Retaliation – The Reality From passive policy to a data-driven active anti-retaliation program

1. Retaliation – The Reality

The realities of retaliation were first brought home to me by a shocking case that I investigated, in which a senior manager in Singapore had retaliated against a member of their team – a manager based in London – following a whistleblower complaint about bullying.

As a consequence of the retaliation, the manager had a major heart attack – a serious enough consequence of itself, but it did not stop there. The manager’s 13-year-old son, fearful that he would have to change schools if his father couldn’t work, tried to commit suicide.

2. Retaliation, its consequences and legislative developments

The case above is, sadly, just one example of what can prove to be dire consequences of retaliation for whistleblowers, and their families

An array of analyses and reports continue to show that fear of retaliation is the most dominant reason (along with the belief that nothing will be done about the call) why people do not make whistleblower reports. Despite that, it can be easy to assume that retaliation is an employee issue that, should it occur, can be dealt with on a case-by-case basis. However, when people are too afraid to report anything through fear of retaliation then the organisation loses a crucial source of information – remember that research shows whistleblowers identify three times as much fraud as internal audit – and issues continue to fester and increase, people leave, regulators and the media perhaps become involved, and the wider reputation of the organisation suffers.

Because of the risks, retaliation is increasingly featuring in legislation and related guidance – around the world – including the EU Whistleblower Protection Directive and the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (ECCP).

3. Types of retaliation

Retaliation can take many forms; it can take place at organisational, manager and colleague level, and involve both hard and so-called soft retaliation – ranging from discipline, dismissal, harassment, denial of promotion and the loss of a career right through to the soft continuous drip-drip of being excluded, not being invited to meetings or social gatherings and incidents of petty spite, such as locker locks being glued and personal belongings being damaged or stolen. Regardless of type, retaliation consumes the reporter and eventually wears them down. It is arguably a version of gaslighting which is a form of abusive manipulation that makes the reporter (the target) question their judgements, memory, perceptions and reality.

Moreover, retaliation can take the form of a single once-and-done incident, or it can be a series of ongoing incidents, which perhaps involve a variety of forms and perpetrators. Regardless of whether the retaliation involves one or multiple incidents, the result is that the whistleblower becomes unsettled and unnerved as they await the next retaliatory action. It certainly impacts the individual and means that other people will inevitably think twice about whistleblowing.

4. Passive anti-retaliation

In common with most organisations, our first and almost only line of defence against retaliation was our policy. I have seen such policies ranging from 16 lines to 16 pages and whilst they are essential, by their very nature they are passive; often rarely referred to and, of themselves, likely to have little practical impact day-to-day in deterring and preventing retaliation – often linked to a misplaced perception that retaliation ‘wouldn’t really happen here …’

Certainly, like most organisations we investigated complaints of retaliation – when we received any – but the very nature of retaliation means that whistleblowers think twice about reporting it. We just had to do more, and – in a moment of inspiration  – I realised that there were opportunities that we had just never previously explored.

5. Data-driven active anti-retaliation

In order to deter and prevent retaliation – and all its pervasive consequences – companies should follow the push by enforcers to use data and analytics, and apply these tools to identify and drive compliance and management action. However, many companies and their compliance teams do not really believe that there is data available to drive an active anti-retaliation program. As we will see in what follows, that is simply not the case but it requires a perhaps unconventional approach; it is just one example of the tools, techniques and approaches featured in my book, ‘The Unconventional Compliance Officer’.

I became concerned that, in common with most others, the company’s anti-retaliation ‘toolkit’ was both limited and reactive, and essentially relied on training and communications, and investigation and discipline post-event, if indeed it was reported. I decided to try to take an unconventional look at any whistleblower data that there was, and what could be derived; who the whistleblowers were – where that information was available – and then to try to identify data that could potentially indicate retaliation against those individuals. This data for me, as a starting point, included their subsequent annual performance review markings, pay raises, bonuses, disciplinary actions, career progression against their peers, shift allocation and overtime allocation, if those were appropriate to their role. Not a full or exhaustive set of data, but a subset that I could work with manually to get an indication of whether my retaliation concerns were real or imagined.  Here is an example of what we found.

It became shockingly clear within minutes from my simple spreadsheet analysis that retaliation was clearly going on; not everywhere, and not affecting every whistleblower, but it was there. Moreover, some divisions, departments and locations had a noticeably greater propensity for retaliation than others and, I suspected, some of this was linked to certain mid-level and senior managers. Confirming that issue was largely beyond manual analysis but there were also enough indicators to show that some managers and senior managers essentially took retaliation with them when they moved roles, such that the propensity for retaliation increased. All of this was information that we had no idea about prior to starting to undertake a relatively simple analysis of data that – crucially – we already had.

