Later this year, the Supreme Court will rule on whether whistleblower protections under the Dodd-Frank Act apply only to people who report misconduct to the Securities and Exchange Commission (SEC). That is, people who report misconduct internally would not be protected from retaliation.
Compliance officers should prepare themselves. The implications of this decision could be profound.
The case, Digital Realty Trust v. Somers, went before the court in November 2017. The plaintiffs argued that the text of Dodd-Frank plainly defines a whistleblower as someone who brings information to the SEC. Even if that means more retaliation risk for those who only report misconduct via internal channels — well, the law is the law. Fixing poorly written law is a job for Congress.
Trying to divine the leanings of Supreme Court justices is risky business. Still, a majority of justices seemed to side with the plaintiffs, even while uneasy about what that meant for whistleblowers.
Let’s assume that Digital Realty does win, and Dodd-Frank’s whistleblower protections are restricted only to those who report misconduct to the SEC. What might that mean for compliance programs?
More Enforcement Risk
First, if whistleblower protections only apply to those people who report to the SEC, then whistleblowers will have more reason to report to the SEC rather than you. That increases the chance that the SEC becomes aware of possible misconduct before your business does.
Moreover, if protections don’t apply to people who report internally, those prospective whistleblowers will be less likely to report to you.
Moreover, if protections don’t apply to people who report internally, those prospective whistleblowers will be less likely to report to you. Maybe they won’t report to the SEC either, but neither scenario does the compliance function any favors. Misconduct could be happening within the organization, and you will have a more difficult time learning about it.
Those circumstances alone could make the compliance officer’s job much more difficult. The risk of misconduct will continue, but the battle to maintain a speak-up culture will be that much more uphill.
If the company does need to investigate misconduct that the SEC already knew about, the investigation will be that much more costly, since the company won’t be the one setting the pace.
And remember, the first pillar of winning more favorable treatment from regulators is that the company voluntarily discloses misconduct to regulators. You can’t disclose misconduct you don’t know about.
Legal vs. Compliance Tensions
A separate, equally serious issues could be that a wedge develops between the legal and compliance departments.
After all, if the Supreme Court narrows the scope of whistleblower protections allowed under the law, that’s less litigation risk the company faces. Less litigation risk is what the legal department wants.
Less litigation risk, however, isn’t the mission of the ethics and compliance department. Your mission is to reduce the occurrence of misconduct. Yes, good conduct can lead to less litigation risk, but that’s just a welcome byproduct of effective ethics and compliance programs. It isn’t the objective.
I don’t expect legal departments to take a “pro-retaliation” stance when whistleblowers come forward. But they could (and inevitably, some would) argue that whistleblowers have no grounds to complain about retaliation that happens.
Other would-be whistleblowers would see that. In NAVEX Global’s 2017 Ethics & Compliance Training Report, the top challenge to effective compliance training was employee cynicism. One can only imagine what the 2019 numbers will look like, should this scenario come to pass.
Smart Positioning Now
We shouldn’t get too far ahead of ourselves. First, the Supreme Court might rule in favor of the broader Dodd-Frank whistleblower protections that exist today. Congress could also enact clarifying legislation to the same end.
Compliance officers can also take a few practical steps to understand the lay of the land. For example, take inventory of what whistleblower protection laws do apply to your business. As much as we talk about Dodd-Frank, other laws do provide whistleblowers protection too. The Sarbanes-Oxley Act provides some; the False Claims Act provides some.
In other words, your organization will still have retaliation risk; understanding where and when it applies will be more complicated.
Which brings us to the second point: pay more heed to anti-retaliation as a core value, no matter what the law allows.
Sure, your company can adopt a patchwork of policies, procedures and protocols for whistleblower retaliation depending on what laws might apply to the allegation in question. Or the organization could just, ya know, not stand for retaliation at all. If for no other reason than it’s easier to remember.
After all, claims of retaliation will always be with us. An employee with no grounds to sue over it could still talk to the media, to fellow employees, to the public. The best remedy for those retaliation headaches is, simply, a strong stance of anti-retaliation.
That point, at least, will be true no matter what the Supreme Court decides.