Whistleblowing – a real danger?

Beyond the „Hall of Fame”: Whistleblowing in Small and Medium-sized Enterprises

While „star whistleblowers“ like Edward Snowden or Chelsea Manning have caused a worldwide sensation with their revelations about the NSA and the US Army respectively, there are a number of cases that have only gained limited public attention. The institutions mentioned at the beginning paint a picture of the extent of the whistleblowing phenomenon, but a distorted one. Apart from Wuhan Hospital, these are large organisations, all with at least 20,000 employees.

However, the idea that the risk of whistleblowing is limited to such giants is a fallacy. Cases also occur beyond this whistleblowing „hall of fame“, namely in medium-sized companies and to a corresponding extent. According to a survey, almost 28 percent of German companies with 20 to 249 employees experienced at least one instance of illegal or unethical behaviour in 2019, meaning some experienced it more than once.

What is Whistleblowing? A Working Definition

There is disagreement within the scientific community about the definition and demarcation of whistleblowing from other forms of information disclosure. The term was first used in 1963 when US classified documents were passed to the Committee on Internal Security in the context of the Vietnam War. The term, literally translated as "blowing a whistle", is symbolic of highlighting wrongdoing. The widespread definition is based on the following three criteria:

• A whistleblower is therefore, firstly, a member of the organisation in question,
• Secondly, he possesses incriminating information about illegal or unethical activities.
• And thirdly, he discloses these to individuals in order to rectify the malpractice.

Have you noticed anything? Possibly the first criterion. As practice shows that whistleblowing is also carried out by individuals outside the organisation, this has been extended accordingly in academic discourse, so that customers and suppliers can also be whistleblowers (Maume Haffke*). Furthermore, a distinction is made between passing on information to external versus internal in which the former is often regarded as the only true form of whistleblowing, with the argument that the process when disclosed internally is fundamentally incomparable (Farrell and Petersen in Near, Miceli²).

Are there indicators for whistleblowing?

No. That is precisely what makes the phenomenon so elusive. And this is not least reflected in the breadth of incidents. Attempts to narrow it down to specific company sizes, economic sectors or company divisions fail. Although it is primarily large companies and corporations where whistleblowing cases develop the dynamic and societal relevance to break through into the public.

As highlighted, however, misconduct also occurs in German SMEs. If the threshold were raised to 500 employees, the number of affected companies would likely grow. After all, in 2018, a good 40 percent of companies above this threshold experienced one or more instances of misconduct.

The situation is similar with regard to the division into sectors. Although European and German case law has identified particularly vulnerable areas and, in places, introduced obligations to implement reporting systems, such as for financial services companies. However, it is obvious that offences such as sexual harassment or bullying are not confined to any particular sector.

For grievances can occur in all sorts of forms. From health and environmental hazards, to corruption, to data manipulation or money laundering: everything has Can happen and everything happens, as experience shows. Business areas like finance and accounting may be primarily associated with such risks, but they are at most as vulnerable as other areas. Therefore: Malfunctions cannot be ruled out or concentrated anywhere.

For further information on how to handle whistleblowers in an emergency, please also read our article „Powerless against whistleblowers?“.

Grievances can lead to scandals.

The scandals surrounding Cambridge Analytica, the NSA and co. have shown one thing without a doubt: the explosive power of whistleblowing is immense. For some, like Cambridge Analytica, to Significant. Within two months of the dubious business practices coming to light, the company filed for insolvency in May 2018. Whether unsubstantiated or not, the exposure of misconduct quickly throws companies off their usual orbit. The various stages of escalation can be illustrated along the following cascade.

How is damage caused to the company?

All cases that fall between the mid and worst-case scenarios pose a risk to the company. But how can this risk be translated into the business context of SMEs? The following differentiation is helpful in answering this question:

Financial damages

Firstly, whistleblowing cases cause quantifiable financial damage. Losses are incurred on both the cost and revenue sides.

Every whistleblowing case incurs unplanned costs. In almost all cases, fines are imposed, to be borne by the whistleblower, the company, or both, depending on the judgment. The scale of such payments varies. A record was reached in 2009 by the Pharmaceutical company Pfizer, which ended up costing him dearly due to the illegal marketing of the painkiller Bextra. The company paid a fine of 2.3 billion US dollars. However, small and medium-sized companies in this country are not immune to fines either. While these are on a different scale, their financial cushion is weaker. Pfizer achieved revenues of over 50 billion US dollars in the year of the fine – meaning the fine payment was less than five percent of the annual revenue. For comparison: in 2009, the company generated almost five times as much from the bestseller active ingredient Lipitor (11.4 billion US dollars)³.

