The thesaurus lists “whistleblower” with “blabbermouth, busybody, fink, nark, rat, and snitch,” all as pseudonyms for “tattletale.” However, nobody told Congress about the negative connotations of reporting misconduct to the authorities. Federal law has long encouraged whistleblowers. Now, the Dodd-Frank Wall Street Reform and Consumer Protection Act takes a huge step forward in whistleblower protection.
Why is whistle-blowing an HR issue? Because the task of drafting and implementing employment policies and processes that reflect the law in this area—and of training managers to enforce and follow those policies and processes—typically falls to the bank’s Human Resources staff.
But before I get into what those policies, processes, and training should consist of, let’s review how today’s “superhero” evolved from yesterday’s “snitch.”
Hotline to the Board
That was one of the financial scandals that provoked the passage of the 2002 Sarbanes- Oxley Act (SOX), which was, until Dodd Frank, arguably the most sweeping corporate reform legislation in U.S. history. Enron executives’ misconduct was ultimately exposed by a whistleblower, accountant Sherron Watkins. SOX prohibited retaliation against financial whistleblowers, backed up by civil and criminal penalties and a new civil cause of action. But that wasn’t all. SOX also mandated that all public companies establish a confidential complaint process whereby employees could report financial fraud and accounting irregularities directly to the Audit Committee of the Board.
SOX was not the first federal law to include a whistleblower protection provision: employment discrimination laws such as Title VII; the Occupational Safety and Health Act; the Fair Labor Standards Act; and the Environmental Protection Act all prohibit retaliation against employees who speak up about violations. And they all give some remedy to aggrieved employees. However, SOX was the first to require employers to actually set up a process for reporting misconduct, anonymously if the employee wishes.
But SOX was not as successful as some hoped in fostering a new attitude to whistle-blowing. To overcome the natural obstacles to whistle-blowing—fear of retaliation, the belief that nothing will be done, suspicion that the reporting individual’s identity will be revealed, and the reluctance to “make waves”—an employee complaint process must be credible.
Too often, companies cut corners in establishing their SOX hotline, relying on a voicemail box or an email address that not only gave no assurance of anonymity, but also, because there was no opportunity to probe for details, left them on notice that something was amiss, but without enough information to act.
Employees who experienced retaliation for speaking up about financial wrongdoing were frustrated by short deadlines for asserting claims and lengthy administrative adjudication procedures.
Dodd-Frank Act: giant step forward for whistleblowers
Like SOX, the Dodd-Frank Act aims to increase corporate transparency and financial accountability. Both laws encourage whistle-blowing as a tool in detecting and preventing misconduct, but Dodd Frank takes whistleblower protection further, as well as setting up a process for whistleblowers to be compensated for reporting misconduct to the Securities and Exchange Commission (SEC).
Expanded Whistleblower Protection
The Act expands the protection accorded to internal whistleblowers in several ways:
• Doubling the statutory period for bringing retaliation claims for complainants to 180 days.
• Expressly covering both publicly-traded companies and any subsidiary or affiliate.
• Establishing a right to jury trial in federal court. Mandatory arbitration agreements, common in the financial services industry, do not apply to whistleblower retaliation claims.
• Establishing the Consumer Financial Protection Bureau, with authority to investigate and commence civil actions against financial services industry employers who retaliate against whistleblower employees.
For those who allege retaliation for complaining directly to the SEC, there are further protections, including:
• A six-year statute of limitations from the date of the violation.
• Double back-pay damages.
• A prohibition on retaliation, regardless of whether the employee “reasonably believes” the complained-of conduct violates the law.
• Ability to file a retaliation complaint directly in federal court—bypassing the Department of Labor administrative process.
Whistleblower Bounty Program
Dodd-Frank’s most controversial encouragement of whistleblowers is the establishment of a bounty program. The SEC, in any action involving sanctions in excess of $1 million, may compensate whistleblowers with up to 30%, but not less than 10%, of the amount of the sanctions for “voluntarily submitted and original information” that aids in the action. The amounts paid are within the sole discretion of SEC, subject to judicial review. In proposed rules published last November
, SEC attempted to head off criticism that the program provides incentives for whistleblowers to bypass well-functioning internal compliance processes, such as ethics hotlines. However, the clarification of the terms and conditions under which the bounty will be paid did little to comfort banks. For example, under the proposed rules:
• A whistleblower cannot benefit from the bounty program if he has been convicted of a crime related to the SEC action, or has knowingly and willfully made false statements to the SEC or other authorities in connection with the action.
• The submitted information will not count as “voluntary” if the employer had already received a request from the SEC about a matter to which the information is relevant. However, if the employer fails to provide the information “in a timely manner,” any submission by the whistleblower will be considered “voluntary.”
• “Original information” does not include submission by an independent public accountant relating to a violation by his client uncovered in the course of a required audit; information obtained by in-house legal, compliance, or audit departments for the purpose of identifying, reporting, and addressing potential non-compliance; or attorney-client privileged communications.
• A whistleblower is only entitled to an award where the information provided either causes the SEC to open a case, and the information “significantly contributed” to its success, or where the information “would not otherwise have been obtained and was essential” to the success of an ongoing investigation.
[A comment letter filed on this proposal by ABA and the Financial Services Roundtable can be found here
Final rules will be issued by July 2011. It is hoped that the final rules will include more realistic incentives to employees to use internal reporting processes first, just as SOX intended.
Now, what can a bank do to make sure internal channels are the route employees will first think to take?
Creating a “speak up” culture
A strong internal whistle-blowing program is the bank’s best means of preventing fraud and serious misconduct. HR plays a crucial role, not just in ensuring minimal compliance with legal requirements, but in creating an environment where employees are encouraged to speak up without fear of retaliation.
An essential first step is the establishment of an ethics hotline. FDIC has issued guidelines
to ensure the hotline’s effectiveness:
• Awareness: Market the hotline’s existence using newsletters, posters, policy manuals, and internal and external bank websites.
• Define reportable events: To minimize inappropriate complaints, define the type of situations that merit reporting through ongoing employee training.
• Operations: The hotline should be available 24/7 and be staffed with skilled interviewers.
• Independence: Use a third-party provider to ensure credibility.
• Privacy: The source must remain confidential. Allow anonymous calls.
• Tracking: A robust case management system to ensure adequate follow up and investigation is essential.
• Investigations and reporting: Decisions to investigate should be made on a case-by-case basis. Investigations and conclusions should be reported to the audit committee. Develop internal controls to prevent future incidents.
An equally critical element in an effective program is training management that retaliation against whistleblowers is not only illegal, but undermines the bank’s efforts to ensure that misconduct is reported internally so that the bank can address it promptly with the minimum of damage, rather than externally to law enforcement or regulatory agencies.
Some executives may remain suspicious that employees will manufacture whistleblower complaints in order to ward off discipline or termination for poor performance by gaining the protection of the prohibition on retaliation. These cases are probably a small minority, and should not lead you to abandon or neglect a whistleblower program.
It takes time and consistent communication and enforcement to change the reticence of both employees and managers towards whistle-blowing. The obstacles that dissuade employees from speaking up need to be acknowledged and addressed, while at the same time working thoughtfully through the reasons why executives may be reluctant to recognize whistleblowers, if not as superheroes, at least as the foot soldiers of an effective compliance program.