by Liezl Groenewald | Published on 25 February 2019 for The Ethics Institute monthly newsletter
Being in South Africa in the current social and economic climate, and especially participating in business here, is not for the fainthearted. According to the PWC Global Economic Crime Survey (PWC, 2018), South Africa has again reported the highest percentage of economic crime in the world. Asset misappropriation is listed as the most committed crime, and procurement fraud, and bribery and corruption, are third and fourth respectively. These findings tie neatly (and painfully) in with the evidence presented at the Commission of Inquiry into State Capture (to name but one such inquiry) that huge amounts of government and shareholder assets have been, well, wasted. The effects of these crimes on society are too many and too great to mention in this article, but it is fair to say that they are felt by every citizen in one way or the other.
"Can an organisation afford not to use well-managed, effective and safe reporting mechanisms that provide comfort to whistle-blowers? Given where we are, and where we want to be as a country, I think not."
Organisations should take note of the findings of PWC’s report and the evidence presented at the Zondo Commission, because they are not immune to these crimes. Far from it. Unsurprising, and encouraging, then, are the indications that organisational leaders are taking a more active interest in their governance responsibilities and want to be informed of unethical conduct in their organisations. The PWC report found that, while half of the cases of fraud and corruption are detected through internal controls, nearly one third is raised by internal whistle-blowers. A comparable study, conducted by The Ethics Institute (TEI, 2016), found that one in every four employees knew of misconduct, but only half of them reported it. Their main reasons for not reporting were a fear of victimisation, a belief that the report will not receive attention, and the worry that they cannot report anonymously.
These reasons are important, and should be of concern to organisational leaders, as many potentially detrimental incidents of misconduct go unreported, and therefore unnoticed. While most organisations in South Africa, in compliance with the Companies Act, have whistle-blowing or safe reporting mechanisms in place, the abovementioned statistics imply that there is a lack of trust in such reporting channels. So, it is imperative that organisations ensure their safe reporting channels protect the confidentiality and (where required) identity of the prospective whistle-blower. International research (Navex Global, 2018) found that nearly 40% of reports are received via other means (such as walk-in, open door, email) rather than through a safe reporting mechanism. That leaves us with 60% of reports that could potentially be received through an independent safe reporting mechanism managed by an external third party.
Unfortunately, ignorance abounds about the important role such service providers can play in providing whistle-blowers with assurance that their identity and information will be treated with the utmost confidentiality – thereby alleviating fears of, especially, victimisation and retaliation from within their organisations.
Over a decade ago, TEI recognised the need to bolster the credibility of external hotlines (or, as we prefer to call them, safe reporting systems), through a standardised approach. Norms and standards – that demonstrate a service providers’ ability to consistently provide quality services – were called for, to give whistle-blowers legitimate reasons to trust the system. After extensive consultation with relevant parties and other industry experts, TEI developed a best practice standard, namely the EO1.1.1 Standard for Independent External Hotline Service Providers.
This standard worked well for over ten years, and served as a powerful accountability mechanism to those clients who undertook the annual rigorous assessment. The time has come, however, for innovation.
An ever-changing world (where it isn’t just words like ‘state capture’ that we are now accustomed to, but where ‘the cloud’, ‘voice-note’ and ‘Amazon Alexa’ are part of our vocabulary) demands ongoing development. Specifically, technological developments that have significantly broadened the scope of what can be considered a ‘reporting channel’, have necessitated the re-development of the EO1.1.1 Standard. As of late 2018, it was replaced with the Safe Reporting Service Provider Standard, or ‘SafeLine’, with two versions: SafeLine-EX is specifically designed for external service providers, and SafeLine-IN for safe reporting lines operated by organisations internally.
The redevelopment focused on global leading practice, with attention also paid to the dynamics of the local context. SafeLine aims to:
- strengthen the external safe reporting industry by establishing a best practice industry standard;
- provide quality assurance to organisations requiring external safe reporting services;
- create conditions in which would-be whistle-blowers can report misconduct with confidence;
- differentiate legitimate from non-legitimate service providers;
- discourage sub-standard service providers from entering the market; and
- certify service providers as a “TEI-Certified External Safe Reporting Service Provider”.
The Standard is based on five guiding norms for service providers which balance whistle-blower interests, client needs and operational requirements. These norms – namely integrity, efficiency, independence, protection and availability – are supported by a number of standards. TEI assesses service providers’ compliance with these norms and standards annually before we issue a certificate of assurance.
By providing employees with a secure, anonymous and trustworthy means to report transgressions of the law and organisational ethical standards, organisations are more likely to receive reports from whistle-blowers who would otherwise have remained silent for fear of victimisation and retaliation.
Remember that statistic: a quarter of employees in corporate South Africa are aware of misconduct – half of them keep quiet. The misconduct, which did not come to light, could have been detrimental to the organisation’s reputation and stakeholder interests. Perhaps the only thing that separates those organisations that are now notorious, from those that are not, is that the former’s misconduct was exposed, and the latter’s remains hidden. Perhaps that is taking too dark a view. Either way, the question is whether an organisation can afford not to use well-managed, effective and safe reporting mechanisms that provide comfort to whistle-blowers that their identity will be protected? Given where we are, and where we want to be as a country, I think not.
PWC Global Economic Crime and Fraud Survey 2018, 6th South African edition, February 2018
Navex Global. 2018 Ethics and Compliance Hotline and Incident Management Benchmark Report
SafeLine-EX and SafeLine-IN – more information here, with links to downloadable PDFs
The South African Business Ethics Survey 2016 – available in PDF
Liezl Groenewald is Senior Manager: Organisational Ethics Development at The Ethics Institute. She holds a Master of Applied Ethics for Professionals from University of Witwatersrand and is completing a PhD in Applied Ethics at Stellenbosch University.