The volatility and uncertainty caused by Brexit has created a perfect environment for fraudsters to flourish. As businesses have sought to confront that uncertainty, fraudsters have taken advantage of weaknesses which have arisen through the initiation of new projects, new supplier relationships and businesses adapting their processes. These Brexit related fraud risks have been compounded by the impact of the global pandemic, which has forced companies to overhaul, overnight, their entire way of working.
Whilst many positives have emerged from changes to working habits, BDO’s latest FraudTrack survey has highlighted some of the downsides, principally with regard to a heightened risk of fraud:
- 74% of medium sized businesses in the UK have experienced fraud at least once in the last five years, with 82% of those having fallen victim to fraud during 2020
- 55% of fraud in 2020 was either internally generated or involved a level of collusion between internal and external individuals
An effective whistleblowing framework remains one of the principal means of detecting fraud within an organisation. Despite this, many organisations have fallen behind the curve in ensuring their whistleblowing framework meets not only UK legal requirements, but the broader protection afforded to whistleblowers under the newly introduced EU Directive (DIRECTIVE (EU) 2019/1937).
The current landscape
In the UK, legal protection for whistle-blowers was introduced by the Public Interest Disclosure Act 1998 (“PIDA”) and strengthened by the Enterprise and Regulatory Reform Act 2013 (“ERRA”). The legislation protects genuine whistleblowers from abusive colleagues by imposing both personal liability on employees who victimise their whistleblowing colleagues, and vicarious liability on the employer.
Whereas in the United States whistle-blowers can, in certain circumstances, receive up to 30% of the fines levied by the SEC, no such regime exists in either the UK or the EU, and this is the source of much debate. It remains to be seen whether the UK or the EU will make provision for an SEC style incentive scheme.
In an effort to make the European legislative landscape more homogenous, the EU has announced a plan to guarantee a high level of protection to whistle-blowers across its member states. The measures will require companies with 50 or more employees to create effective and efficient reporting channels, follow up whistle-blowers' reports within three months, and protect whistle-blowers from retaliatory measures such as suspension, demotion or intimidation. There is also a provision in the Directive allowing member states to require organisations with fewer than 50 workers to comply, following a risk assessment based upon the nature of their activities. The new rules came into force in October 2019 and must be transposed into law by 17 December 2021. Organisations with fewer than 249 workers will have until 17 December 2023 to comply.
The EU Directive serves to extend and generalise the scope of previous legislation such as the Fourth Money Laundering Directive (implemented in the UK through Money Laundering Regulations 2017), which applied to various professional and financial entities and mandated the provision of adequate reporting channels for activities deemed to constitute money laundering.
Whilst UK legislation mirrors the EU Directive in certain areas, it falls short in others. For example, the requirement for all organisations to have reporting channels for whistle-blowers and to respond to whistleblowing reports in a timely manner, is missing from the current UK whistleblowing legislation. The effect of this is seen in a survey published by the whistleblowing charity – Protect - in October 2020 - which found that the percentage of whistleblowing reports that were ignored by UK employers rose to 41% during the pandemic (compared to 31% in 2019).
What do you need to do?
It is unlikely the UK will allow itself to fall behind its European counterparts in ensuring whistleblowing reports are investigated in a timely and robust fashion. As such, EU requirements could soon give rise to analogous UK requirements. That, coupled with the heightened risk of fraud from changing political, commercial and social environs has brought to the fore the need for businesses to protect themselves and their employees by investing in an effective whistleblowing framework. Furthermore, some UK businesses with a footprint in the EU may see a benefit in aligning their whistleblowing regimes with those of their European counterparts in order to maintain uniformity and consistency across their group.
If you need advice on establishing an effective whistleblowing programme, including installing a whistleblowing hotline, providing adequate training to employees or performing a review of an existing policy, please contact us.
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for cyber, forensic, legal or accounting advice.
Assistant Manager – Forensic Services
Tel: +44 (0)121 352 6344 (DDI)
Email: [email protected]
Director – Forensic Services
Tel: +44 (0)121 265 7283 (DDI)
Email: [email protected]