2018 Summer of Compliance | NAVEX Global

Who IS the Whistleblower? SCOTUS Defines in New Ruling

In an expected ruling, the Supreme Court held that Dodd-Frank’s anti-retaliation provision does not extend to an individual who has not reported a violation of the securities laws to the SEC. The court signaled this outcome in the oral arguments and in the end, the decision was 9-0. It turned on the textual and legal definition of who is “whistleblower” within the statute. From the ruling:

Sarbanes-Oxley applies to all “employees” who report misconduct to the Securities and Exchange Commission (SEC or Commission), any other federal agency, Congress, or an internal supervisor. Dodd-Frank defines a “whistleblower” as “any individual who provides . . . information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.”

There will be a lot of discussion in the compliance and legal press about what this means for organisations and their compliance programmes. There will also be discussion as to whether consideration should be given to modify the language in Dodd Frank to expand the protections. We will see how this all plays out.

In the end, what this ruling really highlights once again is the importance of organisational culture and preventing retaliation from occurring in the first place. We know that culture always supersedes legal compliance and one could make the case that all of this discussion falls into the area of looking for legal loopholes rather than focusing on the spirit and intent of strong ethics and compliance programmes.

Time and time again, research shows that employees much prefer to report an issue to their immediate supervisor than to have to take it up the management chain or outside the organisation. Time and time again, the agencies report that employees have tried to raise their concerns internally before coming to them. And yet, we continue to think we can dictate the “terms and conditions” of taking issues outside the organisation. We cannot.

Any board of directors or senior leadership team that sees this ruling as an opportunity to take the pressure off strong oversight of reporting practices will do so at their own peril. The outcome of this ruling will likely be that more issues are taken directly to the SEC without the opportunity for an internal review.

We know that many of these issues – both accounting issues and claims of retaliation – are already going directly to the regulatory agencies. This problem existed before this most recent ruling because these employees do not trust that the issue will be handled appropriately internally.

And now, we are seeing very public evidence of these whistleblowers finding alternate channels to make their voices heard.

A Stronger, Bolder, Louder (and More Incentivised) Whistleblower

The whistleblower is starting to sound very different. It’s a little stronger, a little bolder, and a little louder.

A review of the SEC whistleblower programme’s 2017 Annual Report to Congress gives us a quantifiable look at the monetary force behind this voice. Since the SEC issued its first whistleblower award in 2012, it has proceeded to award approximately $160 million to individuals who have come forth with a report that led to a successful enforcement action. Fiscal year 2017 was a particularly active year with the SEC doling out three of its 10 largest awards of all time – awarding a total of $50 million (almost a third of all award dollars to date) to 12 individuals. And just last month in March 2018, the SEC issued its largest individual award ever at $33 million.

There is definitely something happening here. More reporters are coming forth with substantiated reports, and the awards for those reports are increasing in number and size.

Going deeper into the annual report, we get a particularly interesting glimpse at the future with a look at the Office of the Whistleblower’s Investor Protection Fund. This is the fund that ensures whistleblower award payments do not subtract from the money to be rightfully returned to investors. Therefore, this is also the fund from which the office will pay out future whistleblower awardees. After the balancing of the 2017 budget, this fund currently has over $320 million dollars in it. That is more than double what the SEC has paid out in all the years it has been in operation. So the SEC is not only poised to maintain its steady growth in annual payouts, but ready to ramp it up as well.

The volume and size of awards are not the only thing on the up. Tips, the submitted reports of whistleblowers, have increased even more drastically. In 2011, the first full year of data from the programme, the SEC received 334 whistleblower tips. A modest start. In fiscal year 2017, the programme received 4,484 tips.

The type of money the SEC is sitting on is not only incentivising reluctant whistleblowers, but it is also fueling investment from an ever-expanding cadre of constituents. This is especially true for venture capitalists who are backing whistleblowers to fuel high-stake cases for a portion of the payout. This type of support makes whistleblowers louder than ever, and more capable than ever to survive, and prevail in lengthy court cases.

