Whistleblower awards from regulatory agencies seldom make news in corporate compliance circles anymore, but two recent items from the world of whistleblower awards do deserve compliance officers’ attention. They’re a reminder of the need to take internal whistleblower reports seriously.
First is news from the Justice Department that it launched its own whistleblower awards program, similar to whistleblower award programs already run by the Securities and Exchange Commission, the IRS, and other government agencies.
The program’s basics are straightforward. People aware of criminal misconduct at a company can bring their concerns to the Justice Department. If their tip results in some sort of monetary settlement, they can receive up to 30% of the net proceeds (that is, whatever remains after compensating victims and paying other costs associated with the case). The department even has a dedicated, easy-to-use website where people can submit their tips.
That awards program may sound good in theory, but it poses a problem for corporate compliance programs. If an employee at your company becomes aware of an issue and reports it directly to the Justice Department, then your company would lose its chance at winning credit for voluntarily disclosing the matter to the Justice Department yourself. So, the awards program could be a disincentive for companies to self-report.
To avoid that potential pitfall, the Justice Department also tweaked its rules for voluntary self-disclosure so that a company can still be eligible for those self-disclosure benefits (avoiding a monitor, lower penalties, and the like) even if a whistleblower has already alerted the department to the violation in question.
Specifically, if a company receives a whistleblower’s internal report and then self-discloses those allegations to the Justice Department within 120 days, and the Justice Department has not yet reached out to the company directly; then the company remains eligible for all voluntary self-disclosure credit even if the whistleblower has already submitted the information to the department.
That’s good news for corporate compliance programs, but beware. It also means your company needs to think carefully about what it discloses to the Justice Department, because an internal whistleblower might already have told prosecutors the details of your issue.
Which brings us to the other recent news in whistleblower awards.
A $37 million affirmation of internal reporting
One week before the Justice Department unveiled its whistleblower awards program, the Securities and Exchange Commission handed out a $37 million award to some intrepid whistleblower.
As usual with SEC awards, we don’t know the company involved, what misconduct it committed, or any other salacious details. What the SEC said about how the whistleblower’s case unfolded, however, is fascinating.
The whistleblower first reported their concern to the company’s internal reporting hotline. Then, the SEC said, the whistleblower “persisted in reporting the misconduct internally” – which suggests the company wasn’t terribly responsive.
Eventually the company did investigate the allegation and decided to self-report the matter to the SEC, but by then the whistleblower had already gone to the SEC directly and was cooperating with the agency. “Without the whistleblower’s ongoing, extensive, and timely assistance, the staff would not have learned the full context and extent of the employer’s misconduct,” the SEC said.
Read between those lines, compliance officers! The whistleblower tried to do the right thing and report internally; but the company slow-walked its investigation into the matter; so the whistleblower went to the SEC and spilled the beans. By the time the company decided to self-report, the SEC already knew about the issue and knew the company wasn’t entirely forthcoming with its self-report.
We don’t know what happened next, but a whistleblower award of $37 million implies a monetary settlement for the company in the range of $120 million to $370 million. That’s an expensive way to learn the importance of taking internal whistleblowers seriously from the very start.
Think about self-disclosure decisions
The message here for corporate boards, management teams, and compliance functions is to think about (1) how you respond to whistleblower complaints, and (2) how you work through the decision of whether or not to self-disclose a matter to regulators.
After all, you might not know when a whistleblower who has already reported something to you might decide to bring that concern to regulators, too. By the time your company gets to the regulator in question, that agency might already know all about your issue. It might already know that you’re not being as forthcoming as possible, or that you sat on important information for many months. What signal would that convey about your culture of compliance?
Here and now, compliance officers should take two steps.
First, keep working to demonstrate responsiveness to internal whistleblowers. When they submit a report, send them a receipt. Send them updates at regular intervals, even if you can only tell them the case is ongoing. Tell them when the matter is resolved, even if you can’t tell them how it was resolved. Let whistleblowers know they are heard.
(As a sidebar, let’s also remember that regular response to whistleblowers isn’t just a good idea; it’s also a requirement of the EU Whistleblower Protection Directive.)
Second, develop a formal process to consider when and how to self-disclose to the government. Yes, each decision is likely to be unique to the facts involved; and yes, that discussion will involve the general counsel, outside counsel, the management team, and probably even the board.
A formal process to guide those conversations, however – so everyone can be clear on the potential implications of disclosing or keeping quiet – is critical. When internal whistleblowers can so easily into external whistleblowers, the stakes are simply too high to debate questions of self-disclosure informally or on the fly.
Moreover, the compliance officer should be part of that self-disclosure decision process. You can be a voice arguing for the company’s ethical values and corporate culture, which might suffer terribly from a decision to keep quiet. Plus, you might also know details of the report that put the decision into a different light.
The bottom line is that whistleblower awards are here to stay. They add an unstable element into your calculations about how to handle an internal report. If your company doesn’t invest more effort in caring for whistleblowers, and considering their information carefully, those unstable elements could blow up in the company’s face.
Ready to level up your hotline and incident management?
An internal reporting program that stands the test of time requires a qualified team to thoroughly investigate and resolve reports and a hotline and incident management software to manage the process. No matter your business size or locale, NAVEX has you covered. Ready to learn more about NAVEX Hotline and Incident Management? We thought so – click the link below to find out more.
