Since the creation of the Securities and Exchange Commission’s whistleblower program in 2011, corporations have had to confront the reality that their employees may go directly to the SEC to report possible securities law violations. Indeed, the whistleblower program, which created financial incentives for employees to report anonymously and offered
protection against retaliation, is working. In 2015, the SEC paid more than $37 million to whistleblowers and received close to 4,000 new tips. It now has more than $400 million in its Investor Protection Fund to pay future whistleblowers.
This creates substantial challenges for businesses, however. When employees bypass internal reporting mechanisms and go right to the SEC, companies lose opportunities for self-disclosure and prompt investigation and corrective action. In a worst-case scenario, the entity is caught by surprise when it receives a subpoena or, worse yet, when agents arrive with a search warrant.
However, risk managers can work with corporate legal, finance, human resources and other members of their organization’s leadership team to take measures that encourage employees to not only report problems, but to report them internally so that the business can identify problems early and minimize their impact.
Building a Culture of Integrity
The whistleblower program has raised awareness about internal crime and fraud committed by employees of U.S. companies. Risk managers can leverage this awareness to strengthen internal anti-crime initiatives, foster vigilance among all employees, promote a culture of honesty and transparency, and increase employee confidence that internal reports can be made without risk of reprisal and will result in appropriate action.
Establishing an ethical culture requires creating a cross-functional team and gaining the active participation of leaders throughout the organization. In addition to risk management, that includes legal, human resources, finance, security, communications, information technology, operations, compliance, sales, marketing and product development. The board’s audit committee should also be informed of this initiative from the outset and may be able to provide oversight and valuable direction. In fact, audit committee members likely have the right experience to help formulate and position such a strategy.
The independence, use and confidentiality of audit committees can be a key element in internal reporting measures. Team members should collaborate on developing and implementing a plan that addresses the unique aspects of the organization, including its structure, industry, nature of operations and employee stratification.
According to the Ethics Research Center’s National Business Ethics Survey 2013, employees report wrongdoing 71% of the time when top management is committed to ethics, but only 56% of the time when ethics is seen as a low priority.
It is critical, therefore, for senior leadership to establish the overall tone by citing integrity as a core value in company meetings, employee discussions, emails and presentations, and consistently reinforce this “tone at the top” through regular communications. Hiring a chief ethics and compliance officer who reports directly to the board can further aid in this effort.
Developing a strong, formal anti-retaliation policy is also important. Fear of retaliation is one of the biggest reasons that whistleblowers do not report issues internally before going directly to the SEC. As a result, the SEC has asserted its authority to enforce federal anti-retaliation provisions and made penalties more onerous for violators. Notably, the statute of limitations for bringing retaliation claims has been extended from 90 days to six years. Further, whistleblowers may bypass the administrative process and bring claims in federal court. The provisions include enhanced remedies, such as reinstatement, attorneys’ fees and double back-pay.
These two cornerstones—senior leadership’s direct involvement and engagement in establishing ethics as a core corporate value, and establishing a strong anti-retaliation policy—are key to encouraging employees to internally report wrongdoing.
It is also critical to establish a strategy for getting employees at all levels to become guardians of the firm’s integrity. Coordinate with human resources and operations to require all employees to participate in ethics training, which can be delivered online and through workshops orchestrated by corporate counsel in conjunction with HR and operations.
Make sure supervisors and team leaders remind employees that they are partners in the firm’s success and that integrity is a core value. To underscore this point, the company should establish and communicate a zero-tolerance policy that applies to all fraudulent activity.
Recognize that communication plays a vital role in building and strengthening a culture of integrity. Reinforce training in emails, team meetings and articles in internal publications. Employees must take personal ownership of integrity and should feel it is their responsibility to report wrongdoing to the appropriate people within the organization before contacting outside agencies like the SEC.
Employees also need to be familiar with the whistleblower program’s incentives for internal reporting. For instance, whistleblowers who first report internally remain eligible for an award for 120 days. Furthermore, they receive credit for all information the company subsequently reports to the SEC. Additionally, they may qualify for an increased reward if the SEC determines that they assisted in the internal investigation. Discussions held in departmental meetings and talks with senior leadership about the whistleblower program can underscore the organization’s emphasis on transparency and encourage internal remedies.
More fundamentally, many companies have incentives that enable employees to accumulate shares of the company’s stock. As shareholders, employees benefit from the company’s performance, which is ultimately linked to its integrity.
Consider leveraging direct incentives as well. Companies have built-in mechanisms for reinforcing integrity whenever they reward employees. When awarding salary increases, bonuses or other incentives, ensure employees know the rewards are not only based on their performance but also on compliance and ethics leadership.
Establishing a tip-line is critical to the success of a company-wide ethics program. Indeed, according to the Association of Certified Fraud Examiners, anonymous telephone tip-lines account for nearly 40% of all fraud discoveries.
Navigating Potential Issues
One challenge with employees internally reporting instances of wrongdoing predictably involves the submission of false reports. Be sure all employees understand that false reporting has severe consequences. Draw a clear distinction between reports made ethically and then proven false and those that stem from an employee’s desire to exact revenge on a supervisor or colleague.
While compliance officers should recognize the potential for intentionally erroneous reports, they need to assess every report and conduct a preliminary investigation with and without the employee. When charges are false and clearly the result of ill intentions, appropriate measures must be taken to deal with the employee.
Challenges also might arise during a merger or acquisition and in its aftermath. Risk managers should be aware they will have to re-engage the company’s leadership and restructure or widen their ethics implementation teams during and following mergers or acquisitions. A merger or acquisition will also require reinforcing the importance of integrity with all employees, including those of the original company and new employees brought in from the other organization.
Similarly, vigilance, training and communication efforts may need to be redoubled during difficult times, as internal crime and fraud typically increase. Be sure to strengthen your company’s initiatives to reinforce its focus on honesty and integrity, as well as the significant roles every individual employee plays in protecting the organization and its interests.
Finally, management must practice what it preaches. When an employee reports wrongdoing internally, that employee must be absolutely sure that: 1) his or her report will be treated confidentially; 2) there will be no negative repercussions or retaliation for bringing it to the attention of appropriate business leaders; and 3) the situation will be thoroughly and promptly investigated.
As the SEC’s whistleblower program continues to draw widespread attention, employers need to strengthen their cultural focus on honesty and integrity, and establish a framework where employees have pride in their organization and confidence that corporate procedures for reporting issues are secure, confidential and carry no negative repercussions. Given their focus on protecting their organizations from enterprise-wide exposures, as well as their frequent and necessary collaboration across multiple corporate disciplines and functions, risk management professionals are well-positioned to play a key role in any initiatives to promote employee honesty and integrity, help keep them on track and make sure they succeed.