Why Your Company Needs a Whistleblowing Policy - Before it’s Too Late
Blog
A whistleblowing policy is not something that most business leaders like to think about. It seems like the preserve of the largest multinationals - the sort of thing that movie thrillers are made of - and worse yet, it presumes that your business actually has secrets that would require a whistleblowing policy to expose. It’s like planning a pre-nup before the wedding: an awkward topic where only the steeliest compliance experts or parents-in-law dare to tread.
Unpalatable as it may be, it’s going to become essential for any “large” company, thanks to the forthcoming implementation of the Economic Crime and Corporate Transparency Act (ECCT). Passed in 2023 and coming into effect over the next two years, one of its many new obligations for businesses is “Failure to Prevent Fraud”. This demands that affected businesses have rigorous processes in place to prevent fraud at all levels of the organisation - and if they’re found to be wanting, by a newly tooled-up Serious Fraud Office (SFO), then they’re liable for an unlimited fine.
The legislation applies to any “large” business, which as a rule of thumb applies to any business large enough to require an audit, and holds them responsible for fraud carried out by an “associated person” which benefits the business in some way. The definition of “associated person” is much broader than previous fraud legislation - it applies to people across the business, including agents and subsidiaries - and the type of fraud you can be fined for is extensive too.
The overall principle is to make it incumbent on businesses to actively prevent fraudulent behaviour - it won’t be possible to claim ignorance, and the only defence currently outlined is to have either a clearly documented anti-fraud policy, or a gold-plated excuse for why you didn’t need one. Enforcement and investigation is also going to be much quicker off the mark: the SFO has new powers to demand a wide range of information, including banking records, based only on suspicion of criminal activity rather than needing to start an investigation first. Any dodgy behaviour, even if it’s happening far from the eyes of the management team, can land the business in hot water.
Enter the whistleblowing policy, which is likely to be a key element in compliance with the Act. The first step is of course to ensure you have clear, well-communicated internal policies to prevent fraud - but the next is to take every possible step to drive compliance. A robust whistleblowing policy means you empower employees to raise potential issues as they find them, meaning you stand a better chance of finding any issues before the SFO comes knocking - and even if it does, a whistleblowing policy is likely to count in your favour as “reasonable fraud prevention procedures”.
By positioning all employees to be watchful for potential transgressions, you have eyes across all parts of the business. Paired with a platform like Workiro, which enables business owners to take control of internal data and documents and stay completely informed on processes across the organisation, you’ll be in much better shape to meet the requirements of ECCT ahead of the Government releasing more details on the legislation.
To find out more how the legislation works and the foundations of a successful whistleblowing policy, register for our upcoming webinar “Trading in the UK? You need to comply with the ECCT Act”, hosted by Workiro’s CISO Luke Keily. Luke’s career included twelve years investigating cybercrime for law enforcement before moving into corporate security, and he’s passionate about effective staff policies that drive compliance.
He’s joined by finance and accountancy expert Robbie Hadfield, currently Director of Solutions Engineering at Payhawk. Robbie has a similar depth of experience in scoping and delivering legal compliance across a range of businesses, and both Workiro and Payhawk offer powerful tools for managing files, finances, and users in a way that supports effective business operations.
