European organizations are not giving anti-retaliation requirements the attention they need, according to findings in our 2023 State of Risk and Compliance report.
In the 2023 NAVEX survey of more than 1,300 R&C leaders across the globe, over half of all respondents rated “Whistleblowing, Reporting & Retaliation” as “very important or absolutely essential”. However, U.S. organizations in particular valued these concepts as a higher priority, with 71% of respondents giving this rating compared to their European counterparts’ average of 62%.
Further findings reveal major differences in regional responses about whether organizations have actually implemented non-retaliation policies. In the U.S., 61% reported having these policies in place compared to Germany's 41%, the U.K.'s 36%, and France's 27%.
This gap between the U.S. and European organizations raises a critical question: why are European firms lagging behind in efforts to prevent retaliation?
What does non-implementation of anti-retaliation policies look like?
Non-implementation might present as:
- Inconsistent communication with reporters about their rights
- Unclear guidance on how to report retaliation
- Opaque records on past handling of retaliation cases or reports of retaliation
- A lack of training or undefined policies on how to identify retaliation
- Poor transparency over what is done if retaliation is identified after a report is made
Organizations must understand that a strong compliance program isn't just about having policies – it's about the visibility and trustworthiness of those policies that guide employees beyond making a report. European organizations should reassess and strengthen their approach to ensure reporters are supported and not penalized for honesty. With fear of retaliation the leading cause of employees not speaking up, training is vital for reinforcing policies around anti-retaliation and earning employee trust.
Mixed investment in training raises another issue. Despite the EU Whistleblower Protection Directive's enforcement, the importance of improving or implementing training seems to be less pronounced in European organizations than ones based the U.S. than in European organizations. When surveyed about plans to implement ethics and code of conduct training within the next 2-3 years, the responses varied: 66% in the U.S., compared to 45% in Germany and 38% in France.
As anti-retaliation training is likely to be a key component of any ethics and compliance training, a lack of urgency in implementing this training hints at less investment. It also raises the question of whether organizations in particular regions may be less committed to clarifying rules and expectations around anti-retaliation.
Interestingly, our findings suggest that more European organizations prioritize data privacy over non-retaliation policies. This divergence between the intent of the EU Whistleblower Directive and practical approaches by organizations to adapt hints at a broader issue. Whether this reflects the ability or willingness to meet the Directive's requirements remains to be seen.
What next?
Consideration of the EU Whistleblower Protection Directive's requirements is essential. Even so, the State of Risk and Compliance Report findings show a surprising lesser focus on anti-retaliation and whistleblowing awareness in many European organizations.
While baseline activity around enabling reporters to report continues, inaction around eliminating retaliation and awareness of its nature is a concerning sign – or at least a sign that progress is slower than anticipated given the new legislation in play. The best whistleblowing processes and efforts to keep internal issues resolved internally will struggle if employees fear reporting due to retaliation. Reports that emerge externally may pose a far greater risk to organizations than clamping down on retaliation.
The pressure of the EU Whistleblower Directive was meant to prompt decisive action for organizations around enabling and protecting reporters – but there's evidently more work to be done.
Intrigued by these findings?
Explore more on the current risk and compliance landscape – and how you can stay ahead – by downloading the complete 2023 State of Risk and Compliance report.
