Whistleblowing

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

Introduction

Whistleblowing channels, systems and programmes more broadly, are only as effective as the outcomes that result from the investigations or other follow up conducted in response to the concerns raised. From an end user perspective people raise matters as they reasonably expect and demand a response. Whistleblowing is one of the most common ways in which misconduct is detected and internal or regulatory investigations are triggered and is an increasing area of focus for regulators and governments on how whistleblowers are managed and protected.

In managing such user expectations an organisation, implementing and managing a reporting line, must ensure that there is a sense of transparency throughout the process. This can be embodied by having accessible policies, standards and guidance thereby informing would be whistleblowers on how the organisation responds to concerns raised. Understanding how a reporting line may be used by its customers can inform the organisations overall approach to whistleblowing which is pursuant of protecting organisational reputation together with trust and confidence in the whistleblowing programme. This affords the organisation the best opportunity in responding to the concerns and enacting any corrective and preventative actions. Thereby, enhancing business processes, maintaining employee satisfaction and retention, and minimising regulatory or law enforcement scrutiny, this, if unchecked, could adversely affect shareholder and stakeholder confidence.

Where organisations aspire that employees should feel safe to raise concerns they need to follow up with a well-supported, equipped and sufficiently trained team of investigation resources, or provide access them with effective and timely connectivity to senior management to report on matters facing the organisation at an operational and strategic level.

Managing whistleblowers or reporters

Those that raise concerns, arguably at any level of an organisation regardless of the issue being raised, do so as they expect a response and or acknowledgment. In certain countries it is a legal requirement to inform the person who reported a concern of the development of the case. The legislator could also set an indicative timeframe within which the whistleblower should be informed.[1] The principle that should underpin all whistleblowing programmes and approaches is the protection of individuals who raise concerns, e.g. ensuring whistleblowers are not prejudiced as a result of making a disclosure. The purpose of whistleblowing channels is to respond, in doing so in the eyes of the whistleblower it would arguably provide a positive experience, by acknowledging and listening to employee and third-party concerns.

To effectively manage whistleblowers organisations should understand and identify what channels currently exist and what they want to provide for employees and third parties to raise concerns. This should include measures to track and monitor their effectiveness and how connected these channels are to existing processes, to ensure that matters are adequately assessed and identified as significant issues. These measures should be sufficiently agile to determine, on a risk basis, those which require formal investigation; represent feedback on business processes; internal workplace grievances or engagements and those which represent management feedback, coaching opportunities, and leadership learnings.

A climate of increased scrutiny involving multiple media platform coverage through social networks and activism ensures the speed and reach of reputational damaging exposure is ever present. Coupled with an increased sense of societal accountability, the whistleblower has every means to, and is more than ever likely to, report concerns externally.

Given that whistleblowers elect to raise matters internally and that employees are likely to do this first, it is imperative that efforts be made to understand and manage whistleblowers appropriately to prevent externalisation.

This translates into designing mechanisms and processes for regular updates, engagement, welfare and support and transparency of process, including decisions on next steps. This is particularly important in ‘closed environments’ such as small teams, where notifications to investigation participants, and identifying and speaking with witnesses and subjects, can be very sensitive and have lasting impacts, potentially more important in cases of interpersonal behavioural conflict and sexual harassment allegations.

Engaged and informed whistleblowers are far more likely to provide further information, clarify issues and assist the investigation process, positively impacting case closure and substantiation rates. Attention to these issues mitigates a whistleblower’s perception of feeling alienated where they can present a retention risk because of speaking up. A considered and tailored approach to understanding a whistleblower’s needs and position, having raised a concern, promotes the organisations approach to employee welfare in such situations. This should include understanding and being ever alive to retaliation risk or risks, events and behaviours.

Underpinning these processes is identifying and promoting metrics which measure reporter engagement, either during or following an investigation. This can provide meaningful and qualitative information on the effectiveness of the programme and user experience, to inform the process and identify programme enhancements.

Understanding that language, tone and messaging with whistleblowers is central to instil trust and confidence and is a vital part of the whistleblower management process. Great care needs to be taken in such communications, effective engagement rests on the way in which investigators, legal teams and any other assigned personnel liaise to negate projecting inherent bias, which may be perceived by the whistleblower.

