It’s all about reporting.
Aren’t we ready, as ethics and compliance professionals, to stipulate to that sentence? Is there another single objective of ours that is as encompassing and yields the same benefit? Research conducted by LRN and Todd Rowen back in 2012 proved that levels of reporting were the single greatest predictor of a company’s level of compliance, and this has been reinforced anecdotally and by research ever since. Despite this, we see that a common root cause of major compliance and ethics failures is a reporting breakdown. In looking into these cases, we end up exploring why employees hesitated to report wrongdoing.
In the English language, whistleblowers are known by other names: muckrakers, snitches, rats, tattletales, moles, or leakers. Management and even coworkers can use mobbing, gaslighting, devaluing, marginalizing, shunning, blackballing, double-binding, accusing, and emotional harassment against a whistleblower in order to protect themselves or the organization from accountability or liability arising from wrongdoing. This kind of institutional violence may result in workplace traumatic stress or moral injury, causing posttraumatic stress disorder, depression, substance abuse, and suicide. The impact of this toxic culture can extend far beyond the whistleblowing employee, however. An unhealthy workplace is often associated with absenteeism and lost productivity, sabotage and theft, violence, and even death related to stress due to abusive workplace conditions, retaliation, or workplace violence.
So it comes as no surprise that the U.S. Department of Justice emphasizes the important role of reporting in its newest guidance for compliance programs, which states that a confidential reporting structure and investigative process must include “proactive measures to create a workplace atmosphere without fear of retaliation, appropriate processes for the submission of complaints, and processes to protect whistleblowers.”
For this article, we’d like to explore a few examples of effective speak-up cultures with which we are most familiar. Our goal is not to catalog every successful approach; rather, we want to draw some lessons from the efforts we have personally seen work.
Old approaches versus new
If it’s all about reporting, why has compliance and ethics training so often been so abysmal at encouraging reporting, discouraging retaliation, and inspiring a speak-up culture? Why is it that even though 82% of US companies have mandatory anti-harassment training, almost half of American workers say they fear retaliation?
One reason is surely that training about reporting is often relegated to an anti-retaliation message tacked at the end of an off-the-shelf, one-size-fits-all, mandatory e-learning course—often too long, too legalistic, and too boring. Or reporting may be given only a quick mention in broader code of conduct training, the focus of which is often on the risks of retaliation (usually the risks of retaliation to the company) rather than on the benefits of speaking up to the company and the individual. The implicit message in this standard training may be that hotlines are the best avenues for reporting, rather than being one of many options. And too frequently, the underlying tone of the course is flat or negative, as if the learner would eagerly break every rule in the employee handbook if it weren’t for this course! But this impersonal, finger-wagging approach that fails to connect to the perspective of the learner comes through as mere box-checking, without sincere commitment. It is the antithesis of engagement.
Even as this check-the-box approach persists, alternative practices and courses in compliance and ethics training and communications have been much more successful in moving the needle on reporting.
OSI Systems underscores accountability
OSI Systems’ business expanded quickly, but its compliance program remained largely informal. In 2013, the company struggled with aspects of its contractual relationship with a strategic US government customer that resulted in OSI’s temporary suspension from government contracting. The company quickly resolved the suspension by entering into an administrative agreement and agreeing to mature its ethics and compliance program. The company attributes part of its challenges with this important customer to the nascency of its speak-up culture at the time.
OSI’s Vice President of Compliance Chris Cook took the lead in implementing the Speak Up campaign to raise awareness of the importance of reporting and change corporate culture. One of OSI’s core values is accountability, meaning that each employee is accountable for their actions and the positive and negative results. This core value was the springboard for Cook’s first task: changing reporting from an option to a requirement. “We communicated to employees that reporting was their duty; it wasn’t just an option for them,” Cook stated.
Cook knew that changing the corporate culture would entail more than just a few announcements; it would require a global campaign with marketing-like promotion. “We created the Speak Up campaign and communicated it to employees in various ways. We added language to our Code of Business Ethics, placed posters around our facilities, and we supported the CEO’s initiative to improve the speak-up culture during town hall meetings.”
Cook also emphasized that buy-in from middle management was a key to success. The tone at the top is not meaningful if that tone never reaches line employees, but with pressures from below and above, it is a challenge to convince middle management to hear about problems. To address that concern, Cook established a process called the “Three Rs of Reporting”:
Reporting: Identify an issue and raise it with management.
Recommend: Train employees to recommend a solution to the issue, if possible. This reinforced OSI’s open-door policy by engaging employees in dialogue about finding solutions to issues instead of just making a report.
Resource: Identify how a problem needs to be corrected or resolved.
And since fear of retaliation is a major reason that employees hesitate to report issues and misconduct, Cook knew it was critical to also establish a sense of safety for employees who were now required to make such reports. Cook ensured widespread publication and reinforcement of OSI’s nonretaliation policy. Despite this, Cook observed varying results across the globe from OSI’s Speak Up campaign. He noticed reports skyrocketed from corporate facilities in Central America, while Europe, the Middle East, and Africa remained quiet. Armed with this information, benchmarking, and knowledge of cultural and regional sensitivities, Cook was able to make adjustments to training and employee communications to bring reporting rates and topics more in line with OSI’s established metrics and industry benchmarks.
