Not so long ago, I was remotely managing an investigation into corruption allegations in a country pretty far down TI’s Corruption Perceptions Index.* The allegations had come from a whistleblower, and were serious and complex.
The lead investigator had just returned, fresh off the plane and into our update meeting with the rest of the team. We sat down in a comfortable meeting room, thousands of miles away from the dusty, hectic and often frightening city in which the allegations had arisen. The city was one of those places that was sort-of a conflict zone, sort-of a disaster zone, sort-of a global city and sort-of none of these things. Development specialists and humanitarians worked shoulder-to-shoulder, and projects evolved quickly in response to an endlessly changing local environment.
“Yeah, so, I interviewed the snitch,” she began, with a cheeky smirk.
I stopped the meeting.
“The what?” I said.
‘Snitch’, ‘grass’, ‘squealer’ – this was not the first time that I’d heard investigators themselves using pejorative euphemisms for whistleblowers, informants and sources. It is bizarre; often, without such sources, there would be no investigation. So where does this attitude come from?
There is another dimension of anti-corruption work that’s similarly full of euphemisms, and might offer an answer – and that’s the act of bribery itself. As Richard Bistrong memorably said, “the language of bribery has many words – except ‘bribery’.”
A ‘drink’, ‘gravy’, ‘tea-money’, ‘consultation fees’ – such language is often an exercise in re-framing, a way to alleviate discomfort with bribery by using words that carry different (and lighter) connotations. So, is the truth that some investigators are uncomfortable with whistleblowers – that there is a deep aversion, perhaps culturally-rooted, to people who ‘tell on others’?
Fortunately, I don’t think many investigators fit into this category, but there are enough that we need to talk about the tension here. Firstly, the truth is that whistleblowers and their reports are the lifeblood not just of an investigation, but of an entire fraud and corruption control framework. Without these reports, we would not necessarily be able to:
- Gain prior warning of materialising fraud and corruption risks;
- Conduct trend analysis of risk areas (especially where reports did not contain sufficient data for full action);
- Plug whistleblower data back into our risk assessment, honing our deterrence and prevention controls;
- Evaluate the quality of our anti-fraud and corruption culture.
Secondly, whistleblowers face enough challenges already. From stakeholders obsessed with identifying them, to those who try to use the whistleblower’s motivations as a shortcut for judging their credibility (and no – just because a whistleblower is motivated by reward or revenge, it does not mean that their allegations are untrue). Investigators play a critical role in mitigating these risks to them.
Thirdly, and this might come as a surprise to some investigators – whistleblowers don’t just talk to you. So if you fail in your management of them, chances are people will find out – and that impacts upon the chances of anybody else sharing information with you in future. There are more whistleblower horror stories than success stories. After all, if we handle a whistleblower really well, who ever really finds out that there was one?
What kind of investigator are you?
Every so often, I hear investigators at conferences speculating (or riffing online) about what sort of people become whistleblowers. I wonder if a more pertinent question is, what sort of investigator are you? And in particular, how much attention do you give to your eternal, internal battle against cognitive biases, heuristics and errors – a battle critical to maintaining your objective investigative mindset?
Whistleblowers are real people, who for whatever reason, have placed themselves at some risk. I have seen these risks materialise, and it is not pretty. So, how can we ensure that our investigative practice sees whistleblowers as constructively as possible?
Reflect on your own attitudes. What assumptions do you make, and bring to work? Are they valid, or are they biases? How might they affect your work? What could the consequences be?
Treat whistleblowers as an asset. Although an investigator is not necessarily there to be an ‘advocate’ for a whistleblower, they should ensure that the whistleblower’s material is treated objectively and securely, that they are treated fairly, and that the risks to them are properly identified, considered and managed as far as possible.
Embrace hot and cold debriefs. (Or ‘immediate and delayed’ debriefs.) Adopt a cycle of evaluating your own performance and incorporate how you handle whistleblowers into it. Handling a whistleblower includes how you interact with them, treat their information, manage the investigation around them, and manage other stakeholders.
Challenge the litany of euphemisms. Language affects how we think and act. Let’s call whistleblowers by their proper designations – confidential sources, confidential informants, confidential reporters, whatever the term your organisation or local regulatory environment uses. Don’t let investigators call them ‘snitches’.
The way that we allow ourselves to think about those who participate in our investigations can be the enemy within us. We need to manage it as we would manage any other risk.
* Details have been changed. Images do not necessarily represent the locale or persons described.
Find out more about handling whistleblowers, building a meaningful fraud and corruption control framework, and more for humanitarian and development organisations in Fighting Fraud and Corruption in the Humanitarian and Global Development Sector (Routledge, 2016).
It’s out now – treat your office!
Some years ago, I found myself investigating events in a program in a war-torn country. The program had been set up to build the capacity of small local NGOs to implement community development projects. The concept was great, the donor funding had been secured, local partner NGOs had submitted proposals and agreements had been signed, transfers had been made and reports had been received. The only problem was that most of these NGOs didn’t exist.
