Whistleblower Protection Blog : Whistleblower Lawyer & Attorney : National Whistleblower Legal Defense and Education Fund : Whistleblower Protection, Fraud Claims : Washington DC

• All internal reporting systems are not created equal.

Why would a widespread bribery scheme, reportedly well-known to Wal-Mart employees and managers in Mexico, fail to be detected and raised to the highest governing authority through existing reporting mechanisms?    We now know that the whistleblower first notified the legal department through email.  But what about all the other employees “in the know” in Mexico and elsewhere in Wal-Mart? Did none of them trust the internal mechanisms enough to raise the alarm? Or if they did, what happened?  And where was the chief compliance officer?  So far it is alleged that the 2005 complaint was “hushed up” by the General Counsel and senior execs, and never made it to the boardroom. That’s alarming indeed, but not surprising.

Creating and maintaining an internal reporting system requires a lot more than hiring a third party vendor, turning on the phone lines and hanging posters.  Yet I continue to be amazed by the number of Boards and senior management teams who live with a false sense of security simply because they have a hotline or other employee reporting mechanism in place.  (See my open letter to boards on this point.)  Beyond the initial set-up, companies that are serious about compliance establish and enforce strict protocols for managing internal reports from initial intake to final consequences, whether discipline or process improvement.  And this is where the rubber meets the road, as powerful company forces often resist the very processes required for an objective, independent investigation.  As I have written elsewhere, Wal-Mart is Exhibit A, B and C for an independent chief compliance officer (i.e. not beholden to the General Counsel or any other corporate officer) who can oversee, among other things, the integrity of the investigation and the overall internal reporting system.  See “The Real ‘Happy Marriage’ Between the GC and the Compliance Officer.”  An independent CCO with a seat at the table would have been a cautionary voice in the exec decision-making process, and would have had direct, unfiltered access to report the matter to the board. If I were asked to advise a friend or a family member on how to raise a concern, I would recommend that they look carefully at the independence and rigor of a compliance program and internal reporting mechanism before ever pulling the trigger internally.
 

• How a company reacts to internal whistleblowers is a good barometer of corporate culture.

That the Wal-Mart whistleblower tip may have been “whitewashed” in an allegedly sham investigation, underscores one of the prime reasons employees consistently give for not reporting perceived misconduct:  the belief that nothing will be done. 

Forget codes of conduct, training, CEO speeches and awards for “most ethical company in the universe.”  If you really want a good barometer of a company’s culture, and the priority it places on accountability, transparency and ethical leadership, look no further than how internal whistleblower reports are treated.  This is tough business for organizations because the natural human reaction to whistleblowers is usually “seek and destroy.”  As in:“I’m all for openness and transparency and for blowing the whistle on wrongdoing.  Except if the guy is on my team, and then he’s a no good traitor.”   The enormous challenge for companies is how to turn this human knee-jerk response into a safe, transparent environment where internal reporting is valued (and not merely tolerated) and tips are expeditiously, confidentially and professionally investigated.  Potential whistleblowers are nothing if not observant.  Just as they notice misconduct, they also see what happens to those around them who raise their hands.  According to the New York Times, after finding the company’s initial interest in his complaint fade away, the Wal-Mart whistleblower said “I thought nobody cares about this.  So I left it behind.”  How companies react when whistleblowers come forward drives the organizational culture in a direct and lasting way.
 

• Wal-Mart, Dodd Frank aftermath and the Grimm Act:  Another bite at the apple?

How Wal-Mart botched the internal whistleblower’s claim is an ironic postscript to the 2011 Dodd Frank whistleblower debate.  

Not too long ago, a long list of veritable who’s who in Corporate America, led by the Chamber of Commerce (of which Wal-Mart is a prominent member), lobbied hard against the then-pending Dodd Frank whistleblower rules,  in particular against the provision that permitted employees to go directly to the SEC without reporting internally first.  The main objection was that the potentially enormous rewards (10-30% of penalties over $1M) would incentivize employees to bypass internal reporting systems,  undermine company compliance programs and otherwise cause the sky to fall.  See “The Sky Has Not Yet Fallen.”  In a smart balancing act,  the SEC rejected those objections, but created incentives to encourage internal reporting.  Now one year later,  that same corporate lobby is attempting another bite at the apple through Grimm Act (House Bill 2483), which would amend the Dodd-Frank whistleblower rules in a second attempt to require internal reporting as a condition to access to the law’s protections and financial rewards. 

The Wal-Mart headlines should give legislators considering the Grimm Act serious pause.  One of the disconnects in this debate has always been the divergent views on the effectiveness of internal reporting systems.  As noted in a 2011 RAND Symposium report on the topic, the corporate lobbyists based their arguments on the premise that these reporting mechanisms were working just fine, thank you very much,  and that Dodd-Frank was going to ruin years, even decades, of all that good work. In stark contrast, whistleblower advocates argued that many internal reporting programs might look good on paper, but in reality are so flawed that they fail in their mission.  Judging by reports so far, Wal-Mart could well be the poster child for the latter view. 

It will be worth revisiting this list of takeaways as more details reach the public domain.  At a minimum, the impact of the Wal-Mart spectacle on current efforts to curtail both the Dodd-Frank whistleblower rules and the Foreign Corrupt Practices Act will be interesting to follow. But for now,  it’s safe to say that companies may have a lot more work to do on their internal reporting systems,  and the controls surrounding investigations and reporting up the chain, before crying “the sky is falling”  about the Dodd Frank whistleblower program.  

I quote that final line because of a December 15, 2011 Court of Appeals decision from the Seventh Circuit Court of Appeals, styled “DeGuelle v. Camilli et al”, which is a whistleblower retaliation claim. As reported by Richard Renner, in an article entitled “Major Victory for Whistleblowers in Seventh Circuit Says Retaliation is a RICO Violation”, in the Whistleblowers Protection Blog, the Court of Appeals found valid a claim for damages under the Racketeer Influenced and Corrupt Organizations Act (RICO) for the retaliation against a whistleblower who provides information about corporate fraud to law enforcement officers under Sarbanes-Oxley Act (SOX). SOX itself makes it a felony to retaliate against whistleblowers who bring forward such information.

The SOX provision in question states that Congress made it a crime to:

“knowingly, with intent to retaliate, take[] any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense[.]” 18 U.S.C. 1513(e).

The novelty and significance of the Seventh Circuit decision is that it held “When an employer retaliates against an employee, there is always an underlying motivation. In this case, for example, the motivation was to retaliate against DeGuelle for disclosing the tax scheme. Retaliatory acts are inherently connected to the underlying wrongdoing exposed by the whistleblower.”

This means that any company which terminates or in any other way retaliates against a whistleblower may have engaged in a violation of RICO, which itself is a criminal statute. This becomes relevant to Foreign Corrupt Practices Act (FCPA) whistleblowers through the Dodd-Frank Whistleblowers provision. In excerpts from the final Securities and Exchanges Commission (SEC) comments, they stated “Employees who report internally in this manner will have anti-retaliation employment protection to the extent provided for by Section 21F(h)(1)(A)(iii) of the Exchange Act, which incorporates the broad anti-retaliation protections of Sarbanes-Oxley Section 806, see 18 U.S.C. 1514A(b)(2).” In other words, if a person reports internally to a company or externally to the SEC of a FCPA violation and there is retaliation against that person, a RICO claim may arise.

Ladies and Gentlemen, this is scary stuff so your company had better be ready and have a robust investigative protocol in place when an internal report is made. And train, train, train and really, really, really mean it when your company says that it will not retaliate against an employee for making an allegation of a FCPA violation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012