For example, avoid terms which project that the matter cannot be investigated unless the reporter provides evidence. This can manifest itself in the minds of the whistleblower as what they have raised is not credible, cannot be acted upon and that they are wrong to raise it. This is particularly a sensitive topic when addressing matters of racism, discrimination and sexual harassment, which are often deep rooted, personal and pervasive issues. It is for the investigator to identify, gather, analyse and present evidence, not necessarily the sole responsibility of the whistleblower to provide this.

Language is always a key area within organisations. It is important to keep in mind that the language used around the reporting line may have some impact on stakeholders. Language helps set the tone. Someone will be unlikely to contact a reporting line if the language used projects a negative image of a whistleblower as an employee who may deceive the organisation. Conversely, if the message sent through the words used is positive, and projects the idea that they are supporting the organisation’s culture, then other employees may be encouraged to report where appropriate.

Even though the term whistleblowing is widely used across the globe and has the benefit for everyone to understand what it refers to, it may also project some negative connotations. Therefore, finding alternative terms such as ‘speak up’ may help to establish a friendlier environment.

Organisations may find their own terminology where the term whistleblowing or whistleblower is not mentioned and they have looked for terms which have a positive impact. Rio Tinto for instance has previously used, to good affect, its own personalised concept and terms[2].

Programme and platform considerations

Whistleblowing platforms should be user friendly and provide a user experience that encourages and facilitates such use. The implementation of whistleblowing programmes must be supported by robust internal communications from senior management which endorses an open and honest approach to raising concerns.

In most organisations of relative size and scale, the provision of whistleblowing channels is largely through independent providers of services, call centres or web intake methods which are industry standard. Accounting for anonymity provisions may include anonymous reporting and communication through call centre password or log in credentials and message platforms for direct communication with investigators. Facilities to exchange information and documents, uploading items or evidence, are a helpful functionality and assists in confirming issues.

There are some obvious choices to be made, such as designing and defining what the formal communication channels are, e.g. email, online form, physical address, phone number and text. On many occasions these choices will be driven not only by the organisation’s preferences but also some internal and external factors:

  • legislation applicable, e.g. anonymous reports may not be allowed, therefore the reporting lines may be required to consider this;
  • type of workforce, if they are used to using technology or not;
  • location of the organisation’s operations; and
  • number of languages used within the organisation.

A whistleblowing or reporting programme is about the whistleblower and through its design and usability should embody an organisation’s commitment to understanding this context.

From a more operational perspective consideration should be given to the end user experience and understanding that the interface presented to the reporter needs to be ‘roadblock free’ and enables whistleblowers to seamlessly access the reporting platform, noting that over complicated drop-down boxes, or suggesting that the whistleblower chooses what category of matter they are reporting, are not conducive to an engaging end user experience.

The interface design, where customised, should ideally be one that understands the journey of a whistleblower. It needs to be free of inherent whistleblower bias and language and be free from legal jargon where possible.

The workflow design should give consideration to an interface that allows for the whistleblower to input their concerns and upload whatever documents they may have seamlessly. An effective programme is one that does not necessarily position itself, or project, that it is only certain matters that can or should be raised. An open policy on what are reportable matters is ideal, as this does not necessarily limit scenarios where a whistleblower is witness to an act, behaviour or conduct but does not understand that this represents wrongdoing, and therefore, as a result does not report.

A programme which harnesses this approach will be able to gather feedback, concerns and issues which constitute key business intelligence and assist the organisation with triangulating its data points in addition to insights gathered from engagement surveys and focus groups. This whistleblowing data can be screened, analysed and anonymised in a way that preserves the identity of those raising concerns and still enables the organisation to receive and understand critical issues relating to its operations and personnel across its footprint, in addition it assists in identifying trends. Harnessing technology and data analytics is key to visualising an organisation’s hot spots, areas of concern and repeating issues.

From a cultural perspective, it is a fact that reporting line managers will have to work very hard to avoid failures. As Peter Drucker’s widely attributed quote states, ‘culture eats strategy for breakfast’.[3] A nice strategy not supported by the right culture will limit any chances of success.

In summary some of the key areas to be considered to support a reporting line are outlined.

  • Tone at the top; commitment from board down all the command line, stairs are swept from top to down.
  • Effective no retaliation policy; it is not just a paper but a habit that needs to be integrated and managers should support this from the outset.
  • Transparency; benchmarking your reporting metrics either internally with other business or geographical units within the organisation, or externally would give indication of how effective a reporting line is, based on an analysis of a combination of reporting metrics.
  • Monitoring activities and reporting of key performance indicators (KPIs) to management will show the operational effectiveness of reporting lines as well as their contribution to the achievement of the objectives of the whistleblowing program.
  • An easy and accessible reporting line at all levels.
  • A proven record of actions taken after reports are made will certainly have a positive impact.
  • Promote transparency by internally sharing sanitized reports and statistics of the system, to evidence effectiveness.

