Setting up antiretaliation protections for the people who call out companies on alleged illegal practices was a major objective of the Sarbanes-Oxley Act and the modifications to SOX included in the Dodd-Frank Wall Street Reform and Consumer Protection Act. According to attorneys from Ogletree, Deakins, Nash, Smoak & Stewart, these two laws, plus a recent U.S. Supreme Court decision and a heightened enforcement environment, all add up to the need for companies to show extra care for whistleblowers and their complaints.
A recent webinar from Ogletree Deakins, “The Need-to-Know on Expanded Sarbanes-Oxley Coverage,” laid out the legal landscape for whistleblowers, and provided some advice on how to build a thoughtful and effective compliance regime to deal with the issues they raise.
There are several reasons to pay attention to whistleblowers under SOX. Not the least among them is the increased likelihood that the U.S. Department of Labor Administrative Review Board (ARB) is taking a less pro-business stance. The ARB, which is in charge of cases appealed beyond the DOL and administrative law judges, is now shifting focus away from procedural problems that parties in these cases often have. “The ARB said: ‘We’re lowering the bar, so that cases can be determined on the merits,” said Ogletree Deakins shareholder Margaret Campbell, who explained that until the last two or three years, the ARB had always been fairly pro-employer.
Another problematic development for employers is that the coverage for SOX whistleblower provisions appears to have expanded last month with the Supreme Court’s ruling in Lawson v. FMR. The court said whistleblowing provisions under SOX and Dodd-Frank apply not just to employees of the publicly traded companies covered by SOX, but also to employees of private companies who work for publicly traded companies, in addition to contractors and subcontractors.
Jeffrey Dunlaevy, also a shareholder at Ogletree Deakins, pointed to the issues raised by the dissenting opinion in Lawson. “The dissent said this change, this expansion, is going to make a lot of employers covered who never would have anticipated that they might be covered,” he said. This could include, for example, outside attorneys or accountants. Hypothetically, a gardener or a babysitter working for an employee of a publicly traded company might even count as a covered whistleblower under SOX.
“So basically, now that the Lawson decision has come down, we have two tiers,” said Dunlaevy. “All along we knew about tier one, which is employers, contractors and agents of a public company. But the trick now is to figure out who’s in tier two.”
Although some legal questions about the nature of this “second tier” remain in doubt, the Ogletree Deakins lawyers explained that it’s still essential for companies to have compliance programs designed to take whistleblower claims seriously. “Obviously, they are going to vary based on the size of the employer and the industry, and it’s not a one-size-fits-all scenario,” Dunlaevy said. “But with the scope of the coverage that we’re looking at post-Lawson, it makes sense for employers to put these in pretty much across the board.”
Essential to any compliance program, Campbell noted, is a formal code of conduct for employees. She recommends having all employees recertify every year they understand the code and they know of no violations occurring. “Those [recertifications] are important in a couple of ways,” she said. “First, because you want the chance to find out if there’s a problem and fix it. But second, if you have someone who is consistently saying there are not any problems, and then they come forward and say ‘Well, I was a whistleblower and I was retaliated against,’ you’ve got a good record that they had given you no reason to believe that there were any concerns.”
Campbell also emphasized the importance of training, including job-specific training for those in senior executive roles, in order to reinforce compliance messages, and the importance of having a hotline for anonymous compliance violation tips.
In addition to helping companies stay in compliance and preventing internal lawbreakers from getting away with violations, these programs also go a long way in making external investigations go more smoothly for companies, Campbell explained. When an employee breaks the law, the company is less likely to take the fall collectively when it has a solid compliance program.
“We’ve seen that the enforcement agency will take action, and sometimes pretty harsh action, against the employee who has gone rogue and has violated the company’s standards and practices,” Campbell said. “But it will not punish the company because it will say that this company has implemented and maintained a robust and continuously improving culture of compliance, and it has functioned the way that it was supposed to.”