As the SEC takes aim at whistleblower “pretaliation” (attempts to muzzle whistleblowers via confidentiality and other employment agreements—overt or otherwise) ethics and compliance officers need to take practical steps to address the risk, and ensure whistleblower protection.
In a November 2014 blog post, my colleague Carrie Penman highlighted Sean McKessy , Chief, Office of the Whistleblower, was “looking for the first big case” where a company interfered with an employee’s ability to make a report to a government agency.
Sure enough, in late February of this year, Wall Street Journal reporter Rachel Louise Ensign broke the news that the SEC had launched an investigation of whether organizations are “muzzling corporate whistleblowers.” The SEC requested records from a number of companies related to employee contracts, nondisclosure agreements and other evidence that would help them construct that big case.
Despite a subsequent challenge by companies questioning the authority of the SEC to prosecute retaliation claims, a just-breaking, landmark case brought by the agency has succeeded. A large government contractor reached a settlement with the SEC for including anti-whistleblowing language in its confidentiality agreements.
These rapidly developing events inspired a few thoughts about protecting employees who potentially may want to go outside to report misconduct:
- Whistleblower Protection is an Important E&C Risk
To date, protection for speaking up externally has not generally appeared on the risk list for organizations we have interacted with—probably due to the inclusion of non-retaliation language in most codes of conduct and/or separate policies. This assumes the risk is low on the likelihood/significance risk scale and is mitigated by the language in the standards. This is not sufficient mitigation anymore.
"If your risk list does not now include protection for employees who speak up, it is time to add it."
If your risk list does not now include protection for employees who speak up, it is time to add it. Regulations like SOX may now provide protections for victims of retaliation, so this is a legal/regulatory risk as well as reputational risk.
- Do Threats of Retaliation Equal Interference?
While the dictionary does not consider “threats” and “interference” to be synonymous, threats intend to motivate someone to take or avoid action. It is a violation of Dodd-Frank to take “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing or threatening to enforce, a confidentiality agreement.”
Other laws and amendments (e.g. Sarbanes-Oxley, False Claims Act) include prohibitions against threatening potential reporters. Even the OIG departmental whistleblower protection programs include language against discouraging potential employee reporters: “…it is unlawful for agencies to take or threaten to take a personnel action against an employee because he or she disclosed wrongdoing.”
Threats designed to inhibit employees from reporting externally open the door for a consideration of whether or not this constitutes interference. Scarily, such threats (intended or otherwise) may be lurking in employee agreements, separation agreements and other compensation-related documents.
If the SEC successfully prosecutes a whistleblower interference case based on employment agreements or corporate documents that include threatening language, it may invite many more cases of interference—and arguments that the interference precedent could point to violations of a myriad of laws and government agency programs that prohibit obstructing employees’ ability to report externally.
- Is This Just the Beginning of Broader SEC Action?
Other government agencies are likely taking notice of the fact that a fellow agency is examining a range of employment documents and other company data for signs of interference with agency reporting. Furthermore, this may not be all that we will see regarding this case. In 2014 McKessy pledged, “If we find that kind of language, not only are we going to go to the companies, we are going to go after the lawyers who drafted it.”
Practical Steps Ethics and Compliance Officers Can Take To Ensure Compliance With the SEC’s Whistleblower Protection Rules
So, given these developments and the new SEC focus, what actions should ethics and compliance officers take to best protect their organizations—and encourage a speak-up culture?
1. Review your incident reporting protection controls.
- Standards: At a minimum, clear speak up protection standards should be adopted. They must be neutral or silent regarding reporting outside the organization. Most codes of conduct and non-retaliation policies never address the issue. Review your policies and other governance documents for references to reporting misconduct to an outside entity. Make sure they do not contain language to discourage this type of reporting. Confer with your legal department or outside counsel for guidance.
- Education: Conduct a similar review of your training and ongoing communications where reporting protection or responsibilities are mentioned to make sure they do not contain language that could interfere with external reporting.
- Audits: Complete a review of standard employment documents. Look for language that appears to discourage or prohibit reporting to outside agencies. Documents to consider include:
- Employment agreements
- Severance agreements
- Evaluations, performance management objectives, or other documents tied to compensation
- Incentive programs, such as special internal sales competitions, layered on top of annual performance objectives
2. Educate your board, executives and legal team on the risk.
- Board: This evolving area of potential reporting interference is a new twist on the retaliation protection issue. Bring this to your board’s attention and educate them on the possible risk plus how your compliance program is managing it. This should encourage board members to engage in some healthy discussion.
- Leaders: Executive leaders and management involved in inking employee compensation-related documents also need the same education on the risk and some sample red flag language to watch for. HR staff will need a deeper understanding of the issue so they can partner with you to review and monitor this area.
- Legal: Lawyers are likely following this case, but the implications may get personal for them. Include your legal team in your education efforts so they fully understand the risks.
3. If you uncover efforts to stifle reporting, look at your culture.
Attempts to prevent external reporting—or to direct it exclusively to inside resources—may look like the organization has something to hide or may not be committed to doing the right thing. This may especially be true if your internal efforts to change inhibitory language are met with resistance. If this happens, you likely have a bigger cultural problem to tackle.
Regardless of the outcomes of the SEC investigations, the protection of employees’ ability to report compliance concerns should have a prominent place on your ethics and compliance priority list. To best protect your organization—and whistleblowers’ ability to report to internal or external—engage your HR and Legal teams in discussions about the ways your E&C program and the company as a whole might respond.