Contributed by Greg Keating, Partner, Choate, Hall & Stewart

Key Steps for Your Organisation

External whistleblower reports can thoroughly shake a company, its reputation externally, and its culture internally. Aside from eliminating wrongdoing, there is no benefit to a company by having its dirty laundry aired, litigated and charged on the mainstage. Companies should do their best to ensure they hear and resolve whistleblowers’ reports internally before they are motivated to go outside. Here are a few best practices to not just hear whistleblowers, but to actually show you’re listening.

TAKE A VERY HARD LOOK AT YOUR INTERNAL COMPLAINT PROCEDURE

Your company needs to have a robust whistleblower hotline and incident management system. This ensures employees have multiple channels for reporting. These avenues must also be transparent, and, well, real. As a compliance practitioner responsible for protecting your organisation, you should be testing these channels regularly to ensure reports are being properly received, processed, escalated and ultimately resolved efficiently and effectively.

Additionally, create an environment where employees feel confident in their ability to raise issues internally:

Identify and address cultural and organisational barriers to a “speak-up culture.” Report on culture issues and improvement plans to the board of directors.
Address the issues of fear of retaliation directly. Train managers about their responsibilities, including their responsibilities to escalate concerns. Publish sanitised case studies of actions taken against retaliators. Implement a programme to monitor for potential retaliation.
Ensure that robust escalation policies are in place requiring notification to the board of allegations relating to issues that could cause serious reputational or financial harm to the organisation.
Don’t be lulled into a false sense of security. Just because concerns of retaliation have not been raised through formal channels doesn’t mean that it is not occurring in the organisation. Test the system.

Discover How a Hotline & Issues Management System Builds Trust & Encourages Internal Reports >>

EMPLOY CLEARLY THOUGHT-OUT INVESTIGATIVE PROTOCOLS

Every company should spend time thinking through in advance how it will investigate cases of variant natures and severities. This should include a plan for dealing with the individual who comes forward during the process to ensure they do not feel shunned, ostracised or retaliated against in any way, shape or form.

TRAIN FRONTLINE MANAGERS

Compliance training may be the most important thing companies can do. There needs to be a renewed commitment to training, most significantly for frontline managers. Managers need to understand what a complaint and protected activity look like. And they need to know how to respond to internal reporters. There is no room for responses like, “keep your head down, and I’m sure it will get better.” Finally, managers need to know what they are supposed to do once they get a report, how to escalate it, and what their role is in the investigation.

Whistleblowers, and the internal corporate programmes managing them, have always been an integral part of not just improving corporate transparency, but also improving a company’s performance and bottom line. Today, the voice of the whistleblower is getting stronger and louder and companies need to double down on their incident management processes and efforts to develop a healthy speak-up culture that encourages employees to report internally first. This will ensure companies have a chance to resolve issues before they fester and result in significant reputational or financial damage to their brands.

Request to see the full-length training course, Complaints and Investigations, which helps managers understand their responsibilities and how to avoid common legal missteps.

Tools & Resources

» EMPLOYEE TRAINING COURSE: Whistleblowing, Reporting and Retaliation

Video Preview Here

» WHITE PAPER: Embracing Whistleblowers: Understand the Real Risk and Cultivate a Culture of Reporting

New Voice of the Whistleblower

Contributed by Greg Keating, Partner, Choate, Hall & Stewart

Prioritising Culture Over Compliance

The Current & Future State of Internal Audit

Data Privacy and EU GDPR

The Future of the Compliance Professional

Shanti Atkins, Founder & Board Member, NAVEX Global

Carrie Penman, Chief Compliance Officer and SVP Advisory Services, NAVEX Global

Kristy Grant-Hart, Compliance & Data Privacy Strategist, Author, Consultant, Speaker

Shanti Atkins, Founder & Board Member, NAVEX Global

Carrie Penman, Chief Compliance Officer and SVP Advisory Services, NAVEX Global

Kristy Grant-Hart, Compliance & Data Privacy Strategist, Author, Consultant, Speaker

Sexual Harassment in the Workplace

Workplace Culture and Free Speech