Whistleblower Compliance Requires a Culture of Speaking Up

This is the third article in a series presenting post Dodd-Frank Act best practices for in-house counsel and compliance professionals. Two and a half years after its passage and more than a year after key rules went into effect, the Dodd-Frank Acts whistleblower program has generated some 3,000-plus tips, complaints, and referrals, and yielded its first announced SEC enforcement action in 2012. Though the full scope of the program continues to unfold, the fact that more than 3,000 individuals believe they have stories to tell sends a clear signal that regulated entities had better be ready to react if and when a whistleblower investigation arises.

With the U.S. Securities and Exchange Commission now paying whistleblowerseven anonymous whistleblowersa bounty for information that leads to a successful enforcement action with sanctions of $1 billion or more, its more important than ever that companies establish and support a culture of speaking up. In this new regulatory environment, the role of criticism, especially self-criticism, has been fundamentally transformed. To stay ahead of regulators, a company must be more self-critical, and more active in internal investigations and reporting, than ever before.

Thats because the SECs Dodd-Frank whistleblower rules give potential whistleblowers an incentive to self-report to their employers before they turn to the regulators. This is good news. Generally speaking, the sooner a company learns it has a problem, the better its chances are of fixing the problem on its own.

However, creating a true culture of speaking up is no simple task. Enticing potential whistleblowers to report alleged wrongdoing internally requires an extraordinary level of trust on the part of whistleblowerstrust that their stories will be properly addressed, without retribution. Building that type of trust requires leadership, honesty, keeping faith with employees, and any number of other virtues that are difficult to build into a flow chart.

In other words, simply establishing an in-house reporting hotline will not suffice.

While theres no single best way to prepare for this level of self-criticism at a company, several steps should be considered. Start by identifying which internal organization will oversee the program. Placing it under the auspices of the legal or compliance departments is a natural first step, although an internal audit or an internal fraud investigative unit may also be an option. Since legal and compliance professionals are often the first persons contacted when an employee has a story to tell, few would argue that the best place to report a legal problem is to the law department, or a compliance problem to the compliance department.

In addition, because of existing training operations, these departments are already well suited to oversee an outreach initiative. That could go a long way towards enticing a potential whistleblower to pick up the phone.

Next, the company must decide exactly who will listen when an employee has a painful story to tell. Someone within the organizationperhaps the general counsel, the chief compliance officer, or a corporate ethicistmust be designated to lead the program. In general, the higher the individuals profile as a trustworthy point of contact, the better. The ideal candidate will have authority, independence, and a reporting link directly to the top of the organization.

Once the individual is identified, steps must be taken to spread the word about his or her availability, including the terms of access andjust as importantlywhy he or she should be trusted. It should be emphasized at the outset that conversations will be kept confidential to the fullest extent permitted by law and that the persons accessibility is part of an overall organizational philosophy, such as a particular approach to quality assurance.

In this case, telling potential whistleblowers my door is always open is not enough. To resolve issues internally, a company must protect the people who bring problems to its attention. As a legal matter, antiretaliation provisions have been a recurring element in all SEC self-reporting initiatives. They appeared in the Sarbanes-Oxley Act as well as the SECs compliance and whistleblower rules. Careful consideration, therefore, must be given to these requirements and the protection of sources, because the first employee who reports an issue and is burned will likely be the last.

Finally, once an allegation has been made, internal processes must be in place to investigate. The commitment to learn the truth should be made formally and explicitly at the outset of a crisis. The right tone can be set by a senior executive who says: I want to know what happened here, and I want to know it as soon as possible. Such a mandate will animate the entire response.

When the SEC issued its 2001 Cooperation Releasethe first and still the most important statement of its expectations regarding self-reportingthe agency set out the following considerations, which can serve as something of a checklist when considering how to respond to an internal whistleblower:

A company must be able to demonstrate that it conducted a thorough review of the nature, extent, origins, and consequences of the conduct and any related behavior.
Regulators will want to know, for example, whether management, the board, or committees consisting solely of outside directors oversaw the review, and whether company employees or outside persons conducted the review.
If outsiders conducted the review, the firm will also need to report whether they had done other work for the company.
If outside counsel conducted the review, regulators will need to know whether management had previously engaged the law firm for other matters.
Regulators will surely need to know whether there were any scope limitations placed on the review, and if so, what they were.

Despite the obvious need for greater self-criticism, companies can take some comfort in the fact that empirical evidence cited by the SEC in favor of the whistleblower rules suggests that most potential whistleblowers will, at the outset, try to resolve the matter internally. In fact, the adopting release pointed to experience under the False Claims Acta whistleblower program focused on the defense contracting industryto suggest that roughly 90 percent of persons who eventually filed an action also reported the misconduct internally. During consideration of the rules, an SEC commissioner who favored the rules pointed to other studies supporting a similar conclusion.

Further, the SEC has indicated that it encourages potential whistleblowers to first utilize internal compliance systems. How many of the 3,000-plus fiscal 2012 whistleblowers reported internally first is not yet known, but companies should not hesitate to take the SEC at its word and move forward with a program that develops and encourages a culture of speaking up.

The truth can exculpate as well as condemn, which makes learning the truth essential. If a company can put the proper internal reporting mechanisms in place and favorably address the checklist above, it will have a solid basis for stating that it is committed to doing just that.

John H. Walsh is a partner at Sutherland Asbill & Brennan. He previously served for 23 years at the U.S. Securities and Exchange Commission, where he was instrumental in creating the Office of Compliance Inspections and Examinations.

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More