Ex-pat Nancy used to be a teacher in Canada, and this was her first job in an international NGO. She was young, and idealistic, but it was clear that she did not have the relevant skills and experience. A conflict zone is a dangerous and stressful place, often with high staff-turnover, and the international NGO had compromised on her qualifications to find someone willing to endure the hardship.
When my team drove out to the field to visit the partners and the communities, I went with Malik, a driver, who turned out to be Raj’s brother. The driver tipped off the ‘NGOs’ that we were coming for a visit.
Firstly, ensure a realistic and validated assessment of potential partners takes place. More than one person or function needs to be involved in this assessment, and it should compare project proposals. Involve logistics and procurement teams to verify market rates.
Najwa Whistler is a finance director with 18 years of experience working for several international NGOs around the world. Growing up in a small village in Lebanon in poverty during the civil war built her resilience and determination to work in international development. She enjoys cooking and dancing. You can reach her via naj.whistler@gmail.com
If a humanitarian or global development organisation gets serious about tackling fraud and corruption, then it will detect cases – possibly in significant numbers. As my organisation invested in counter-fraud efforts, for example, we saw recorded suspicions in its global operations 
The job does not finish with the dismissal or conviction of the suspect(s). These incidents have long tails – there is work still to be done to rehabilitate the project or business unit in which the incident took place. An incident represents a severe breach of trust; workers may feel abused and betrayed. The ripples can spread wide.
Hopefully, the organisational response included a lessons-learned exercise, generating changes to implement. This should look beyond the internal controls, also into enabling factors such as culture, communication and awareness.
Now is also a good time to do some contingency planning. Is the incident serious enough that it could result in regulatory interest, onerous remedial controls applied by institutional donors, or put future funding at risk, for example? We can prepare for these.
Team members will respond to the matter differently. While some may be relatively unaffected, others may not. It is important to note that where staff have made a commitment to an organisation on the basis of their values – perhaps more common for charities, nonprofits and NGOs than for private sector organisations – a breach of trust could be more impactive. Perhaps there could even be a grief reaction for some team members.
Look out for, and respond to, the traditional symptoms of stress, low morale and anxiety. These might include absenteeism, disciplinary issues, a rise in complaints, and disillusionment. An incident can impact upon personal and professional confidence, and colleagues may feel fear, shame or embarrassment. Will the incident create a funding crisis, putting their jobs at risk? Will staff have to justify themselves to an angry public? Consider access to staff support systems, and formal interventions such as counselling and facilitated debriefing.
Clear communication. Rebuilding trust requires the open communication of reliable content. Low information creates anxiety, more information helps manage our ‘fight or flight’ crisis response. Concealing the matter from the team is, therefore, more likely to sow suspicion and fear than peace and confidence. Be as open as you can about what has happened, and what will now happen, within the boundaries of policy, employment law and data protection legislation. As you describe the future, avoid over-promising – employees need clear and consistent messaging from management. If you cannot make promises, don’t; recognise uncertainty and explain what is being done to reduce it.
Foster trusting relationships. Ensure that teams meet as regularly as possible, in person or via teleconferencing. Consider holding team-building events, reflective away days and/or ‘how are we doing’ agenda items in meetings. These measures can improve understanding, interaction and trust between team members.
Lead by example. We know that employees look to the behaviour of their managers to determine their own. So be present; you cannot role-model behaviours and attitudes if you cannot be seen by anyone. Be positive and show how you treat what has happened constructively, managing risk, avoiding blame, taking care of your colleagues (and yourself), and using the incident to make the business unit stronger in the future. As one casualty of a fraud or corruption incident is honesty, ensure that you are (and are seen to be) authentic. So, for example, if you feel hurt, vulnerable or confused, consider sharing those feelings with the team. This helps to normalise these emotions.
Reaching project milestones or completing tasks puts clear blue water between the incident and the present, assisting both staff and stakeholders to move on. It also, of course, ensures the progress of the project or business unit. Embed, as rapidly and effectively as possible, any changes to processes to reduce the risk of a recurrence.
Scarce resources make it even more important to steer clear of avoidable mistakes. Recently, the ACFE’s 
This includes failing to have and apply lawful and proportionate performance management and disciplinary policies and procedures, internal suspicion reporting systems, and external reporting mechanisms (for example, to regulators). This exposes programmes to an array of risks, including confused or inconvenienced stakeholders, invalidated insurance, and accusations of bias (with the subsequent legal action). Being shown to have failed to follow your agency’s own protocols can be a rapid way to lose a case involving a former employee.
In some country contexts – especially conflict zones and fragile states – a criminal justice outcome for a case of employee fraud or corruption may be very unlikely for an NGO. While we should usually proceed with the intent to take a case to court, we must recognise that sometimes a disciplinary outcome (such as dismissal) has to be enough.
It is easy to see why implementing partners might want to carefully manage what their donors see and how it is framed. Many donors seem increasingly risk-averse, and have a history of unhelpful, disproportionate reactions.
Second Marshmallow 