Let's start with a sobering statistic: The Association of Certified Fraud Examiners (ACFE) estimates that organizations lose 5% of their revenue to fraud annually. What could you do if that 5% wasn’t missing?
The ACFE publishes a Report to the Nations biannually with statistics based on cases reported to them across the globe. The 2022 Report to the Nation consisted of 2,110 individual cases, of which 675 were based in the United States and Canada. The majority of the reported frauds (42%) were detected as a result of tips by various whistleblowers. More than half of those tips (55%) were made by an organization’s own employees, 16% were identified as “anonymous” and the remainder were received from customers, vendors and external auditors.
What would you do if an employee came to you with suspicions of fraud? Would your reaction be different if it was inventory theft, theft of intellectual property or financial statement manipulation? Here’s a better question… what would your coworkers or management do if you came forward and reported that you thought fraud was occurring?
Maybe your company has a mechanism for employees to discuss concerns, whether it’s an anonymous webform or a clear line on who to report such matters to. Maybe you even have a hotline that employees can use to raise the alarm. With those internal resources, why wouldn’t an employee report fraud internally if they see it?
Employees have every reason to be suspicious of reporting misdeeds internally. The first case of whistleblower retaliation in the United States of America (formed in 1776, as a point of reference) can be traced to 1777 and the USS Warren case. This led to the Whistleblower Protection Act of 1778. The protections ostensibly offered by this, and other legislation are well intended, but haven’t stopped a veritable cinematic universe of people who have been harmed because of their whistleblowing (Frank Serpico, Mark Felt aka Deep Throat, Karen Silkwood, Linda Tripp, Sherron Watkins of Enron, Jessie Guitron of Wells Fargo, to name a notable few).
Company owned hotlines, web forms and comment boxes exist to benefit and protect the organization. If a company maintains control of those mechanisms, it is reasonable that they can track down whomever filed the complaint whether by IP address, phone number, security camera footage or identifying information within the report itself. This is especially true if the whistleblower is reporting on a matter that would expose the company to liability.
Legal precedent has established that companies may fire at-will employees for reporting fraud internally (i.e. Digital Realty Trust v. Somers). Furthermore, stories of whistleblower retaliation abound and are not limited to losing one’s job. Whistleblowers may also be ostracized by coworkers or have the tools necessary to carry out their job duties removed, effectively forcing them into declining job performance. In the end, it could ultimately result in termination of employment. This, in turn, can lead to a cascade of misfortune arising from that sudden unemployment.
The tone you set as an organization will help your employees feel more comfortable reporting issues to you. This is especially true if they believe that no consequences will come to them when they make a good-faith report. It helps to have a company culture where tips are followed up on quickly and investigated without bias.
The first step to create such a culture is to have a platform for tipsters to submit their concerns. In general, you want the tipster to be able to share what they saw, who was involved and when the incident occurred. The more details they can provide, the more targeted your investigation can be. Any information shared can help your organization respond to and address fraud more effectively.
One way to ease employees’ fears is to use a third-party hotline or web submission service, where a report can be filtered for any identifying information before being passed on to management. Another method is to provide resources to employees, directing them to a means of reporting misdeeds that are outside the company.
Employee education on fraud reporting will also help employees feel safer about reporting. Employees should be educated on what ought to be reported, when it should be reported and the urgency of such reports. Employee fraud training is important in that it provides information about the kinds of matters that should be reported, and what details are necessary to include in a report. It may also include the ways to safeguard the whistleblower’s identity from being tied to their report. You should also consider that a “one and done” approach to this training won’t create a lasting impact. This sort of training should be reinforced throughout the year, with an ongoing policy and with reference materials that are easily accessible by all employees.
All these efforts may be dust in the wind if the organization doesn’t protect its whistleblowers and act with integrity throughout the process. Ultimately, the response to tips is in the hands of company management and any board of directors associated with the organization.
As of the 2022 ACFE Report to the Nations, organizations with hotlines caught fraud sooner and their loss to fraud was halved. Furthermore, employee training with regards to a hotline or internal reporting mechanisms increase the likelihood of employees using those means to report fraudulent activity. It should go without saying that these are not one-time use tools, to be packed away after you’ve caught your first fraud with them. They are methods that should be kept active, monitored, adjusted, and investigated with urgency.
Click here to see the 2022 Report to the Nations.
If you’re a whistleblower, or a potential whistleblower, in the United States of America looking for resources, please visit the Department of Labor website at Whistleblower Protections | U.S. Department of Labor (dol.gov) and the National Whistleblower Center (NWC) - Protecting Whistleblowers .
You May Also Like: