As we roll into the new year, e-mail in-boxes are flush with the latest “predictions” from business, political, and legal commentators. Legal commentators, in particular, are focused on how the Trump administration’s much anticipated roll-back of regulations will affect the enforcement environment and the government’s willingness to prosecute corporate crimes. While some regulatory areas may see change and there may be fewer cases “on the margins,” “whistleblower” reports of corporate misconduct continue to rise and it is unlikely the government will abdicate its responsibility to investigate serious misconduct, such as fraud, bribery, insider trading, and anti-competitive behavior―all of which hurt investors and the marketplace.
2017 will undoubtedly bring its share of change, challenges and new crises. Although an organization may be able to identify where some of its business, legal, and reputational risks lie, it is impossible to foresee everything that might go wrong or from where the first hint of a problem might emerge―through an internal report to a supervisor, a whistleblower hotline report, a visit from federal agents, a government subpoena, a news report, a tweet, or documents leaked on the internet. Given the wild ride of 2016, it seems prudent to revisit strategic and practical considerations on how best to not only get ahead of problems that may arise but also become more nimble and tactical in how an organization responds to “the unexpected”―whether it is a legitimate report of wrongdoing or an attempt to harm or sabotage an organization through misinformation.
Whistleblower Reports of Possible Corporate Misconduct Are at an All-Time High
There are a number of federal statutes that provide mechanisms for reporting misconduct and monetary rewards. According to U.S. government reports, whistleblower activity is at an all-time high, resulting in billions of dollars in fines and hundreds of millions of dollars in whistleblower recoveries across various federal programs that implement laws such as the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank) and the False Claims Act.
Section 21F of Dodd-Frank provides a framework for protections and rewards for whistleblowers who voluntarily provide original information about violations of U.S. securities laws. In its FY2016 annual report, the Securities and Exchange Commission’s (SEC) Office of the Whistleblower stated that since the inception of the program in 2011, the Office of the Whistleblower received over 18,000 tips and issued over $100 million in awards for information and assistance that led to enforcement actions representing over $584 million in sanctions (including more than $346 million in disgorgement and interest). In FY2016 alone, the SEC received over 4,200 tips (a 40 percent increase since FY2012), originating from 67 foreign countries and the U.S., on issues ranging from corporate disclosures, manipulation, offering fraud, foreign bribery, insider trading, and pricing, among others. The agency also issued over $57 million in whistleblower awards, more than the previous years combined. One whistleblower award was $20 million and several others represented multi-million dollar awards to individual whistleblowers. The Commission also brought several cases that drew a new line in the sand on the reach of the Dodd-Frank anti-retaliation provisions. Not surprisingly, the SEC brought enforcement actions against companies for affirmative retaliation against employees who reported wrongdoing but it also brought several actions, including stand-alone actions, where severance agreement non-disclosure language was deemed to “end-run” the SEC whistleblower program by discouraging potential whistleblowers from reporting misconduct to or cooperating with federal authorities. The SEC focused, in particular, on language that: (i) prohibited employees from voluntarily reporting to or cooperating with the government; (ii) required non-disclosure as a condition of receiving severance or other post-employment remuneration; (iii) required employees to forego whistleblower awards as a condition of retaining their severance or other post-employment remuneration; or (iv) required non-disclosure without notification to and approval by the company.
The U.S. Department of Justice’s press releases on the False Claims Act also touted additional significant whistleblower activity and even more staggering fines and awards. The DOJ reported that since January 2009, it has recovered more than $31.4 billion through False Claims Act cases. A large percentage of these cases are in the life sciences and financial sectors but they range across other industries as well. In FY2016 alone, whistleblowers filed 702 qui tam suits, the DOJ recovered $2.9 billion through these and earlier filed suits and the government awarded to whistleblowers a total of $519 million. These suits and whistleblower responses to areas of concern are becoming more sophisticated as employees turn to seasoned whistleblower counsel who aggressively market their services and actively seek out employees who may have issues to report.
Other agencies, including the U.S. Department of Labor and the Internal Revenue Service, are also reporting upward trends in whistleblower activity and related government action, including punitive actions for retaliation or conduct that impedes whistleblowers from reporting or cooperating with government investigations.
“Whistleblowers” Are Here to Stay
Regardless of what the new Trump administration does to Dodd-Frank or other regulations, “whistleblowers” are here to stay. In today’s society, the workforce has higher expectations for their employers and how they are treated. When people feel they have witnessed wrongdoing or feel “wronged” (whether it is justified or not), they will likely find a way to report it―overtly or anonymously―to the company or the government, or through other means such as media outlets or social media. Unfortunately, technology also gives disgruntled employees―and others who may disagree with the company or its executives―the power to report and spread misinformation faster than companies can dispel it. Companies need to accept these new realities and their implications, and need to be more nimble and better prepared to deal with them.
Takeaways to Help With Today’s “Whistleblower” and Technology Realities
- Recognize that successful, global companies will face problems. First and foremost, companies must accept the proposition that they will get legitimate reports of wrongdoing. It’s a fact of life in any global enterprise. The important question is how well an organization will respond when issues surface.
