First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Whistleblower, hacker, or both? How the Rui Pinto Case can be applied to corporate compliance officers

compliance officers

Do the ends justify the means? It’s a question at the heart of many ethical dilemmas – and one that can certainly be applied to the case of Portuguese national Rui Pinto.

Pinto was arrested in January by authorities in Budapest on suspicions of illegally hacking emails about European soccer clubs and providing them to the Football Leaks website. A Hungarian court then ruled he would be extradited back to his native Portugal, where he is wanted for attempted extortion and illegal access to data, among other crimes related to the alleged hacks.

Among its various twists and turns, this story has landed in the world of ethics and compliance when Pinto decided to defend himself by saying he should be protected as a whistleblower. “Instead, the Portuguese authorities are treating me like a criminal,” Pinto told the BBC.

What is our whistleblower definition?

Pinto’s lawyers have asserted a whistleblower defense under Hungarian law, saying that in this case, the ends do indeed justify the means. From their perspective, the benefit the soccer world and the general public receives from these leaked documents outweighs the crimes Pinto has allegedly committed.

Laws differ across Europe, but generally speaking in a corporate setting, a whistleblower is an employee or an external party who reports a concern through any available channel. The person must also have what in Italian we would call, buona fede – or good intentions. This would mean the person is not acting to get some sort of advantage, but instead, he or she is working for the greater good of the company. This is where compliance officers often enter the picture to determine whether an investigation is necessary.

This is key in Pinto’s case, as he maintains that he has not been compensated for his leaks and that he has acted merely for the greater good of soccer. If that’s right, it’s hard to deny that Pinto is a whistleblower and should not be punished…at least not as a whistleblower. Pinto, however, is also an alleged hacker and a criminal.

What compliance officers should know

In ethics, the consequentialist approach says that we should have moral rules, but what matters most are the eventual consequences. Yes, a person might have broken the law, but did they better society in the process? If so, that person did the right thing. There’s that ends justifying the means thing again.

Society undoubtedly benefits from having access to the information Pinto has released – including evidence of tax evasion cases in Spain, one of which surrounded soccer superstar Cristiano Ronaldo. Shining a light on this kind of behavior is important, but it’s especially so given FIFA’s sordid history in recent years. From a consequentialist approach, if Pinto really isn’t receiving compensation for his actions, he is in the clear and could be afforded whistleblower protections.

On the other hand, he is accused of breaking the law, and that changes things from a compliance perspective. Here, compliance officers cannot turn a blind eye, but would need to report the information to authorities. Whistleblowers in this situation also need to know that though they may receive some whistleblower protections, they might be charged for their illegal actions

Still, it doesn’t mean the information should be ignored. All reports need to be reviewed and investigated.

Third-party whistleblowers

The Pinto case is admittedly somewhat different because he didn’t come forward to a compliance officer (likely because he wasn’t in the employ of any organizations exposed by the leaked documents). He’s alleged to have simply gone public with the information – but what happened with Pinto is a good lesson for compliance departments.

External whistleblowers like Pinto can be just as effective, if not more so, than whistleblowers within an organization. A third-party vendor or a customer could have witnessed or seen something worth reporting to a compliance officer and their external role doesn’t make any difference in how compliance officers should handle the situation.

Pinto’s case teaches us that if actions by a whistleblower – whether they’re internal or external – go from inappropriate to illegal, the difference only matters to the whistleblower and to authorities.

Compliance departments should be prepared to cooperate with law enforcement, but they must be focused like a laser on the information that is unearthed – even if it means justifying the ends and possibly bringing justice to the means.

By Vera Cherepanova

Follow me

Ethics &Compliance Matters ™, Navex Global ®

Ethics & Compliance Matters™ is the official blog of NAVEX Global®. All articles posted on the Inside Internal Controls blog originally appeared on NAVEX Global’s Ethics and Compliance Matters Blog. The blog leverage the news, insights and best practices you find here to stay ahead of GRC trends, and take your compliance program to the next level. Read more
Follow me
Send to Kindle

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.