A US diplomatic cable, classified as “secret”, reports on a briefing given to the US ambassador in an emerging oil country in connection with a meeting that was held with a senior executive of a multinational oil company in February 2009. During a discussion of the high level of corruption in the oil state concerned, the senior executive gave the example of a bribery demand by the country’s attorney general: that he would sign a required document only if paid USD 2 million immediately, and another USD 18 million the next day. This cable was one of the of 250,000 US State Department cables released by WikiLeaks in 2010. WikiLeaks is an international, online, self-described not-for-profit organisation publishing submissions of secret information, news leaks, and classified media from anonymous news sources and whistleblowers. 2 As a result, Julian Assange, the (former) spokesperson and editor-in-chief of WikiLeaks, has come under severe scrutiny for his controversial decisions to release these documents and is currently hiding in the Ecuadorian embassy in London to eventually avoid extradition to the US via a primary extradition to Sweden where he is suspected of rape and sexual molestation.
The virtual whistleblower
Secrecy is often controversial, depending on the content of the secret, the group or people keeping the secret, and the motivation for secrecy. Secrecy by government entities is often perceived as excessive or in promotion of poor operation. However, excessive revelation of information on individuals can conflict with virtues of privacy and confidentiality.
Most nations have some form of an official secrecy act (such as the Espionage Act in the United States) and classify material according to the level of protection needed. Similarly, organisations ranging from commercial multinational corporations to non-profit charities keep secrets for competitive advantage, to meet legal requirements, or, in some cases, to deliberately and inappropriately conceal bad practices. New products under development, unique manufacturing techniques, or simply lists of customers are types of information lawfully protected by trade secret laws. Other laws require organisations to keep certain information secret, such as medical records or financial reports that are under preparation to limit insider trading. The European Union and its member states have strict laws about data privacy and data protection.
Besides simply blocking the WikiLeaks website (which could be perceived as censorship resembling similar actions in China, Russia3 and North Korea), the US Department of Justice still wants to prosecute Assange for his actions in releasing classified data. However, charging Assange will prove difficult because he merely published the documents that were allegedly provided to him by US Army soldier Bradley Manning. While Manning is currently in military prison and has been charged with illegally downloading the leaked files, Assange’s defence will be that he is protected by the First Amendment to the US Constitution. 4 More importantly, and in spite of the characterisation of the leaked documents, it will be interesting to learn what the competent authorities will do with the express or implied allegation of bribery or bribery demand as mentioned in the referenced cable.
Similar constraints apply to private whistleblowers, for example, in the business environment. In the past, many good faith whistleblowers were retaliated against by their defensive employers, or lost in court on the argument of having disclosed company secrets and/or infringed or disturbed the mutual trust and professional relationship. Nowadays, encouraged by huge corporate scandals (Enron, WorldCom, Ahold, Parmalat, etc.) and subsequent societal outrage, many, in particular developed countries, have enacted whistleblower laws or improvements thereof. In the framework of more transparency, fair disclosure and accountability, some countries even allow anonymous whistleblowing, while retaliation against employees is strictly forbidden. This process can be effectively facilitated and implemented by, for example, 24/7 online software-as-a-service (SaaS) solutions 5 which enable communications between the employer (or its independent designate) and the anonymous employees in any language through, amongst other features, unique coding and translation programs.
At the extreme end of the spectrum, the Whistleblower Rules were enacted in May 2011 as an integral part of the US Dodd Frank Act, providing for a “bounty” of 10% to 30% of the aggregate monetary recovery from government enforcement actions for whistleblowers who voluntarily provide the Securities and Exchange Commission (the US watchdog of publicly listed companies) with original information about potential violations of the federal securities laws. These need to lead to a successful enforcement action resulting in sanctions of USD 1 million or more. In April 2012 a whistleblower received USD 21 million for triggering a successful federal inquiry into Medicare fraud at his former Florida employer.
Where whistleblowers still should be concerned (as even anonymous whistleblowers can sometimes easily be unveiled, in particular in smaller organisations),6 corporations and government institutions should not. Whistleblowers (except those who act in bad faith or disgruntled employees who incorrectly want to settle an old score) will eventually protect a company against infringement, prosecution or conviction. The companies should accept the challenge to be(come) compliant and embrace a compliant culture. Not cosmetically in words and documents, but in hearts and minds. Besides, it enhances the possibility that the whistleblower will report the matter internally rather than (immediately) going to the external authorities, the media or WikiLeaks. It is noted that not only the whistleblower should be protected against retaliation, but also the alleged accused person and/or corporation should be considered to be innocent until proven guilty.