- Understand where your current business risks lie based on the business today and where it is going tomorrow; if your risk analysis is based on the business of yesterday, you are looking in the wrong direction. Far too often, compliance programs and reporting mechanisms fail to evolve with new business realities. New business ventures, new markets, new product lines, new supply chains, and management turnover will undoubtedly change and may increase risk profiles. The company’s processes should be modified to address this evolution―hopefully in real-time. Anticipate as best you can where your risks lie and have response plans in place to stop wrongdoing and manage the fallout when it occurs, but remain flexible if faced with issues you never saw coming and don’t ignore obvious signs of trouble. These response plans should include coordinated compliance and ethics, legal, business, and media strategies and, as needed external resources to guide the company, to ensure negative fallout is minimized.
- Recognize the need to revisit compliance and ethics messaging during significant periods of employee turnover, new business ventures, and management changes. Newly integrated management and personnel must be aware of not only the company’s resources for reporting concerns but also the company’s commitment to protecting employees against retaliation. Make sure employees associated with new business ventures are aware of risk areas and the company’s policies, including where they can go with concerns. Foster open lines of communication and a “speak up” environment. Make it clear that the company takes reports of wrongdoing seriously. If you want to know about problems before the government or social media, employees must have trust that the company will respond appropriately and with integrity.
- Understand what motivates your employees and potential whistleblowing. How well do you understand your workforce and its composition? Do you know what motivates them? Are you familiar with their work environment and the pressures they face? Employees who work in an environment of extreme pressure and with managers who behave badly are more likely to witness unethical behavior and face pressure to operate in the gray area. While some may succumb to the pressure, others will not (or not for long), and it is important to note that younger employees, the Millennials, have different expectations of employers and their sense of loyalty to companies is more limited. Long gone are the days of the “IBM family” where people stayed with the same company for their career. Today’s work force is more willing to leave, buck the system, and voice discontent if they see “injustice.” And if you won’t listen to their concerns, someone else will.
- Most employees report possible wrongdoing or perceived unfairness to the company first. In the absence of a response or action, they will find a new audience or use other means to “right the wrong.” In virtually every significant corporate investigation we have handled, inevitably we learn that someone tried to report the problem but the report was stifled or fell on deaf ears, or the employee did not feel that it was adequately addressed. Make sure you are listening for potential problems and hearing what people have to say. With each complaint, be attuned to separating out the “I hate my boss rant” from legitimate compliance issues that need to be addressed. This is not always easy and requires skill, patience, and savvy. Sometimes you need to read between the lines and look past the rant to see a critical failure.
- If you get a whistleblower report, act quickly, sensibly, and strategically. It is important to understand the allegation and any evidence that may corroborate or refute the allegation. Consider whether the nature of the report warrants the involvement or advice from outside counsel, and document what you find. If the allegations are confirmed, stop the offending activity, remediate as necessary, and assess the current and prospective legal, business and reputational risks. Addressing the problem internally may not be enough. Whether or not the company discloses any information to the government, it needs to have a prospective plan in place in the event negative information is leaked or makes its way to the government first.
- Stay close to employees who report wrongdoing to show support and manage against actual or perceived retaliation. In the absence of information or a response, people assume the worst. It takes courage to “speak up” and put yourself on the line. It takes even more courage and fortitude to wait in the wings for the company to assess the problem and take action. If an employee feels isolated or perceives retaliation, he or she will find someone else to talk to. Even the worst situations can be managed but it requires ongoing awareness, communication, and commitment to objectively assess whether there is a limited or widespread problem and to affirmatively address it.
- You cannot prohibit or discourage whistleblowers from reporting illegal conduct to or cooperating with the government. You are not required to give them a roadmap to reporting but you can’t muzzle them either. Don’t make an avoidable mistake by taking non-disclosure/non-disparagement clauses too far but remember that a company can strike a delicate balance without compromising all of its interests. Seek counsel.
- Document how you handle employee complaints, including findings that support or undercut any claims and how you handle the employee. This documentation will go a long way to show any interested party that the company did the right things and to limit direct and collateral damage the employee might otherwise cause through government reporting, qui tams, and private rights of action.
- You will face employees or outsiders who intend to do you harm. Organizations need to prepare for those who seek to affirmatively harm the company, its executives, or its employees through malicious communications and false information. Such communications, the leaking of information, acquisition of sensitive information by third parties, and the emergence of “fake news” are new real-world problems. The fact that you are unfairly targeted by bad actors won’t matter nearly as much as how you respond both to identify the bad actors to shut down and discredit unscrupulous behavior, and to keep the organization focused on its core objectives.
In sum, no one can predict where the next crisis is on the horizon. If 2016 taught us anything, the lesson is that we should expect and prepare for the unexpected and―when problems rear their ugly heads―we need to do a better job of: (1) understanding the direct and collateral consequences; and (2) being more proactive, creative, nimble, tactical, and resilient in responding to them. Don’t stick your head in the sand and wish problems away, and don’t wait for them to happen. If you get caught by surprise and have to live through the fallout, you’ll wish you had taken a more proactive approach.
*This article first appeared in Bloomberg BNA’s Corporate Law & Accountability Report, January 30, 2017.
ABOUT BAKER BOTTS L.L.P.
Baker Botts is an international law firm of approximately 725 lawyers practicing throughout a network of 13 offices around the globe. Based on our experience and knowledge of our clients' industries, we are recognized as a leading firm in the energy and technology sectors. Since 1840, we have provided creative and effective legal solutions for our clients while demonstrating an unrelenting commitment to excellence. For more information, please visit bakerbotts.com.