The Department of Defense relies on middle management
Every year, the U.S. Department of Defense (DoD) is required to submit to Congress its Annual Report on Sexual Assault in the Military. The DoD has been battling the underreporting of sexual assault in the military for decades now; however, reports of sexual assault have dramatically increased since the #MeToo movement. Even so, the DoD continues to feel that the reporting rates still do not accurately reflect the rates of sexual assault. These reports provide valuable insights for the corporate sector on what moves the needle when it comes to internal reporting of misconduct and what does not.
Not surprisingly, tone at the top seems to be as important in the military as it is in the commercial sector. According to the 2019 report, “Service members view their unit commanders as the primary drivers behind encouraging reporting….Participants concluded that when commanders do not emphasize the importance of the sexual assault program, the unit’s collective emphasis falters.” And like OSI, DoD has observed that middle management is critical to advancing cultural changes. In response, DoD has established Junior Leader Working Groups to advance a culture of respect and influence the youngest servicemembers. DoD has also continued to promote its Safe Helpline and revised its expedited transfer options for victims of sexual assault.
Despite the steady increase in DoD reports of sexual assault and misconduct, first responders “described barriers that pose a challenge to reporting.” One of those barriers is confidentiality. This is not unique to the military, as cultures have struggled with the negative characterization of reporting as snitching or tattling. DoD has continued to make progress in addressing confidentiality concerns of victims who report sexual assault and in making the reporters feel safe from retaliation.
Thus, both OSI and DoD owe their improvements to a multichannel, coordinated approach to their training and communications on speaking up.
Role-playing can reveal missed information
Every journey begins with a single step, and sometimes even individual initiatives can make a big difference. Case in point: Our experience in ending a daylong in-person training program for government middle managers with a role-playing exercise that illustrated the challenges of reacting to receiving bad news with encouragement rather than with retaliation.
The 90-minute exercise involved splitting the cohort into four groups, each assigned to play a different character in the hierarchy of a fictional procurement operation. We gave each group a sheet briefly describing the scenario from their own perspective, and participants only heard the conversations in which their own character was a party. Just as in real life, the players were constrained by their own knowledge and biases. At the beginning of the scenario, the lowly clerk skips ahead in the chain of command to make a negative report about his boss to the procurement chief. (The role-play gave participants the firsthand experience of trying to make a rational, complete report to an unprepared party.) The cohort then engaged in the two inevitable follow-up conversations, as the procurement chief talked first to their subordinate (the clerk’s boss) and then to their superior (the chief financial officer).
Over time, we ran hundreds of managers through the exercise, and every time, the participants had the same reactions. We saw managers, who knew their prime directive was to avoid retaliation, nonetheless engage in retaliatory conduct even with the best intentions in mind. For example, they’d insist that the whistleblower have a direct conversation with their boss or they would remove the whistleblower from the team’s activities. Additionally, in the heat of the moment, participants generally missed important details, such as evidence of discrimination and other serious compliance breaches.
The most universal and rewarding reaction occurred during our post-exercise debriefing with the cohorts. Every session, managers would tell us, “I thought I understood what reporting and retaliation was all about, but now I see how much I was missing.” The proverbial blinders were lifted from their eyes. We saw proof of the deep engagement that experiential and collaborative learning can bring, and organizations received their managers ready to be internal speak-up advocates.
‘Gratitude’ as a central concept
In our own work, we have also witnessed the resonance of a central concept: that managers should receive a negative report with gratitude.
Rationally, a manager should usually be grateful to receive bad news because that report is exactly what they have been (or should have been) asking for. Given the central role of middle management in the reporting ecosystem, that report means the process is working. But feeling gratitude in that pivotal moment is a counterintuitive reaction. There is a feeling of dread for managers when they look up from their desk to see a teammate at their office door, asking, “Do you have a minute?” and then softly closing the door behind them. As trainers and compliance leaders, we have to realize that at that moment, every fiber of that manager’s being will be on the defensive, anticipating the disruption that the whistleblower’s report will bring to teams and plans.
The way around this natural reaction is to offer specific, recurring training on how to receive reports, just as pilots train for emergency situations in the air. This training conditions managers to become more comfortable and fluent in the complex nuances of receiving reports without inadvertently retaliating against or discouraging a skittish whistleblower. It lets managers hone their skills but also makes the stressful situation feel less alien and scary.
Part of that training should be an explicit conversation about gratitude, in two respects. First, the manager needs to act grateful when receiving bad news—or they’ll never receive another report again. (“Jane, thank you for bringing this to my attention. You did the right thing.”) But second, managers should understand that they should feel grateful for that report. They now have the opportunity to address a potential compliance breach or ethical issue before it escalates or, worse, becomes public.
With this training—using both in-person and virtual platforms—we’ve had success with diverse audiences, such as K-12 educators and corporate directors, talking about receiving reports as a leadership skill rather than simply an uncomfortable task. It’s a simple-yet-effective training that ultimately becomes a motivational pep talk. Our message is essentially, “You wanted to be a manager because you wanted to be the one to make the decisions and solve the problems. This whistleblower has just handed you an opportunity to solve a problem before it blows up. They have given you a chance to lead.”