Officiallythick

The Importance of the Whistleblower Mechanism

Posted on 09 Jun 2011 by admin | Filled under: regulatory-compliance

Corporate governance in China is improving. One of the drivers behind this is a new government regulation called the Basic Standard for Enterprise Internal Control (aka China SOX or C-SOX). China SOX is primarily a risk management regulation that aims to improve internal control and prevent corporate fraud. One of the less-discussed areas of the C-SOX regulation is the requirement that companies in China must set up whistleblower mechanisms for fraud alert.

This is quite a new concept in corporate China (which has been rocked by corporate scandals too numerous to count), so I will outline some key requirements and considerations for getting it right. The purpose of a whistleblower mechanism to alert the company to risks, fraud or corruption and it is an important part of a enterprise risk management framework. Employees can report misdeeds, suspicious activities or fraud to management.

A fraud reporting mechanism to protect whistleblowers must have the following attributes to be effective:

-Anonymous reporting. For employees to feel safe in bringing suspicious, illegal, corrupt or overly-risky information to company management, they must be able to do so anonymously. The process will not be effective if employees have to identify themselves to make a report.

-Multiple avenues of reporting. Employees should be able to “blow the whistle” by telephone, email or web form. Companies should outsource the telephone service to a third-party provider so has a detailed script to cover with anyone who calls the fraud hotline. Email should also go to an external mailbox and be encrypted to remove information about the sender. Finally, a online web form should allow for anonymous reporting (these are usually linked from a company’s intranet or are on a private website).

-No recourse. Even if the whistleblower is identified (publicly or privately) the company should have a strong policy of no recourse or repercussions against the individual. This helps to create a culture of openness and transparency (which are the main drivers of China SOX). If employees feel that their career or personal safety may be compromised by bringing information to management, they will not do so and the company (and its stakeholders) will suffer as a result.

-Action taken. Importantly, companies adopting China SOX must take action for all reports of misdeeds or corruption that come in. This includes a thorough investigation, dealing with the problem, and making sure controls are in place to prevent any future issues.

This requirement in China SOX mirrors similar whistleblower protection laws in the United States and other countries. These are now widely implemented in most organizations and have been effective in both deterring and dealing with corporate misconduct.
In conclusion, I would like to point out that reasonable suspicion of misconduct is a good reason for someone to “blow the whistle.” However, abuse of the fraud reporting mechanism (i.e. personal vendettas or reporting without and evidence) should be treated strictly and strongly discouraged. Companies that are trying to be compliant with the Basic Standard for Enterprise Internal Control should therefore conduct broad training and education campaigns to support enterprise risk management, fraud awareness and the intended uses of the whistleblower mechanism