Unfortunately, many reputations have been damaged on the mere accusation of wrongdoing. In the European Union there is tendency to subject whistleblowing to a proportionality test7 in relation to the envisaged aim, which can be based on four elements, namely:
- There must be a legitimate aim.
- It must be suitable to achieve the aim (potentially with a requirement of evidence to show its justification).
- There must be no reasonable alternative to achieve the aim, considering the risk of exposure of the whistleblower.
- It must be reasonable, weighed against the severity of the alleged wrongdoing and the potential damage to the target.
Why does (sustainable) compliance matter?
The Greek philosopher Plato (427 BC-347 BC) had already the wisdom to say that “good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.” In the King Report on Corporate Governance for South Africa (2002) it was noted that “you cannot legislate a company into good behaviour.”
Compliance is one of those catch-all terms that mean different things to different people. Compliance with what? The strict definition of compliance in legal terms could be confined to “fulfilling of internal and external laws and regulations”, 8 while compliance risks refer to “the risk of legal sanctions and of material, financial and/or reputation loss”. 9 Over time the term compliance has gone beyond what is legally binding and has embraced broader (self-regulatory) standards of integrity and ethical conduct.10 Matten and Crane opine that “business ethics can be said to begin where the law ends.” 11 Consequences for the company for non-compliance can range from dawn raids, lengthy investigations, substantial fines, void and unenforceable agreements, civil actions and third party damages, management, accounting and legal costs, loss of tax credits and government contracts, bad publicity and damage to a share price. Exposure for individual employees can entail prison, high fines, director disqualification, disciplinary offences/loss of job and harm to personal reputation.
Depending on the vision, goals and resources a company can decide to strictly comply with the minimal legal and regulatory requirements on the one end of the spectrum (“keep me out of jail”) through the full breadth of compliance with guiding principles and codes of ethics on the other end of the spectrum, encouraging behaviour in accordance with the letter and the spirit thereof (“create a competitive advantage”). The latter is founded on a sound corporate culture and underpinned by a set of comprehensive assurance procedures and joint ethical values such as honesty, integrity, professionalism, teamwork and respect for people. The first, strict category might, on the other hand, allow the export of drugs which are (still) unapproved in the country of manufacturing to be used by the citizens of foreign nations where the local legislation does not prohibit them, in spite of possible noxious side effects. The full breadth category would dislike the ethical difficulty of creating a double standard which would legally allow such export that had not yet been determined safe and effective for use in the company’s own country. Ethical values and legal principles are usually closely related, but ethical obligations typically exceed legal duties. In some cases, the law mandates ethical conduct. Sometimes the law does not prohibit acts that would be widely condemned as unethical. And the contrary is true as well: the law also prohibits acts that some groups would perceive as ethical. 12
The advantages of ethical behaviour may include: higher revenues through higher demand from positive consumer support, proved brand and business awareness and recognition, better employee motivation and recruitment, and new sources of finance – for example, from ethical investors.13 The US Corporate Executive Board (CEB) surveyed about 130 companies for the level of integrity within their corporate cultures and found that companies scoring the highest marks outperformed those with the lowest by more than 16 percentage points when it came to shareholder returns. The top quartile of companies surveyed averaged a 10-year total shareholder return of 8.8%, while the bottom quartile averaged a loss of 7.4%. What these results demonstrate is that not only does an emphasis on corporate integrity make money over the long term, but a lack of corporate integrity will cost a company money over time.
The way compliance is organised and underpinned can vary between rules-based, risk-based and values-based regulations and combinations thereof. Scandals in the area of corporate governance in the US (Enron, Tyco, WorldCom), Italy (Parmalat) and the Netherlands (Ahold) led to strict regulations (i.e. the rule-based Sarbanes Oxley Act of 2002) in the US and corporate governance codes (i.e. primarily based on principles and with less binding legislation) in Europe. It depends on all kind of aspects in the area of corporate governance and societal aspects. Some countries believe that value-based systems eventually provide better results than carving every rule in stone. The stakeholder-focused Dutch “Poldermodel” has a different approach and prioritisation than the shareholder-focused Anglo-Saxon model. Most civil law jurisdictions around the world favour the use of principles and guidelines and extend a belief and trust in their organisations to subscribe to such principles. Such faith also leaves the vigilance of good practice to the larger community, and leaves unclear the specific consequences, assuming that public exposure of non-compliance with these principles will result in significant loss of face and credibility.
