From Edward Snowden’s government surveillance revelations through the Facebook and Cambridge Analytica data harvesting scandal and Twitter’s recent security pitfalls, whistleblowers have been the driving force behind some of the biggest news stories of recent years.
But whistleblowing isn’t always about insiders shining a light on shady practices in governments or billion-dollar tech companies. Oftentimes, it’s simply a case of a concerned employee wanting to report unethical or questionable activity at a relatively small scale, and raise their concerns with the right people internally to address issues before they become a public relations disaster. At its core, whistleblowing is a way for anyone directly connected to a public or private body to bring attention to practices they feel contravene some law or code of conduct — no matter how big or small this contravention may be.
And it’s against that backdrop that the European Union (EU) is setting out to offer better protections for whistleblowers to report any misdemeanours they witness, anonymously and without fear of retribution. The so-called whistleblowing directive came into force back in 2019, forcing most larger companies to deploy a robust internal reporting system that allows whistleblowers to report any misdeeds in confidence or complete anonymity, while also protecting them from dismissal or any other form of retaliatory tactics.
Businesses with 250 or more employees had to implement their system by the end of last year (2021), while those with 50 or more employees have until December 2023 to get their ship in order. With the deadline fast approaching, a new company has emerged out of Denmark to give businesses of all sizes the software they need to support all manner of whistleblowing activity, without compromising the identity of the complainant.
Wrongdoings and irregularities
Founded in 2021, the aptly-named Whistleblower Software has already amassed a slew of big-name customers including T-Mobile in its 18-month history. Dutch banking giant ABN-AMRO offers four ways for whistleblowers to report “wrongdoings or irregularities,” one of which involves hitting the “file a report” button on a dedicated application on Whistleblower Software’s website. Here, employees, contractors, or anyone witness to dubious activities can provide all the details in writing, or by filing a report verbally — for this, Whistleblower Software automatically distorts the caller’s voice to prevent them from being identified.
The web-based platform includes a case management and secure messaging system, allowing managers to converse (anonymously or confidentially) with the person filing the report. In an age where being truly anonymous has become incredibly difficult, this is where Whistleblower Software seeks to make its mark with the promise of full end-to-end encryption, logins via encryption keys, and the ability to avoid IP tracking.
“Actually being able to be anonymous is quite tough in today’s online world with tracking everywhere,” Jakob Lilholm, CEO and founder of Whistleblower Software, explained to TechCrunch. “Imagine just being able to log in without leaving any tracks?”
In truth, there are numerous similar tools and technologies out there already, including legacy software from the likes of Navex and EQS, while there are newcomers such as Vault, which last year closed a round of funding from big-name backers including Google’s Gradient Ventures.
Lilholm says that they’re setting out to differentiate through a number of avenues, perhaps chief among them being how it’s distributing its software. While any company can sign up for its platform and pay a monthly subscription similar to any other SaaS, Whistleblower Software also offers a partner program that allows consultancies such as PwC, DLA Piper, Baker McKenzie, and BDO to “resell” the whistleblower technology directly to their own customers. Not only does this help Whistleblower Software scale, but it hugely simplifies things for the consultancies, as they are able to manage multiple whistleblowing channels for different companies through a single interface.
This all leads us to one obvious remaining question: who actually receives a report once a worker submits it? The answer is a somewhat unsatisfying “it depends,” given that the company itself sets up the flow for how a report is handled. However, if the company is deploying the software as it is intended, then it should give workers the option of selecting from a number of different parties — or perhaps more accurately, it should allow workers to deselect specific recipients to avoid any conflicts of interest.
A Whistleblower Software spokesperson says that based on its experiences, around half the time an external third-party is the recipient of the report, and the other half it’s set up to be handled internally, such as HR, a compliance officer, or C-level executive.
Don’t be evil
To take things to the next level in preparation for the new EU directive, which will effectively cover some 400,000 companies across Europe by the end of next year, Whistleblower Software today announced that it has raised $3 million in a seed round of funding from investors including London-based VC firm West Hill Capital and Morten Brøgger, who was previously CEO at Huddle and secure messaging company Wire. Brøgger is also now joining Whistleblower Software’s board of directors.
The global governance, risk management, and compliance (GRC) software market was pegged as a $1.3 billion industry last year, a figure size that’s predicted to hit $1.9 billion within six years. While existing legislation such as France’s anti-corruption Sapin II law, and new and emerging regulations such as the EU whistleblowing directive are a big part of this anticipated growth, a greater sensitivity to environmental, social, and corporate governance (ESG) issues is perhaps also at play here. In some ways, Whistleblower Software and its ilk could be helping companies do what Google once professed to do by not being evil, and appease a more socially conscious workforce.
“ESG and the increased focus on whistleblower protection have driven new motives for companies to establish whistleblower units in their organizations,” Lilholm said. “Essentially, the need for being perceived ‘good’ by employees, the need to comply with relevant local whistleblowing legislation — [they] are all reasons that we see a big trend in the market right now.”