Duty of Care in Whistleblowing

  • Duty of Care in Whistleblowing

  • Stuart Cotton

    June 23, 2021 at 9:04 am

    The often bizarre world of handling Covert Human Intelligence Sources on behalf of Government Agencies such as the Police began trending on Twitter earlier this year when the acronym ‘CHIS’ featured in the first episode of the BBC’s ‘Line of Duty’ series 6. The CHIS in question met with a harrowing looking death to ramp up the drama for viewers however, in real life CHIS handling, this would have been seen as a complete failure of the system and the many tiers of protection that are intended to establish a duty of care over the source.

    At this point it might help to explain the hierarchy of sources (informants) a little in that when you leave a review on a restaurant’s website you are a source of intelligence to other potential diners who are thinking of eating there. A great review will encourage them to try the place out whereas a dreadful review will instantly render a venue a no go area. The problem is that the system of reviews is flawed because these descriptions can be manipulated either by the establishment paying for better reviews or by competitors placing false reviews to damage a rival’s business. So how do you establish if the source is being truthful? Might the source have an agenda? At this level do such questions matter too much if the accumulation of reviews balances out? There is clearly no element of care to be attached to such sources despite the fact they may get trolled on social media for their views.

    Another level up from the reviewer or critic comes the ‘HUMINT’ or human intelligence source. This represents a one-off event, an anonymous tip perhaps of something untoward they have seen. A letter written in complaint about a neighbour, a former spouse dishing the dirt in anger, a worker tipping off an authority about bad practices at the factory or a book-keeper alleging tax evasion. These are simply allegations at this point with no evidence being put forward alongside the complaint. Such sources might become known to the agency at some point but they are often just logged on the system as HUMINT until such times as an investigator spots several similar allegations and begins profiling the data for a new project. So, once again, the issue of any duty of care to the source rarely exists but the investigator is still likely to tread carefully where they see that the source is an obvious one.

    Another step up from HUMINT is the ‘Informant’ where we begin to step into the arena of what most people would describe as a whistleblower. In my experience the classic whistleblower will have spotted an issue of some importance either to them or to the organisation involved. They will have raised the matter several times and been rejected or ignored causing stress and anxiety to the point where they are forced to acquire documentary proof of the issue at hand. A dossier is compiled and ignored again until a protective disclosure is made to line managers higher up the organisation, perhaps a Director is copied into this ‘smoking gun’ material.

    Nothing happens, so the informant sends the dossier to the agencies it feels are best suited to handling the dossier. The FCA, the Police, Serious Fraud Office or HMRC could then get involved and take a statement from the source who may by then be confronted by the negative ramifications of becoming a whistleblower. At this point it could be argued that the employer has a duty of care in terms of their employee’s health and wellbeing but not necessarily the agency receiving the dossier.

    Why is that? If such an agency is going to accept that dossier as evidence and then work the case up to prosecution stage then the author of the dossier is likely to be put at risk. This begs the question who measures those risks when the source is a one-off and the interface involves just a debrief and the collection of evidence? Is there a stronger duty of care here and if so, who takes responsibility for protecting the whistleblower? What level of care is appropriate in these instances? Should agencies receiving such information be providing training to their officers to ensure the source is safe, secure, healthy and free from reprisals? Should they care at all or does the end product of a criminal or civil trial justify the means of obtaining the data and simply walking away from any wider issues?

    With a ‘CHIS’, we step up to the upper echelons of the whistleblowing community. Sticking to what I know here, as a former Tax Inspector within HMRC’s National Intelligence Unit, the sources in question for me had access to information within Organised Crime Units, Terrorist Financing Cells or Corporate Entities that were engaged in all manner of financial dexterity. In these circumstance the dossier does not exist, the source with appropriate access to the evidence first has to be identified within the entity involved and then ‘recruited’ by the agency (HMRC) in order to start creating a dossier in real time.

    This type of covert activity over lengthy periods of time is fraught with dangers both for the CHIS, the Handler, the Handler’s Controller and the Agency carrying out the operation. Getting caught in the act of securing the source materials could result in the the source being attacked and, potentially, facing certain death. Handling a CHIS of high value to an agency can often involve other covert operations such as creating false identities, having pool cars owned by fake companies, creating fake websites, developing multiple cover stories and visualising and training for multiple scenarios where the cover is blown including extraction of the source and their families. In one case I had to broker a new identity for a witness with an overseas Government Agency as HMRC were unable to protect my source.

    Clearly, at this level, there is a distinct duty of care placed upon both the Agency and its Handlers. We undertook constant appraisals of risks at each stage of contact and these were logged and reviewed by the management chain all the way through to the Information Commissioner’s Office. All of this seems quite straightforward until you hit the point where the source, the whistleblower, has passed on their information and is looking for results to make it all worthwhile. What happens next? Who should pick up the baton that is the Duty of Care?

    At HMRC we just dropped the source. We collected what we wanted or needed and then moved onto our next case with no thought for the source from that point. When I queried this with those above me and suggested we should monitor our sources post investigation by using continuing risk assessments I would get the same responses:

    “That’s not your job Stuart, nor is it mine”

    So the Agencies involved only have a duty of care up to the point they are satisfied they have everything they need. Then they move on in a somewhat callous manner and the source switched to other outlets such as the media.

    Is it the responsibility then of the Journalist covering the potential story, or the Editor pushing for an exclusive article by a certain deadline or the publisher of the article that follows. I think the evidence suggests that journalists do protect their sources but could more be done? Should there be an agreed protocol for all media outlets to follow when dealing with whistleblowers? Should we reach an agreement as to what such protocols should include and demand? I don’t think that would be too much to ask.

    If the case leads to a litigation or some form of reward protocol does the Prosecution pick up responsibility for the source, or perhaps the Agency bringing the case. Do the FCA, SFO or other prosecuting agencies worldwide provide the levels of support and care that are needed for whistleblowers? Once again, should we set a series of requirements for the legal professions to ensure that the whistleblower has rights along the way. Are they the key component of litigation support? Should they be recompensed in some way by the Courts?

    I am pleased to see that certain Law Firms are now waking up to their responsibilities and at least looking at the ethics here. There are no obvious answers but work must continue to be done by everyone connected to a case to ensure whistleblowers have a right to some kind of closure and wellbeing along the way.

    In creating this particular platform today, the 23rd June, on World Whistleblowers Day I aim to<font face=”inherit”> celebrate the courageous individuals who come forward to report corruption and financial crime, and to share some of the ways I wish to help them achieve justice. Justice, to my mind, includes the process of putting a whistleblower back to their original position. A well paid job, respect within their new role, a positive career map, acceptance by peers, financial redress, good health, mental wellbeing and freedom. Freedom of speech and freedom to get on with their chosen careers and enjoy a normal family life.</font>

    Sadly, we seem to be a long way from even recognising the issues that face whistleblowers today, the reprisals, the attacks, the discrediting, the mental anguish, the effects on family, the loss of a career that took decades to build and the effects on health. There are many opportunities throughout the course of dealing with Sources / Informants / Whistleblowers / CHIS where a duty of care can be identified and acted upon.

    Should society stand up for Whistleblowers and assume this Duty of Care beyond the act of reporting corruption or criminality or societal damage? I believe so.

    I am so proud of the team at Parrhesia for launching this organisation at a time when Whistleblowers need access to more care and support. Society is improved and is being improved by all manner of activists some of whom are classic whistleblowers and others who work covertly, out of the public eye. Please think about how you might act to support us in taking up this duty of care.

Viewing 1 of 1 replies

Log in to reply.

Original Post
0 of 0 posts June 2018