Assessing concerns and allegation triage

When a concern is raised internally, particularly outside of formal whistleblowing channels, it is important to identify whether or not the report is intended to be a formal disclosure under the firm’s whistleblowing policy as opposed to an informal report. Every whistleblowing report should undergo an assessment of whether there has been any wrongdoing, also known as triage.

Triage consists of assessing the received reports, including aspects such as priority, completeness and relevance of the information[4]. The result of this assessment will determine the next actions to be taken with respect to the report.

One feature distinguishing investigation from other fields, e.g. audit, is that the former can be planned only to a certain extent. It is common in the investigation field where periods of relative calm are alternated with a peak of workload, sometimes exceeding the capacity of an investigation team to tackle all the concerns that may arise over a given period. Workload cannot be an excuse for not taking remedial actions or not responding to inquiries by the regulators. This is the reason why any whistleblowing management system must have in place an effective triage process.

Triage involves defining roles and responsibilities, allocating resources and monitoring operational effectiveness. Triage as a procedure of allocating allegations or assigning levels of priority to whistleblowing reports can be based on various criteria. Some criteria that could be used are subject matter and seriousness of the violation, potential for regulatory investigation, reputational harm for the organisation, seniority of employees involved, involvement of external parties, financial materiality and time constraints for implementation of remedial actions. Setting proper criteria for the triage requires understanding the organisation, its risk management policies and its context and expectations of stakeholders.

Understanding the full life cycle of the investigation process is significant, whistleblowing is regarded as the main avenue for the receipt and identification of issues that an organisation may face.

Robust, smart and timely recognition or issues and their assessment as either requiring investigation or not, material breaches or allegation of wrongdoing need to be identified, can be achieved by articulation of a clear procedure outlining which matters require investigation, definition of what constitutes an investigation, who this is conducted by and the various controls and means to evaluate operational effectiveness.

Generally speaking, all concerns should be received and assessed on their merits combined with effective and people centric communication or communications. In order to fully understand the issues raised early and prompt dialogue or contact with the reporter through their elected means of contact, or via anonymous message board, should be initiated.

Consultation with a reporter and early debrief, where possible, can assist the investigation process focus on the most critical issue.

Matters which do not necessarily require investigation should be followed up accordingly and relevant stakeholders notified so that organisational learning, where applicable or suitable feedback can be passed on.

As part of the key assessment stage, efforts need to be made to classify the issue or issues raised and accordingly align this to any policy standards or control framework.

Matters generally relate to either concerns or issues which expose the organisation or individuals to regulatory action, civil claims or criminal investigation. These issues will therefore require careful assessment and notification to the relevant stakeholders and legal SME’s noting any jurisdictional aspects and self-reporting considerations.

Most concerns received will relate to internal controls and or policy and standards and matters which breach a code of conduct or procedures and instances of fraud, corruption or activities which manifest into questions or concerns over integrity.

The most prevalently reported type of issue or concerns across organisations are behavioural and interpersonal, such as bullying, harassment and issues with management.[5] These can also represent breaches of codes of conduct and are also subject to investigative process. In keeping with a people centric approach investigators, and those assessing concerns, must ensure transparency and engagement with reporters, activity needs to work in partnership with the individual raising the concerns.

Who should manage the reporting line?

A variable which may affect a whistleblowing programme’s effectiveness, and moreover the trust and confidence users may observably have, is the positioning of the reporting line within the organisation’s structure.

Undoubtedly any existing structure will influence the potential outcomes depending on the scale and complexity of the organization’ business areas.

Regardless of the current structure, there are some considerations that need to be observed and some analysis will be required.

  • Independence, does the person or department have the required organisational independence or perception thereof?
  • Confidentiality, does the department have the proper infrastructure and resources to maintain the required system and process confidentiality and do the staff within the department have the required appreciation of confidentiality principles and integrity of sensitive information.
  • Resources, does the person, persons, or department have the required resources to conduct a proper investigation or management of reports?
  • Training, are the internal resources properly trained to manage the line and incoming allegations?

Considerations

Similarly, to other components of a compliance programme[6], the effectiveness of a whistleblowing reporting line requires a high-level commitment by the organisation’s leadership.

