Whistleblowing alerts increasingly necessitate prompt and qualitative triage to comply with regulations. Outsourcing triage to a trusted business partner can improve an organization’s capacity, competencies and employees’ trust in this regard.
A growing concern for organizations
An increasing number of countries around the world have strengthened their laws for whistleblower protection. In Europe, the EU Directive on the Protection of Whistleblowers implemented in December 2019 mainly requires the private sector and all private organizations with more than 50 employees to:
- implement internal reporting channels guaranteeing confidentiality to the whistleblower;
- train employees regarding their reporting options;
- guarantee full confidentiality to the whistleblower;
- implement safeguards for whistleblowers and those assisting them against retaliation measures such as demotion, suspension, harassment, isolation;
- systematically respond to whistleblowing alerts in a timely manner and to inform about their reporting process
- ensure secure storage of reports in compliance with GDPR.
These regulations aim at enhancing trust towards the organizations and therefore at fostering alerts. Indeed, research shows that alerts are crucial for identifying most cases of fraud and misconducts.
We have noticed an uptick in alerts when employees receive regular communication and training about the reporting channels and the number of alerts received and handled within their organization. Moreover, the implementation of a hotline guaranteeing confidentiality positively impacts the trust of employees in whistleblowing procedures.
Moreover, the Covid crisis showed that reporting channels are increasingly used for HR-related difficulties arising at work, in addition to the more traditional fraud alerts.
As a result of the recent regulatory and societal changes, the number of whistleblowing alerts has risen sharply over the last three years.
Reduced processing times
Processing times are critical in conducting investigations in the most efficient way, avoid the disappearing of evidence and maintaining trust of the employees towards their internal whistleblowing procedure. With the new EU Directive on the Protection of Whistleblowers, these processing times were reduced, with organizations having to acknowledge the receipt of the complaint within seven days and providing the whistleblower with a status on the internal investigation within three months.
In this context, timely triage of those numerous alerts is a growing challenge for public and private organizations who have limited resources within their Compliance and Internal Audit departments.
Organizations increasingly externalize triage of alerts
In order to comply with the new regulation and handle the increasing number of incoming alerts, organization increasing resort to contracting external service providers that either supplies just a hotline facility or is responsible for the entire triage and subsequent full investigations of alerts received. Outsourcing the alert triage often brings relief and additional quality to the organizations due to the following factors:
- Resource capacity and competencies to provide a timely answer for a high number and variety of alerts, ranging from financial fraud to harassment cases;
- Platforms and systems readily compliant with GDPR regulations and guaranteeing mandatory level of confidentiality;
- Platforms with multi-language options and immediate translation to facilitate communication and reporting of alerts;
- Increased trust from employees due to perceived independence from the organization’s hierarchy.
Prompt and professional answers are key to maintaining employees’ trust toward the whistleblowing procedure.
Another challenge: handling and reporting non-official alerts
Despite the implementation of formal reporting channels, organizations still receive informal alerts from employees who request that no investigation is conducted, be it for fear of retaliation, a feeling of shame or lack of evidence. The issue of documenting and reporting these alerts in compliance with the applicable regulations also needs to be considered carefully.
It is usually recommended to contact a legal counsel to determine the responsibility of the organization after such non-official alerts have been given internally. Additionally, the organization might consider keeping track record of all reported alerts to be able to use this data at a later stage in the event that another alert is received on the same subject.