For the past year, companies based in the EU have been grappling with the bloc’s Whistleblowing Directive, meaning any company with more than 50 employees must ensure that whistleblowers who want to report breaches of EU law are afforded legal protection. Across the Atlantic, the US Congress is passing new laws to make it easier for federal employees to report misconduct too. Tal Abdulrazaq talks to Mark Worth, executive director at Whistleblowing International, to understand the increasing whistleblowing burden on business, the dangers whistleblowers face when reporting wrongdoing – and whether supporting a robust truth-telling regime might actually help companies’ bottom lines.


It was a hopeful America that, in 2008, listened to then President-elect Barack Obama promise to be the change he wanted to see. “Often the best source of information about waste, fraud and abuse in government is an existing government employee committed to public integrity and willing to speak out,” he proclaimed. “Such acts of courage and patriotism […] should be encouraged rather than stifled.” These were the words of someone who seemingly wanted to embolden whistleblowers for the public good.

Mark Worth, executive director at Whistleblowing International.

By 2013, however, Obama’s commitment to such statements was put to the test – thanks to hacker Edward Snowden’s now infamous leaks of classified information from the NSA. Not only did Obama fail to live up to his promise of protecting whistleblowers – he actually became renowned for going after them, forcing Snowden into exile, and inspiring an environment of fear for citizens who felt they would not be protected from reporting governmental wrongdoing. Nevertheless, it would appear that democratic governments the world over are once again paying close attention to the importance of having a healthy regard for the truth. For instance, the US Congress has recently been pressing ahead with trying to enhance protections for federal employees, with the House passing the Whistleblower Protection Improvement Act 2021, a bill that is currently before the Senate. In a similar vein, the EU passed its Whistleblowing Directive in 2019, obligating members to adopt it into their own domestic laws by late 2021, and with protections that cover whistleblowers in both the public and private sectors.

Turn a blind eye?

The Whistleblowing Directive did not just emerge out of nowhere. Rather, the European Commission had organised a number of studies over the years, including one in 2017 that later formed part of the evidential package to justify the need to pass the directive. That study – titled ‘Estimating the Economic Benefits of Whistleblower Protection in Public Procurement’ – put forward an economic argument to demonstrate the advantages of legislating such protections.

According to the study’s findings, an EU-wide directive protecting whistleblowers, incentivising them to come forward to tackle corruption in the supply chain, would generate a mean benefit to cost ratio of 33:1. This means that for every euro invested in providing channels for whistleblowers to tip off the authorities on fraud, €33 would be recovered or otherwise saved. In other words, and putting the moral arguments to one side for the moment, the sheer economic benefit of a truthtelling regime is undeniable.

But just how enthusiastic have EU member states been in implementing these enhanced protections? And how far have companies gone along with ensuring they are compliant with national and supranational directives? According to Mark Worth, executive director of Whistleblowing International, the response has been lukewarm at best.

“The deadline was December 2021 and, since then, only between ten to 12 countries have passed new laws,” Worth says. “That means more than half haven’t implemented them yet.” Despite having more than two years notice, in short, many member states have seemingly adopted a care-free approach to implementing the EU’s directives, with Worth remarking that this demonstrates how implementation “isn’t a huge priority”. As he puts it: “Those who have implemented the directive aren’t even being very creative, and most of these laws haven’t even taken effect yet.”

Internal whistleblowing is too risky, says the executive director of Whistleblowers International.

He’s not wrong – indeed his point is even true of some of the most influential EU states. Despite being the bloc’s second largest economy, as well as holding permanent membership of the United Nations Security Council, France was conspicuously late in implementing the directive, only passing Law 2022-401 in March this year – more than three months late.

A double-edged sword

Ask Worth, and this lax attitude isn’t hard to understand. “Overall, the directive is a good thing,” he explains. “It’s a tool for democracy, accountability and getting things reported to the authorities. If I were a big company, I’d definitely be afraid.” From a corporate perspective, however, the research indicates that there is a strong business case for ensuring a board has plenty of canaries in their particular mineshaft – and not only when it comes to supply chains. According to surveys conducted by the Association of Certified Fraud Examiners (ACFE) in 2018, companies that had implemented some kind of misconduct reporting mechanism, particularly hotlines, enjoyed a median fraud loss that was 50% smaller than companies that relied on purely passive means.

The same ACFE surveys also showed that frauds reported by tip offs tended to be discovered much earlier, with a median of 18 months to detection versus 24 months for companies that preferred to leave fraud detection to fate alone. This also came with the added benefit of being the most successful way to discover financial statement fraud – often the most costly variety of corporate swindling – with 39% of all such fraud being discovered due to whistleblowing as opposed to management review (15%) and internal audit (14%).

While the figures above provide an indication of the financial benefit to companies that actively choose to assist whistleblowers in raising concerns, Worth suggests that, in cases of corruption involving more senior officers of companies, there is also a dark side to hotlines that could end up burning those seeking to do good. “If a company hires an external hotline service, that hotline works for the parent company,” he warns. “But what’s the arrangement between these companies? We don’t know. They can be surveillance tools for CEOs and other senior officers in a company engaged in wrongdoing to keep tabs on their employees so they know who to target.”

Watch your back

This certainly has historical precedent. As long ago as 1984, John Gravitt reported that his superiors at General Electric were billing the government for work done on the B-1 bomber, when the time was actually spent on other GE projects. Gravitt was fired shortly after making his complaint – and was subsequently forced to spend years in court protecting himself.

So how should responsible companies go about providing a means for employees to blow the whistle if they suspect fraud? According to Worth, and particularly in the European context, hotlines should be just one of many disclosure channels. If that becomes risky, other avenues ought to be considered. As Worth says, purely internal options can’t hope to be sufficient, adding that regulators, law enforcement and even newspapers are all worth considering in a pinch. While Worth believes that the Whistleblowing Directive is certainly a step in the right direction, he equally warns that there is always an inherent risk in blowing the whistle.

“I don’t encourage anyone to report internally, it’s too risky,” he says. “People you’ve trusted for 20–30 years will run away from you at best, and at worst they’ll crush you. Organisations are simply no good at investigating themselves. Period.” For Worth, there is also a clear distinction between the act of exposing the truth and being identified as one who exposes the truth, as the latter can come at significant personal and professional cost. Circling back to figures like Snowden who have become synonymous with the term ‘whistleblower’ – and have paid the price by being forced to seek refuge abroad in countries such as Russia, no less – Worth concludes with a sombre piece of advice: “Blow the whistle, but don’t become a whistleblower. Don’t get involved in the whistleblower mythology. Make the report, then go back to work.”

In a world where whistleblowers are, despite the best legislative efforts of some, still being persecuted and even harmed, that is the best advice anyone could hope to receive – serve the public good, but don’t forget to serve your own interests while you’re at it.