The governing body of an organisation, e.g. the Board of Directors for a corporation, should define the mission, responsibility, authority and independence for the persons entrusted with the management of the whistleblowing reporting line as well as exercise oversight over its effective functioning. This definition could be documented in a charter or a policy.

A functional reporting line to the board of directors, or other equivalent governing body, is required to ensure sufficient autonomy from management. Such a requirement is desirable for the people housed within the organization, e.g. within the legal department, internal audit, to conduct their duties without the risk of being unduly influenced or hindered.

The organisation can also choose to outsource the management of the whistleblowing reporting line to an external provider. This option may be perceived as preferable from an independence standpoint, as the external provider, by agreement, might have a communication channel directly to the governing body which makes it less susceptible to being influenced by the organisation’s management and internal politics.

Confidentiality

In a whistleblowing management system, the preservation of the confidentiality of the whistleblowing report and the protection of the identity of the whistleblower are paramount. A real risk of retaliation arises when the whistleblowing report involves the whistleblower’s supervisors or other people with a particular influence and power in the organisation.

It is important to ensure confidentiality as far as reasonably possible throughout the whistleblowing process. Notwithstanding that in some jurisdictions and subject to legal provisions anonymity cannot be guaranteed.

Knowledge of, circulation and access to, whistleblowing reports should be limited to the designated team managing the investigation of whistleblowing issues and such access levels should be reviewed and updated.

In certain cases, confidentiality can be complicated by factors like the number of people who come to know about the report and the information contained, which may expose the whistleblowers’ identity. It is imperative that access to the whistleblowing system and the information contained is strictly restricted to authorised personnel only.

The next step is to have a process in place that, on a case-by-case basis, correctly assesses and prevents the risks to the whistleblower. The ISO Standard 37002:2021 provides, among others, the following useful areas:

  • likelihood of confidentiality being maintained. Who else knows and what is the probability of handling the whistleblower’s information during the investigation without compromising his anonymity?;
  • anxiety of the whistleblower about detriment. What are the threats perceived by the whistleblower? How could these be addressed?; and
  • degree of involvement of the whistleblower in the subject matter and their relationship with subjects.

From the very first communication with the whistleblower, investigators should emphasise their commitment to confidentiality and be resourceful in providing support throughout the process.

Investigators should also respect the wish of whistleblowers to stay anonymous by providing a range of alternative communication channels from which the whistleblower can choose. If investigators need to have direct contact with the whistleblower, e.g. phone call, they can invite the whistleblower, reiterating the message, that the communication will stay confidential. However, investigators should avoid insisting as this may alienate the whistleblower.

Deliberate attempts to trace the source of an anonymous report are an option that should be avoided unless there are good reasons for that.

It is worth noting that one of the principles of Transparency International’s position is that full protection should be granted to whistleblowers who have disclosed information anonymously and who subsequently have been identified without their explicit consent[7].

Not only is the communication with the whistleblower an opportunity to make the investigation process more effective, but it also addresses the need of protection of the whistleblower. The whistleblower may be the victim in a case or exposed to retaliation because their identity is known. Ignoring these threats may jeopardize the investigation efforts and ultimately expose the organisation to the risk of non-compliance with whistleblowing regulations and other legal provisions.

Some of the safeguards that should be considered:

  • if known, withhold the whistleblower’s identity from general communications to parties involved in the investigation;
  • ensure that all interviews with the whistleblower take place in a discreet environment;
  • offer the opportunity to have witness interviews outside of the working environment, e.g. in a hotel;
  • be careful in handling evidence provided by the whistleblower, for example when confronting a subject, as this may help others to trace back the source of information;
  • arrange with the whistleblower for a phone call at the time that suits them; and
  • refrain from initiating conversations on business instant messaging apps, to avoid the risk of others noticing it.

Despite all the safeguards, it is always possible that during an investigation the identity of the whistleblower will be discovered. The investigation team should manage these situations and escalate the matter to stop any instance of retaliation that may occur. This may also involve liaising with the company’s senior management, e.g. regional or corporate HR, in such cases as reversing a dismissal procedure against the whistleblower.

Inquiries should be responded to, maintaining a proper balance between transparency and confidentiality needs.

Policy considerations

To gain the trust of all stakeholders and parties who use the whistleblower line, transparency is a must. Organisations should have a dedicated whistleblowing policy that detail commitment to an open and transparent culture.

