An emerging theme of the recent financial services and insurance discussion about culture, conduct and compliance is the lack of effective whistleblower protection.
In a recent speech ASIC Commissioner Cathie Armour argued that an important element in creating a positive culture is monitoring. She said:
“Compliance requires a focus on monitoring and outcomes. Having a code of conduct, compliance program, and policies and procedures in place are critical. However, it is equally important for these arrangements to be monitored and enforced on an ongoing basis.
For example, if a bank puts a whistleblowing policy and program in place, but in practice complaints by whistleblowers are ignored or rejected, then the whistleblowing policy and program are really only worth the paper they’re written on.
Businesses must continually monitor and assess the impact of culture on conduct and compliance and make changes as necessary.”
One of the arguments for whistleblower protection is that we don’t know whether an organisation is compliant unless employees can disclose significant breaches of the law which are being covered up.
If disclosure of breaches to the marketplace is not promoted by an organisation then, the argument goes, how do we know if its compliance systems work? Are complaint and breach registers good evidence of compliance?
How do we know if unlawful acts are happening? Or that they have been prevented?
The starting point is education of employees about compliance, ethics and integrity.
Stories about how employees dealt with compliance challenges in the right way should be publicised.
And employees should have access to a hotline to report problems anonymously (provided they are not acting illegally).
ASIC’s approach to whistleblowers is discussed here.