6. What the data means

As an example, the chart shows how after making their report of Data Misuse, Reporter 4’s subsequent pay award and promotion outcome was sufficiently concerning that it was ‘Red Flagged’. Reporter 4 also faced concerning issues regarding their annual review and overtime/shift allocation such that, taken together, the risk of these issues being retaliatory was clearly deemed ‘High’.

Similarly, reporter 6, after making their report on Safety, had faced consequences right across the spectrum which, supported by previous pay, bonus and annual review information, led to the inescapable conclusion that there was a High risk of this being organised and coordinated retaliatory action.

Clearly, there may be other personal and professional reasons for the issues that the chart highlights, but the apparent coincidence with their whistleblower report is simply not something that could be ignored.

From personal experience, one of my cases involved a previously high performer whose career ‘dropped off a cliff’ following a report that they made. It was again simply too much of a coincidence to ignore and, indeed, it did prove to be retaliatory action – which, without this analysis, would probably have never been identified.

7. Sourcing the data

In common with most companies, much of this data was held by HR, with understandable sensitivities around confidentiality and privacy. However, to address these concerns, we made it clear that – for example – we usually did not need to know the absolute amount of someone’s pay raise, but more the relativity to their colleagues and peer groups such that we could identify exceptions.

Moreover, HR directly received a number of grievance reports that brought with them the risk of retaliatory action and so working closely with HR we established a shared understanding and common purpose such that a long-standing and dreadful issue could be addressed, to everyone’s benefit. As trust developed in the relationship, so did the data flows.

8. Data-driven active anti-retaliation – The benefits

However, regardless of its simplicity, this analysis has the potential to deliver multiple benefits; for example, it also enables educated follow-up with whistleblowers to be undertaken with the result that it was not unusual for the whistleblower to reveal a four- or five-to-one ratio of further retaliation incidents; the analysis might have identified one incident (such as pay), but frequently that was the ‘tip of the iceberg’ and whistleblowers would reveal several more retaliation incidents once they realised you had data and information, and that you weren’t going to be fobbed-off such that you went away. Put simply, if a whistleblower had already faced retaliation and you followed-up with them then they would often try to get you off the call (or e-mail) as quickly as possible, on the basis that they just wanted it all to go away. With data and information to support the follow-up there was a realisation that you were serious, and the situation inevitably changed.

Some readers will say that this is all reactive data and that the retaliation has already happened, such that it only allows you to ‘look through the mirror’ at the past. However, that is simply not the case. In reality, once a gathering of retaliation data has started, it relatively quickly enables a picture to be built of locations, divisions, departments, roles and report types where there is a propensity for retaliation. No longer is it purely a case of retrospective data; the data can be leveraged such that you can ‘look through the windscreen/windshield’ proactively – and to a degree predictively – and so anticipate what type of location, team, role and report type, for example, presented a real risk for retaliation. This then facilitates a proactive approach of additional training, communications, reminders and vigilance. Once the program has started and the data set grows, that reactive data can be rapidly turned into proactive data enabling a far more incisive approach to be taken to anti-retaliation, such that ‘red flags’ and suchlike can be actively identified, monitored and managed

9. Other Retaliation Data

In common with a number of organisations, the Ethics and Compliance Initiative (ECI) has undertaken some research in the area of retaliation. Typically, their research shows that 72% of retaliation takes place within three weeks of the report being made and 90% within six months, with the remainder taking place beyond six months.

Clearly, this indicates that whilst the majority of retaliation is reactive and near-immediate (sometimes described as ‘get mad, get even’), some is deferred to a later date – often to the annual performance review, promotion, pay and/or bonus rounds, which provide a ready and also disguised means of retaliation. Moreover, it is worth noting that these timings have the potential to mean that more than 20% of retaliation can take place after the case would normally be deemed closed by the company.

However, going forward, there is the potential to further integrate whistleblower and HR-type data – covering annual performance review markings, pay raises, bonuses, disciplinary actions, overtime awards, recognition, career progression and suchlike – to enable my simple analysis to be turned into an effective real-time compliance tool, which would crucially also help to discharge the ‘reverse burden of proof’ of retaliation, first enshrined in the EU Whistleblower Protection Directive, which can require a company to prove that adverse action against a whistleblower was justified and not actually retaliation.

Keith Read

Chief Compliance & Ethics Officer, Independent Advisor and Author