Having a clear policy accessible to all parties will be beneficial to understand how the reporting line is set, how reports are dealt with, what the key elements of accountability are, and essentially what to expect from it.

The more transparent and clear it is, including the non-retaliation policy, the more trust and confidence it will promote.

There follows some of the elements a policy could include.

  • Board or Management support to the whistleblowing line and commitment to treat all reports fairly.
  • Awareness as to how not reporting something will help conceal wrongdoing within the organisation and affect the organisation as a whole.
  • How a whistleblower will be treated and what tools are there to support them, including the organisations commitment to non-retaliation.
  • The disciplinary regime for those who try to uncover a whistleblower or retaliate.
  • An outline of the active steps taken to preserve confidentiality.
  • The alternative measures and processes to report concerns, e.g, line manager, HR, legal, senior management.
  • What should be reported and what would not necessarily represent or require an investigation, not exhaustive but at least a framework.
  • An explanation of how allegations are dealt with.
  • A glossary of terms.

Understanding whistleblowers’ motivations

International studies[8] show the predominant role of ‘tips’ and other sources in identifying occupational fraud. This highlights, firstly, the importance of fostering trust in the whistleblowing management system and secondly, once a dialogue with the whistleblower has been established, using this source to get any information to investigate the facts reported.

Information that investigators should also try to ascertain, from the whistleblower, is the motive for reporting.[9] This is something that goes beyond the task of posing questions about the matter reported.

Organisations need not necessarily over concern themselves with why reporters have elected to remain anonymous, this in and of itself is not an indicator of a lack of trust or confidence in a whistleblowing programme, although measuring and reporting anonymity rates is useful. In fact, where substantiation rates maintain at level or increase, in parallel to anonymity, this tends to rebut the often prevalent bias inherent in anonymous reporting, that the reporter is anonymous due to nefarious or vexatious reasons, when in fact anonymity is not and should not be viewed as having an impact on the credibility and accuracy of matters raised. Organisations need to resist the perception of considering anonymity as a means of discrediting the information received. Noting some jurisdictions legislate or restrict anonymous reporting.

Various authors have sought to develop a typology of employees that goes beyond the moral dilemma to report a dysfunction or misdemeanour.[10], [11] Some whistleblowers may have altruistic goals, whereas others may seek revenge against somebody and use the whistleblowing channel for their purposes.

While it is not the investigator’s role to confront the whistleblower on their motive; it may be helpful to understand their mental and emotional state, who may feel the situation stressful and needs somebody who brings positivity and a sense of healing to their condition. This can eventually play a pivotal role in overcoming any possible obstacle in establishing a connection with the whistleblower and secure their continuous cooperation.

A particular situation occurs when the whistleblower is a victim and a subject at the same time. This is the case when the whistleblower acted in breach of applicable rules, for example, as a result of pressure by their line manager or because of a lax internal control environment. In situations like these, understanding the motive may also bring to light situations of a ‘rotten culture’ in a working environment that quite often is impermeable to any objective assessment from outsiders.

In situations like these, where the whistleblower is victim and subject at the same time, the motive to report can vary from an innate feeling of culpability for the wrongdoing, a need for protection from heavier consequences, e.g. dismissal, or simply revenge against the supervisor.

Investigators should also consider accommodating any request by the whistleblower to involve other people as facilitators in the communication. Local compliance officers, HR business partners, line managers or just colleagues can positively influence the meeting with the whistleblower and create a less tense atmosphere.

Legal implications

The European Union adopted the Directive (EU) 2019/1937[12] at the end of 2019. The Directive includes an obligation for all organisations with 50 or more employees to set up a whistleblowing system. There is a new and developing framework for the protection of whistleblowers in the UK and EU.

In the UK, which is not under the legal obligation to implement the European Directive, calls for reform to the UK’s legislative framework for whistleblowing have increased in recent years and the Protection for Whistleblowing Bill[13] was introduced in the House of Lords on the 13th of June 2022. The Whistleblowing Bill, if made law would establish an independent Office of the Whistleblower to protect whistleblowers, including creating offences relating to the treatment of whistleblowers and the handling of whistleblowing cases.

Whistleblowing legislation puts in focus the implementation of effective, confidential and secure reporting channels and the effective protection of whistleblowers against retaliation. Additional legislative protections will increase the compliance burden on organisations to ensure their procedures and systems are compliant and effective.

Organisations should have in place a clear and straightforward no retaliation policy.

