Ian Ross on whistleblowing (Part 2)

09 June 2021
Knowledge Base

Whistleblowers are the primary source of information, leading to successful policing on economic crime. Detecting organisational misbehaviour is challenging, especially when those that witness wrongdoings do not have sufficient knowledge and incentives on how, and whether, to disclose. The webinar series “Whistleblowing Demystified, which was held on Tuesday, May 25th 2021 was aimed at giving confidence and guidance to companies to treat those speaking out with respect and dignity, whilst at the same time protecting the organisation from malicious accusations. There are many pressing ethical and legal questions related to whistleblowing that might affect the effectiveness of disclosure. The webinar was moderated by Elina Karpacheva from the European Compliance Center, and featured Ian Ross as the guest speaker of the morning. This event was also jointly organised by the European Compliance Center and the Risk & Compliance Platform Europe and endorsed by VUZF University in Bulgaria. This is part two.

In part one, Ian Ross focused on explaining the concepts of whistleblowing, witnesses, money laundering, corruption and fraud. He also explained the process of conducting an investigation when someone chooses to disclose, such as examining the evidence and incoming information that a whistleblower provides. In part two, Mr. Ross continued to explore this process in more detail. He additionally also focused on the issue of witness care and what creating healthy whistleblower company policies look like.

Constructing a case based on the evidence provided by a whistleblower

Mr. Ross discussed where to start when examining and assessing incoming information. Firstly, you have to begin with the evidence that was given to you and ask yourself: is there evidence of a crime such as money laundering, data theft, fraud or data leakage going on? The whistleblower, in providing information, may be saying that they know what’s going on, but they may not know who’s behind it, so you have to construct evidence. Moreover, as Mr. Ross explained, by finding out what someone is doing, and seeing if it matches the accusations being made, you are deconstructing the narrative. He claimed that what you are essentially aiming to accomplish here is to explain the rationale behind what got you to your decision.

Then, once you’ve constructed a case and determined the type of crime and who’s behind it, that person now has a case to answer for. This case could then go to any decision-making authority such as a criminal court, the managers or ethical board of a company, etc. However, there are also a number of questions that you need to answer: who is it that is involved? Where are they based? What is the nature of the relationship between the parties involved? What intentions can you understand? And who said what, and what was the resulting response?

Evaluation and delegation of the evidence gathered

Once you’ve sufficiently answered these questions, Mr. Ross stated that you can then move into the disclosure and evaluation part of your investigation. So, knowing all that you know now, you can assess how serious the situation was, and how far the person was involved in it. You can also evaluate whether the person violated company policy or perhaps even crossed the line into committing a crime.

He also talked about five general aspects that you should take into consideration when carrying out an evaluation:

  • Account – this will tell you whether a complaint is malicious
  • Involvement – this will help determine how far the person is involved
  • Closure – an investigation may take longer than expected. It is important that it be thorough and clear.
  • Objectivity test – You cannot bend the rules and do whatever you want to do and treat someone in a certain way.
  • Policy – what your stance on bullying and harassment is as a company.

Then, having completed the evaluation of the evidence, Mr. Ross stated that you now need to decide how to delegate it and to whom. There is the chain of custody factor to determine here on how you would protect the evidence from becoming tainted once you hand it off to a decision-making authority. Additionally, he stated that you would also have to sanitise the information, which means removing any identifying features such as the names of people and companies.

Witness care and having sound whistleblower company policies in place

Mr. Ross then touched upon an often-overlooked aspect of whistleblowing known as witness care. He stated that cases can get often get lost when witnesses are not adequately looked after. Moreover, witnesses may also change their mind during the course of the proceedings, so it’s also important to be aware of this as something that can happen. He also said that witnesses may also detract evidence at any point in the proceedings. Whistleblowers are particularly vulnerable to changing their minds, so how can you deal with this? He said that it’s crucial to find out why someone decided to detract evidence.

Mr. Ross also stated that you could also have a situation where you have more than one whistleblower involved. If so, it’s crucial to find out whether they know each other. You can do so by ensuring to keep up to date and maintaining contact with the whistleblower. He mentioned that it’s unforgivable to simply abandon the whistleblower in your care once you’ve obtained a statement from them.

Another situation that you could be faced with could concern someone that no longer wants to be involved in the proceedings. He pointed out that this is part of the investigation and that you would also need to determine why that is. In short, there are three essential factors to consider: who are you protecting? What are you protecting? And how are you going to protect it?

When it comes to having a whistleblowing policy in place within a company, Mr. Ross claimed that you have to be clear on the policy and how things are going to be done. It’s also crucial to explain how the policy actually works by making it clear to everyone within the company. Furthermore, you also need to apply GDPR and get the compliance managers within the company to explain the nuances of the law or policy. This especially applies in the event where you communicate your constructed case to the courts or authorities. Finally, from a company perspective, he stated that you need to determine how good the management’s ability is to assess the incoming information, how effectively they carry out an investigation, and how good they are at maintaining witness care and security for the whistleblower during the course of an investigation.


Mr. Ross concluded his talk by stating that whistleblowing is about investigations, criminal law and procedure. It has to do with this criminalistic point of view when we are setting our policies – or the business and management side versus the criminal perspective. The bottom line, as he stated, is that we are dealing with criminal issues.

When whistleblowers decide to blow the whistle, they have to report the wrongdoing in a good standard. Whistleblowing has also found its way into a corporate and private setting, and the policies that a company chooses to adopt have to be clearly explained to everyone within the company. But most importantly, the company must make the whistleblower feel welcome by encouraging them to speak out and to look after them during the process of an investigation or proceeding.

Leave a Reply

Your email address will not be published. Required fields are marked *