence for further action.
This reassures the whistleblower that the organisation takes allegations seriously.
Last but not least, the whistleblower's anonymity must be maintained. In a particular case reported in the media, a whistleblower has sued an organisation having been a victim of incessant harassment, pursuant to his name, address, and contact details being revealed in an open court document.
An anti-fraud policy must specify adequate protection of the whistleblower's identity, and take the necessary steps to ensure that information is not compromised.
Both whistleblower and the management have seemingly aligned interests. Once the shortcomings of a poorly written complaint and a poorly conceived anti-fraud plan are eliminated, organisations should see an improved and coordinated approach to combating fraud. Of course, a reward would not hurt too.
The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organisation or its member firms.