Infosys has been in the limelight for the wrong reasons ever since its last founding-CEO SD Shibulal resigned in 2014. One after the other, the non-founding leadership of the company has faced accusations of misconduct from whistleblowers.
The two non-founding CEOs, Vishal Sikka and Salil Parekh, who succeeded Shibulal, have faced fire from anonymous complainants. Former CFO Rajiv Bansal and current CFO Nilanjan Roy have also been named in whistleblower complaints.
In the latest incident, on Oct. 21, anonymous shareholders wrote a letter to the US Securities and Exchange Commission (SEC) since Infosys is also listed in the US and the regulator allows anonymous complaints to be filed directly with it.
The Securities and Exchange Board of India (SEBI) has no such facility for employees, vendors, or other stakeholders. Whistleblower mechanisms in India are regulated internally at companies.
We do not know whether the allegations against the Infosys management are true and what kind of actions SEC may take against the company, but the complaint has attracted our attention to an issue that is of great relevance to corporate India.
Any insider who observes the working of a company at close quarters, such as an employee or a vendor, is a potential whistleblower.
Whistleblower complaints pertain to a mischaracterisation of expenses, inflation or falsification of accounts, kickbacks, and corruption, etc. These practices can often go unnoticed by auditors or independent directors in the course of regular checks.
Whistleblowers can exist at different levels of the company. They can be junior or mid-level executives who are responsible for implementing decisions of the senior management, such as making payments or accounting entries. Others who have a close level of personal interaction in everyday dealings of the management may be whistleblowers, too. These people do not stand to benefit personally from the practices they are blowing the whistle about.
These could be individuals who were on-boarded by the management and figured out that some of the activities were illegal or unethical. Alternately, they could be the people who were once on board but subsequently had a fallout, leading them to become whistleblowers.
Genuine whistleblowing is aimed at bringing transparency, legal compliance, and with the long-term interest of the company at heart.
However, irresponsible and malicious whistleblowing can attract unwarranted attention and impact stock prices and shareholder perception. This is also the reason that anonymous whistleblowing is sought to be discouraged.
There may be hundreds of other companies that are listed in India and are plagued by similar whistleblower complaints as Infosys. But most will not come to limelight. The reason why such information about Infosys makes headlines time and again is because the company is listed in the US and SEC allows anyone to submit a tip regarding a securities law violation.
As per SEBI’s listing obligations and disclosure requirements regulations, 2015 (LODR Regulations), every listed company is required to create a whistleblower mechanism that enables employees, their representatives, and other stakeholders to freely communicate concerns about illegal or unethical practices. Details of the policy or the mechanism itself are to be provided on the company’s website. The Audit Committee of the Board of Directors has the responsibility of reviewing the functioning of the whistleblower mechanism. The corporate governance section of the annual report must provide information about the establishment of the vigil mechanism, the whistleblower policy and that no person was denied access to the Audit Committee of the Board.
So, essentially, whistleblower complaints are to be dealt with internally by the company and do not allow observers or shareholders to get into the details of a complaint. In addition, specific contents of such policies are not prescribed and reporting formats for the status of complaints received and the action that need to be taken are also not prescribed.
Accounting firms like Deloitte and specialised organisations such as Navex Global and Integrity Matters offer whistleblowing hotlines in India. These mechanisms are mere communication pathways and the ultimate decision-making still rests upon the company internally.
The current communication from SEBI and BSE to Infosys inquiring why disclosures were not made earlier under the LODR Regulations could at best ensure that SEBI knew about it earlier, but not addressed the real issue at hand about the effective working of whistleblower mechanisms.
In the private sector, it is optional for a company to create a whistleblower policy. Most companies include a whistleblower mechanism as part of their employees’ Code of Conduct.
Such policies may help in uncovering unethical or illegal practices at junior levels, but these policies may not be effective for whistleblowing in relation to malpractices by the top management.
We should recognise that a substantial component of whistleblowing complaints involve bribery, private sector kickbacks, or other unethical practices. These practices cannot be checked through whistleblowing mechanisms alone. India needs a bedrock of strong anti-corruption laws so that whistleblowing in respect of such practices triggers an investigation under these laws.
For example, the Prevention of Corruption Act, 1988, in India does not expressly extend to foreign public officials, unlike the UK’s Bribery Act, 2010, or the US Foreign Corrupt Practices Act, 1977. There is no statute to cover private-sector kickbacks either.
For private and public unlisted companies, this is optional. Many large unlisted companies create whistleblower mechanisms that impose an obligation on employees to disclose wrongdoing, but the company is under no legal obligation to take a specific corrective action if a complaint is received.
The whistleblowers at Infosys have raised issues important for corporate India. In many ways, this is an opportunity for the firms to mature and have sound systems for the transit of business from promoter control to professional employees.
Indian listed companies even today are promoter-driven, unlike the US where listed companies have a very fragmented promoter shareholding and promoter control has passed on to professional employees and management. This transition will require a detailed and supportive regulatory framework for wrongdoing to be tackled. The creation of effective whistleblower mechanisms is one part of this.
For now, irrespective of the scale of whistleblowing at Infosys, the incident draws attention to the scope for improvement in systems implemented by SEBI and stock exchanges for the detection of whistleblowing and taking corrective action.
There is no SEBI or stock exchange circular which mandatorily requires the provision of information to stock exchanges by companies, which SEBI could issue subsequently.
It could also prescribe model whistleblower policies or model disclosure formats to stock exchanges around the efficacy of the same. As whistleblowing affects the interest of public shareholders and the securities market, SEBI might consider establishing a mechanism to directly handle whistleblowing complaints, as it has done in the case of investor grievances.