Holy Wal-Mart Whitewash, Batman! Without a doubt, the unfolding Wal-Mart bribery scandal in Mexico (coming soon to a business school case study near you) is ripe for “lessons learned” for governance experts everywhere. But it is also illuminating to drill down a little further and examine the implications from a whistleblower point of view.
It’s true that only some of the facts are known so far, revealed in an exhaustive New York Times 8,000+ word investigative report. But those reported facts are not boding well for the giant retailer. This we know: 1) in 2005, a whistleblower with intimate knowledge of a Mexican bribery scheme (to secure permits and rapidly expand the market share) sent an email raising the flag to the international general counsel 2) although that international GC strongly recommended an expanded independent investigation, she was overruled (and ultimately resigned) 3) the top GC, CEO and “a small group of executives” decided to refer the investigation to the very Mexican GC who authorized the bribes in the first place, who then 5) promptly closed the matter with a finding of “nothing to see here” 6) Wal-Mart decided to “self-report” only after learning of the soon-to-be newspaper expose and 7) none of the execs or legal counsel involved in the handling of the matter have been fired or disciplined, and a few have even been promoted. Whew!
As this tale of corporate whistleblower woe publicly unfolds, what have we learned? Early observations from the whistleblower standpoint:
- All internal reporting systems are not created equal.
Why would a widespread bribery scheme, reportedly well-known to Wal-Mart employees and managers in Mexico, fail to be detected and raised to the highest governing authority through existing reporting mechanisms? We now know that the whistleblower first notified the legal department through email. But what about all the other employees “in the know” in Mexico and elsewhere in Wal-Mart? Did none of them trust the internal mechanisms enough to raise the alarm? Or if they did, what happened? And where was the chief compliance officer? So far it is alleged that the 2005 complaint was “hushed up” by the General Counsel and senior execs, and never made it to the boardroom. That’s alarming indeed, but not surprising.
Creating and maintaining an internal reporting system requires a lot more than hiring a third party vendor, turning on the phone lines and hanging posters. Yet I continue to be amazed by the number of Boards and senior management teams who live with a false sense of security simply because they have a hotline or other employee reporting mechanism in place. (See my open letter to boards on this point.) Beyond the initial set-up, companies that are serious about compliance establish and enforce strict protocols for managing internal reports from initial intake to final consequences, whether discipline or process improvement. And this is where the rubber meets the road, as powerful company forces often resist the very processes required for an objective, independent investigation. As I have written elsewhere, Wal-Mart is Exhibit A, B and C for an independent chief compliance officer (i.e. not beholden to the General Counsel or any other corporate officer) who can oversee, among other things, the integrity of the investigation and the overall internal reporting system. See “The Real ‘Happy Marriage’ Between the GC and the Compliance Officer.” An independent CCO with a seat at the table would have been a cautionary voice in the exec decision-making process, and would have had direct, unfiltered access to report the matter to the board. If I were asked to advise a friend or a family member on how to raise a concern, I would recommend that they look carefully at the independence and rigor of a compliance program and internal reporting mechanism before ever pulling the trigger internally.
- How a company reacts to internal whistleblowers is a good barometer of corporate culture.
That the Wal-Mart whistleblower tip may have been “whitewashed” in an allegedly sham investigation, underscores one of the prime reasons employees consistently give for not reporting perceived misconduct: the belief that nothing will be done.
Forget codes of conduct, training, CEO speeches and awards for “most ethical company in the universe.” If you really want a good barometer of a company’s culture, and the priority it places on accountability, transparency and ethical leadership, look no further than how internal whistleblower reports are treated. This is tough business for organizations because the natural human reaction to whistleblowers is usually “seek and destroy.” As in:“I’m all for openness and transparency and for blowing the whistle on wrongdoing. Except if the guy is on my team, and then he’s a no good traitor.” The enormous challenge for companies is how to turn this human knee-jerk response into a safe, transparent environment where internal reporting is valued (and not merely tolerated) and tips are expeditiously, confidentially and professionally investigated. Potential whistleblowers are nothing if not observant. Just as they notice misconduct, they also see what happens to those around them who raise their hands. According to the New York Times, after finding the company’s initial interest in his complaint fade away, the Wal-Mart whistleblower said “I thought nobody cares about this. So I left it behind.” How companies react when whistleblowers come forward drives the organizational culture in a direct and lasting way.
- Wal-Mart, Dodd Frank aftermath and the Grimm Act: Another bite at the apple?
How Wal-Mart botched the internal whistleblower’s claim is an ironic postscript to the 2011 Dodd Frank whistleblower debate.
Not too long ago, a long list of veritable who’s who in Corporate America, led by the Chamber of Commerce (of which Wal-Mart is a prominent member), lobbied hard against the then-pending Dodd Frank whistleblower rules, in particular against the provision that permitted employees to go directly to the SEC without reporting internally first. The main objection was that the potentially enormous rewards (10-30% of penalties over $1M) would incentivize employees to bypass internal reporting systems, undermine company compliance programs and otherwise cause the sky to fall. See “The Sky Has Not Yet Fallen.” In a smart balancing act, the SEC rejected those objections, but created incentives to encourage internal reporting. Now one year later, that same corporate lobby is attempting another bite at the apple through Grimm Act (House Bill 2483), which would amend the Dodd-Frank whistleblower rules in a second attempt to require internal reporting as a condition to access to the law’s protections and financial rewards.
The Wal-Mart headlines should give legislators considering the Grimm Act serious pause. One of the disconnects in this debate has always been the divergent views on the effectiveness of internal reporting systems. As noted in a 2011 RAND Symposium report on the topic, the corporate lobbyists based their arguments on the premise that these reporting mechanisms were working just fine, thank you very much, and that Dodd-Frank was going to ruin years, even decades, of all that good work. In stark contrast, whistleblower advocates argued that many internal reporting programs might look good on paper, but in reality are so flawed that they fail in their mission. Judging by reports so far, Wal-Mart could well be the poster child for the latter view.
It will be worth revisiting this list of takeaways as more details reach the public domain. At a minimum, the impact of the Wal-Mart spectacle on current efforts to curtail both the Dodd-Frank whistleblower rules and the Foreign Corrupt Practices Act will be interesting to follow. But for now, it’s safe to say that companies may have a lot more work to do on their internal reporting systems, and the controls surrounding investigations and reporting up the chain, before crying “the sky is falling” about the Dodd Frank whistleblower program.