The implementation of the policy may also consider the following areas:

  • A zero-tolerance approach to any retaliation against whistleblowers, and disciplinary regulation, including dismissal, against those who retaliate against whistleblowers.
  • Provisions to support whistleblowers, both from a professional perspective as well as a personal approach, which include mental health support, allowing them time off, relocating them, all in favor of their welfare.
  • Clear procedure indicating where whistleblowers can direct their allegations if they are retaliated against.
  • Measures to stop retaliatory acts including reintegration of the whistleblower into the workplace and follow up with whistleblowers after the investigation has concluded to ensure that no retaliation is happening.

Since whistleblowing reports often contain personal data, the current data protection regulations apply, e.g. General Data Protection Regulation (GDPR).

The applicability of GDPR rules means that from the moment of submission to the end of the case, data should be processed in an appropriate manner. For example, submission forms should contain disclaimers about how data will be processed and contain a tick-box consent.

Organisational and technical data security measures shall be implemented to reduce to an acceptable level the risk that data could be used for unintended purposes or even stolen. Access rights can enable access based on a need-to-know basis. Data encryption along with physical security measures can protect data from being stolen. The third, ‘soft’ pillar of data security is the training of people who have access to whistleblowing information.

Leaving aside that an anonymous report may hinder the investigation, should there not be a communication established between the whistleblower and the investigating team, organisations should take under consideration whether anonymous reports are legally accepted or not.

As legislation is constantly evolving, it is strongly suggested to seek legal advice to understand if anonymous reporting is accepted in the country we want to establish the reporting line.

Regardless of the legal provisions, some organisations may decide not to accept anonymous reports, which can be seen as a way of preventing malicious reports, as many countries and organisations foresee prosecution against these. However, the UK perspective is that rejecting disclosures at the outset on the basis the reporter is maintaining their anonymity is not a familiar practice and certainly would raise concerns from a legal and regulatory perspective. It is advised that organisations should conduct an appropriate level of review and triage, notwithstanding anonymity issues, in case the disclosure relates to serious legal or regulatory issues.

Another important legal consideration in the context of whistleblowing is the dynamic created by whistleblowers that are eligible to participate in or are subject to a whistleblower reward scheme as permitted and governed by the regulatory frameworks in their jurisdiction.

Despite some studies showing how whistleblower reward programmes bring value[14] the topic splits the investigations community. The key issue however, is that many whistleblowers now report to US reward programmes, with numbers of reports from outside the US continuously trending up.[15] No matter how effective an organisation’s internal whistleblowing programme is, nothing can prevent an employee from reporting to external bodies.

Simply because a reward programme exists does not mean a whistleblower must accept the reward. There is precedence for this, the case of Eric Ben-Artzi where an $8 million reward from the SEC was rejected on ethical and moral grounds.[16] On the other hand, supporting a whistleblower reward programme gives the chance to many whistleblowers to receive, in some cases, much needed financial support after leaving their employers.

Legally reviewed by Neil Donovan, Anthony Asindi and Ruby Hamid (Ashurst LLP).


Footnotes

[1] See Article 58 of the EU Whistleblower Directive.

[4] ISO 37002:2021, 4.4 Whistleblowing management systems

[5] 2022 Navex Global Risk & Compliance Hotline & Incident Management Benchmark Report.

[6] Guidelines on the requirements for corporate compliance are available in “Evaluation of Corporate Compliance Programs”, U.S. Department of Justice, March 2023.

[7] Transparency International, 2013. International principles for whistleblower legislation, principle 13.

[8] Occupation Fraud 2022: A report to the nations, Association of Certified Fraud Examiners

[9] Whistleblower: The In-house Perspective, S. Young

[10] Peter Roberts, International Handbook on Whistleblowing Research, Chapter 9: Motivations for whistleblowing: Personal, private and public interests.

[11] Emilie Hennequin, What motivates internal whistleblowing? A typology adapted to the French context, European Management Journal, Volume 38, Issue 5, 2020, Pages 804-813,

[12] Directive on the Protection of Persons Reporting Breaches of Union Law.

[15] https://www.sec.gov/files/owb-2021-annual-report.pdf, “Geographic Origin of Whistleblower Tips”.

[16] Mr. Ben-Artzi – an ACI member. His case received coverage by various media - https://www.ft.com/content/0415b255-b844-4264-9b7c-ffc5aa5131f0.

Unlock unlimited access to all Global Investigations Review content