If you've come across something rotten in the organisation you work for and are thinking of blowing the whistle to the corporate regulator, think twice.
That would certainly be the advice of a group of whistleblowers at Commonwealth Bank who contacted the Australian Securities and Investments Commission in October 2008 with a detailed four-page fax outlining serious flaws in the bank's financial planning unit.
Instead of ASIC snapping into action given the serious tipoff that one of the bank's top planners, Don Nguyen, who had 1300 clients and up to $300 million in client money, had engaged in systemic misconduct and his files were being "cleaned up", it took ASIC 16 months to take action.
What is even more concerning is the lack of protection offered to the whistleblowers.
One of them, Jeff Morris, who decided to share his identity with Fairfax Media, said they remained in contact with ASIC with follow-up emails, and at no time did anyone tell them to reveal their identity so they could be protected.
By the time ASIC eventually acted, in November 2010, the horse had already bolted. Client retirement savings had been decimated and everyone was ducking for cover.
After a series of articles in Fairfax Media exposing the truth about CBA, the whistleblowers and the regulator, emails flooded in from victims, former staff and sources close to ASIC.
It has also opened up a can of worms in terms of protection of whistleblowers, the role of ASIC and the inherent conflicts when a fund manager owns a financial planning firm.
One victim wrote: "I [was] one of those 1300 clients of Mr Nguyen, badly affected by his fraudulent deeds. I lost more than half of my superannuation, though CBA did return less than half of that amount. The result, I moved what was left of my superannuation elsewhere and put some into term deposit. Now at 70 years of age when I should be enjoying retirement, I am relying partly on CentreLink and still doing some casual work."
Former financial planning staff also sent emails discussing the role of culture. One said the problems with Nguyen and six other financial planners who were subsequently banned boiled down to the appointment of two certain managers, who have since left and are now working in other organisations. "These two managers employed a lot of their 'mates' into the group and planning division and for the next five or so years it was heavily focused on sales and fees at all cost. The sales targets of both fees and funds under management were unsustainable, and increased every year, to the detriment of clients' interests. Both of the above managers turned a blind eye to any underlying 'advice quality' issues as they described them as long as sales targets were reached.
"It was always about sales, and ongoing advice fees were also encouraged (0.94 per cent above standard fees) to be charged but the actual ongoing service was rarely provided - and if it did get provided by the planner, it was frowned upon by the managers, at the expense of taking time away from new business and new fees."
Nguyen resigned in mid-2010 and was later banned by ASIC for seven years. This means he will be back in business in five years. CBA agreed to an enforceable undertaking that comes to an end in October this year.
But for the victims and the whistleblowers life will never be the same. One died at 35, others are too afraid to reveal their identity and Morris left CBA earlier this year.
A source close to ASIC said one of the issues with being a whistleblower is that complainants need to specifically use the words "whistleblower" or "protection from retaliation and discrimination", in their report to ASIC.
Most people don't as they assume if they give detailed tipoffs that stack up, they will be automatically protected. "ASIC doesn't trouble itself with Part 9.4AAA of the Corporations Act 2001 unless clearly stated and sought by complainants," the source said.
In the case of the so-called "ferrets" at CBA, they wrote in their initial correspondence: "Although your investigators will no doubt be able to work out who we are, we will give you much more detailed information under questioning, from our point of view, the less people who know definitely at any point in time, the better." Signed the ferrets.
A "protection for whistleblowers" information sheet states that any would-be whistleblower wanting protection must identify themselves. "Anonymous reports are not protected under the Corporations Act."
The whistleblowers sent emails to ASIC after their initial fax in 2008 and at no time were they told to come in for an interview or to reveal their identity.
According to Morris, they finally went to see the regulator in 2010 because they had got sick of waiting. If they hadn't, the report might still be bouncing around.
"We dealt ASIC the cards to take 10 tricks but they settled for six ... My whistleblower protection consisted of advising me to 'get out with what you have left'."