SMEs, on the other hand, generally do not have diversified portfolios that can easily cushion scandals in one segment. Here, the penalty can quickly become an existential threat. Practice shows that whistleblowing cases can also lead to considerable penalties in the mid-market. Within the area uncovered by whistleblowing The Bottrop Pharmacist Scandal A damage sum of 17 million euros arose, to be borne by the now convicted pharmacist. He is also to bear the full amount of legal costs. In general, just over 30 percent of German SMEs reported suffering damages of more than 10,000 euros due to irregularities in 2019, and ten percent even over 100,000 euros.

The damages to the company are multifaceted and often not precisely foreseeable from the first day. Financial damages form the basis for an initial assessment. Beyond this, however, damages on the revenue side are also significant, and the losses from customer or sales channel attrition must also be factored in. Therefore, to assess the full extent of the damage, a holistic view of the damage along the company's entire value chain is required.

Non-financial damages

In contrast, there are damages that cannot be quantified. Firstly, these are damages to the company's external perception. Loss of image is particularly painful for SMEs with reputations built over generations. Restructuring or realigning to new business areas can be so financially resource-intensive that they are unaffordable for SMEs. Businesses with small product lines and customer bases, in particular, are limited in their ability to compensate for image damage.

A company like Pfizer, on the other hand, can relatively quickly regain its clean slate by divesting the affected segment. An example, based on the recent whistleblower video from the TönniesCanteen If such material were to come to light from a significantly smaller company in non-Corona times, it would likely have difficulty escaping the line of public outrage.

On the other hand, whistleblowers can damage the internal company climate, for example, if cases of bribery come to light within a department. In contrast to external perception, minor missteps in internal communication are enough here to spread the issue among the workforce. Given the typical company climate, which relies on trust and short communication channels, this can be particularly painful and a stress test for employee integrity. Restructuring, changes in position or location, which could help to ease the climate, are significantly more difficult to implement in SMEs with monocentric structures than in matrix-structured corporations with numerous locations.

The great danger here lies in underestimating these damages, which are not or are only difficult to quantify. Mostly these are not one-off effects, but rather deeper factors that affect the company's image, brand value, or the SME's employer branding profile. This is why German companies most often cite strengthening their image as an integrated, ethical company as the reason for introducing reporting systems.

The challenge for management teams

So where should SMEs start if they want to limit such damage? To put it simply, the following three factors can be expressed in an equation:

Total Damage = Number of Cases x Severity of Offence x Channeling of Procedure

Prevention

The first two factors aim at prevention. Recall the escalation levels mentioned. The best-case scenario (successful prevention of offences) is not only unlikely but also barely controllable. There is no direct lever for management here. Management of corporate culture and compliance can only counteract misconduct, not nip it in the bud. The NSA could have invested heavily in an improved corporate culture. However, this does not make past unfair business practices disappear from reality.

Channelling

The third factor is a lever that you can actively manage. It decides whether a grievance becomes a scandal or not. If a reporting system exists in your SME, this is legally speaking the first point of contact for your employee and becomes the Your company's shield. SMEs benefit from trust-based employment relationships. Unlike in large corporations, where emotional attachment to the company, values, management, and colleagues tends to be lower, reporting systems in SMEs are potentially a valued vehicle for employees to adequately highlight a grievance.

From „nice to have“ to „need to have“

The most frequently cited reason German companies give for not implementing a reporting system is quite simply the lack of a legal obligation. With the EU Whistleblowing Directive to protect whistleblowers, changes are being made for companies with more than 50 employees. The motto, however, should be: „Better safe than sorry“. The sooner you use the leverage of channelling, the more effectively you can minimise the risk of damage. The effort of introducing a reporting system is relatively low when one compares the aforementioned costs with the non-financial damage of revealed misconduct.

According to the survey, German SMEs currently primarily use cost-effective methods: email, personal conversations, and telephone. Whistleblower systems, on the other hand, are only used by 21 percent of the companies surveyed. While emails, personal conversations, or phone calls run the risk of being dismissed in passing or getting lost in day-to-day operations, „always on“ reporting systems can be specifically integrated into a process. This signals to SMEs that they promote integrity within the company and are receptive to tips about problems. In our article „Which whistleblowing system is right for you?“, Receive an overview of the current options on the market.

Conclusion

Whistleblowing is a real danger to any company. Malpractices, even with the best preventive measures, are difficult to avoid. If there are no internal reporting mechanisms and information leaves the internal company environment, the damage is done. From this point onwards, the company is exposed to the public and can, at best, mitigate the damage. Significant financial losses can push SMEs to the brink of existence. The addition of reputational damage and a strained working atmosphere means the damage can neither be quantified nor contained in the short term. Reporting systems can help to minimise these risks. While no whistleblower system can offer one hundred percent certainty, it is certainly a step towards increased integrity.

Download our latest Guidance on implementing the Whistleblower Protection Act in your company„ down. Or Contact Arrange a personal consultation with one of our experts.

(The masculine form used refers to all people, regardless of gender.)