Whistleblower Compliance
Whistleblower Compliance: Risk Mitigation for Your Compliance Regime
Summary
Running a compliance program with hindsight as your driving factor provides little value to an organization. For example, when a a claim turns to litigation, it’s can sometimes be too late to make related changes to a compliance program that have an impact on the case. Your program didn’t address the issue before the activity occurred and the uncertainty of adequacy becomes real and processes seem overwhelming. Steven Pearlman, partner at Seyfarth Shaw L.L.P., specializes in pre-trial preventative counseling, litigation defense and post-trial remedial measures and understands these issues. Over the past year, regulatory changes to Sarbanes-Oxley (SOX) and Dodd-Frank Acts have required increased awareness and attention to the rules your organization has in place to govern whistleblowing. The expectation of compliance with new rules is increasingly robust. In the EthicsPoint webinar, “Understanding the New Whistleblower Regime and How To Minimize the Risks,” Pearlman explains the methodology, developed at Seyfarth Shaw L.L.P., to initiate an update process and sheds light on key clarifications to test the adequacy of your program. This webinar is a great resource for those who building or remodeling a compliance program. The following is a brief overview of what was discussed and conclusions drawn during the discussion.
Sarbanes-Oxley Whistleblower Compliance
As Pearlman indicated, initially SOX established new standards of accountability and oversight for publicly traded companies and promised powerful protections for whistleblowers who reported corporate fraud and malfeasance. The seriousness of resulting litigation and increased focus on combatting corruption and bribery have changed the way we look at conducting business. The problem or confusion arising from currently enforced compliance law is the lack of continuity across the business communities; currently companies, and even entire industries, can essentially choose their level of involvement with whistleblower compliance. Unfortunately for those organizations, negligence is not considered a defense for non-compliance. Earlier in 2011, jurisdiction of SOX, in addition to the implementation of Dodd-Frank, vastly expanded the scope and breadth of whistleblower protections to include private subsidiaries of publically traded companies.
The May 2011 decision, Sylvester v. Parexel Int’l LLC,clarified the broad scope of protected conduct for SOX whistleblowers. There are three main developments from this decision: a complaint doesn’t need to include any language the whistleblower had a “good faith” belief there was fraud, the report can be considered to adequately inform of fraud, even if the fraud has yet to happen, and a report doesn’t need to “definitively and specifically” be related to fraud in order for a penalty to be issued. As long as the whistleblower attests to the loss, or potential for future loss, of money it can be considered fraud.
Whistleblower Types
Pearlman elaborated on certain legal perspective whistleblower cases, those not often explored by compliance departments. From a legal perspective there are two defined types of “whistleblower.” The first type is defined by those trying to gain leverage, or power, against their employer for the purpose of gaining a severance package or an employment opportunity. The second type of “whistleblower” is defined by people who see themselves as an extension of the government. These individuals consider it their civic duty to report illegal activity, are not really motivated by money, and seldom will take settlements. As we learn more about what motivates whistleblowers, there will be greater emphasis on identifying and educating the different profiles and understanding how compliance and ethics departments can answer the needs of both these types of reporters.
Sarbanes-Oxley Whistleblower Litigation Structure
The Sarbanes-Oxley whistleblower reporting process contains two main steps: the report investigation and the court hierarchy.
First, noted Pearlman, a whistleblower must file a report with the Occupational Safety and Health Administration (OSHA). Whistleblowers may report internally if they choose. Though many assume that an employee cannot report internally before reporting to OSHA, this is false and often a lost opportunity for employers and compliance professionals to encourage internal reporting. Whether reported internally or not, a report must be filed with OSHA within 180 days of the incident. After the report is filled, it goes through a rigorous litigation process at OSHA. There are three pieces of evidence OSHA requires to begin the investigative process: the submission of three different position statements, sources of documentation and live witness interviews.
In the second step, the compliant goes up the chain of command at the Department of Labor (DOL) to the administrative law judge at OSHA for adjudication. After the ruling is given by the judge there are two possible options for appeal the whistleblower can pursue:
- First option: Even if the employer wins the summary decision, the employee has the ability to kick the claim to Federal District Court. The Federal District Court has a three-step appeal process: right to trial by jury, federal circuit court of appeals and, finally, the United States Supreme Court.
- Second option: If the employee does not want to kick claim to federal court, then the claim goes from the Administrative Review Board to the Federal Circuit Court of appeals.
Both options are lengthy and take time to mature. However, better understanding of the reporting process can help companies teach and encourage internal reporting.
Most of this information is murky to the majority of those charged with developing compliance programs or those who face litigation. With nearly 50 whistleblower regulations spread across 33 governing bodies, it is nearly impossible to remain up to date with an ever-evolving industry such as compliance, where new precedent is added every day. As whistleblower compliance becomes better defined, companies must understand the risks they face and create internal processes to address the dangers. Since the strategies to combat risk are just continuously changing as legal precedent, any clarifying information is a huge asset for compliance development. Compliance professionals need the resources, tools, and strategic partners top build their programs in a way that is effective and sustainable for their organizations. A perceived problem is often the lack of momentum between “compliance theory” and “compliance management.” In my option, looking at Pearlman’s insight can help you find practical examples to gain traction and streamline compliance process.
Whistleblower Compliance Webinar
The SEC recently issued its final regulations to Dodd-Frank's whistleblower bounty provisions. This presentation will highlight salient aspects of those provisions, identify the attendant risks, and provide practical ways to head-off whistleblower claims and strengthen defenses where litigation is unavoidable.
Check out our archived webinar to learn about whistleblower compliance and the Dodd-Frank Act.
About the Author
As EthicsPoint’s Director of Marketing, Jeff Mills is responsible for developing and executing marketing strategy, customer acquisition, and prospect cultivation, branding, interactive marketing, PR, analyst relations programs. Jeff brings more than 10 years of experience in sales and marketing, the last eight of which have focused entirely on interactive marketing and customer acquisition. Prior to EthicsPoint, Jeff worked as Vice President of Products and Director of Strategy and Sales for an interactive marketing agency. And prior to that as a researcher and project manager for Gartner.