In an expected ruling, the Supreme Court held that Dodd-Frank’s anti-retaliation provision does not extend to an individual who has not reported a violation of the securities laws to the SEC. The court signaled this outcome in the oral arguments and in the end, the decision was 9-0. It turned on the textual and legal definition of who is “whistleblower” within the statute. From the ruling:
Sarbanes-Oxley applies to all “employees” who report misconduct to the Securities and Exchange Commission (SEC or Commission), any other federal agency, Congress, or an internal supervisor. Dodd-Frank defines a “whistleblower” as “any individual who provides . . . information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.”
There will be a lot of discussion in the compliance and legal press about what this means for organizations and their compliance programs. There will also be discussion as to whether consideration should be given to modify the language in Dodd Frank to expand the protections. We will see how this all plays out.
In the end, what this ruling really highlights once again is the importance of organizational culture and preventing retaliation from occurring in the first place. We know that culture always supersedes legal compliance and one could make the case that all of this discussion falls into the area of looking for legal loopholes rather than focusing on the spirit and intent of strong ethics and compliance programs.
Time and time again, research shows that employees much prefer to report an issue to their immediate supervisor than to have to take it up the management chain or outside the organization.
Time and time again, research shows that employees much prefer to report an issue to their immediate supervisor than to have to take it up the management chain or outside the organization. Time and time again, the agencies report that employees have tried to raise their concerns internally before coming to them. And yet, we continue to think we can dictate the “terms and conditions” of taking issues outside the organization. We cannot.
Any board of directors or senior leadership team that sees this ruling as an opportunity to take the pressure off strong oversight of reporting practices will do so at their own peril. The outcome of this ruling will likely be that more issues are taken directly to the SEC without the opportunity for an internal review.
We know that many of these issues – both accounting issues and claims of retaliation – are already going directly to the regulatory agencies. This problem existed before this most recent ruling because these employees do not trust that the issue will be handled appropriately internally.
Training Course: How to Create a Speak Up Reporting Structure
Let’s Look at Some Numbers
Organizations receive few internal reports of accounting, auditing and financial reporting. NAVEX Global’s historical data from our Hotline Benchmark Report show that 2-3 percent of all reports made in any given year are accounting and financial reporting-related matters.
Separately, our data also shows that very few reports of retaliation are raised internally. Retaliation claims represent less than 1 percent of the reports in our databases. Yet, reports of these two types of issues to external agencies continues to be strong.
Key Actions for Organizations to Take
So what should organizations be doing to create an environment where employees are confident in their ability to raise issues internally?
- Identify and address cultural and organizational barriers to a “speak-up culture.” Report on culture issues and improvement plans to the board of directors.
- Address the issues of fear of retaliation directly. Train managers about their responsibilities, including their responsibilities to escalate concerns. Publish sanitized case studies of actions taken against retaliators. Implement a program to monitor for potential retaliation.
- Ensure that robust escalation policies are in place requiring notification to the board of allegations relating to issues that could cause serious reputational or financial harm to the organization.
- Don’t be lulled into a false sense of security. Just because concerns of retaliation have not been raised through formal channels doesn’t mean that it is not occurring in the organization. Test the system.
Regardless of definitions and rulings, retaliation is still wrong and I believe this is perhaps one of the final issues that is keeping our ethics and compliance initiatives and investments from being effective. Let’s focus on preventing retaliation in the first place and not get distracted by a Supreme Court decision on the legal reading of the definition of “who” is a whistleblower.
Share your thoughts on the Compliance Next discussion board: Compliance Hot Topics