In the US, there is a tendency not to extend such trust, and instead to develop and insist on compliance to a specific set of rules. In such a system the consequences of non-compliance are clear, and supposedly swift, yet restricted to the jurisdiction of the regulatory body. Unfortunately, a rules-based approach also tends to encourage some to play games with the rules, to find loopholes in the rules, and to find ways around the rules.
“Do as I say, not as I do” commands may result in an ineffective environment. The worst situations occurred when management participated in highly questionable business practices and the board of directors turned a “blind eye”. What really counts in the end is substance over form.
Conclusion and guidelines for action steps: Noblesse oblige
The French phrase “noblesse oblige”, literally meaning “nobility obliges”, is generally used to imply that with wealth, power and prestige come responsibilities . In ethical discussions, it is used to summarise a moral economy wherein privilege must be balanced by duty towards those who lack such privilege or who cannot perform such duty. It also refers to providing good examples of behaviour and exceeding minimal standards of decency. Consider compliance not a threat or nuisance but an opportunity for a sustainable competitive advantage. Compliance can turn around harmful exposure and surprises into controlled risk mitigation and damage control. Besides, compliance can have a positive impact on employees’ attitudes and behaviours and may attract talented people. The major stakeholders will likely perceive compliance as a benefit and certainly non-compliance as a huge liability, both in terms of monetary damages and loss of reputation.
Many public multinationals listed in both the US and the Netherlands apply a mixture of rules, principles and values, in combination with a solid internal control framework that can help management to determine how much uncertainty is accepted. This also helps to determine how the risks and opportunities deriving from this uncertainty can be effectively managed in order to enhance the capacity to build value. Besides this, the multinational must have:
- A robust, “breathing and living” compliance programme
- Regular, iterative, live and online training (with ethical dilemmas and actual cases)
- Enforceable contractual anti-bribery provisions
- Intermediary or business partner certifications
- Red flag scenarios
- 24/7/365 anonymous complaint opportunities
- A thorough and relentless incident management system.
Multinationals can make much of this information available online to their stakeholders (such as employees, supervisors, shareholders, societal community, civil society, regulators, etc.) as appropriate and publicly report on the statistics, improvements, gaps and opportunities to meet the criteria of good corporate governance, transparency, corporate social responsibility, sustainability and stakeholder accountability. Many can be implemented using innovative technological solutions.
Where norms may have been developed on a foundation of values, the maintenance of norms is an essential component of risk mitigation through educating, motivating (“carrot”) and disciplining (“stick”) employees as necessary.
1 Parts of t his article were first written in connection with the Dutch National Compliance Debate 2011 organised by the Dutch law firm Houthoff Buruma. See: www.houthoff.com/fileadmin/user_upload/Popular_Topics/National_Compliance_Debate_2011.pdf
The editor has provided unconditional approval to use all or part of this article for GISWatch.
3 On 11 July 2012 Russia's parliament passed a controversial bill allowing the government to block blacklisted websites.
4 The First Amendment protects the rights to freedom of religion and freedom of expression from government interference. Freedom of expression consists of the rights to freedom of speech, press, assembly and to petition the government for a redress of grievances, and the implied rights of association and belief.
6 According to the US Ethics Resource Center (ERC), retaliation against workplace whistleblowers was rising in 2011, due to “increasing levels of stress at workplaces in transition because of the sluggish economy, mergers, and other disruptive events.” More than 22% of employees who reported workplace misconduct in 2011 said they also experienced some form of retaliation, compared to 12% in 2007 and 15% in 2009, the ERC said. www.ethics.org/news/retaliation-against-whistleblowers-rising-faster-re…
7 Craig, P. and de Burca, G. (2001) EU Law: Text, Cases and Materials (5 th ed.), Oxford University Press, Oxford, p. 526.
8 KPMG (2008) Anti-bribery and Anti-corruption Survey.
9 Basel Committee on Banking Supervision (2005) Compliance and the Compliance Function in Banks , Bank of International Settlements. www.bis.org
10 Vereniging Compliance Officers (2005) Professional Competency Profile (Version 2). www.vco.nl
11 Crane, A. and Matten, D. (2007) Business Ethics (2nd ed.), Oxford University Press, Oxford.
12 Anstead, S. M. (1999) Law Versus Ethics in Management, University of Maryland.
13 Baumhart, R. (2010) (revised) What is Ethics?, Issues in Ethics, 1 (1) (Fall 1987).