It’s been over a year now since the Dodd-Frank whistleblower provisions went into effect, and they seem to be proving themselves hugely effective. In 2012 alone, the Securities & Exchange Commission (SEC) received over 3,000 whistleblower tips, including 115 that were FCPA-related. In August, the SEC made its first payout of nearly $50,000 to a tipster who reported fraud by his employer.
Many companies are responding by redoubling their efforts to encourage internal reporting. But nurturing a strong internal disclosure program is something of an art, requiring a certain level of sensitivity to balance both the interests of the company and the interests of the individual. While some disclosures are frivolous and malicious, others, that may be substantial, can become lost or forgotten in piles of paperwork. We’ve listed here some tips to help those developing in-house disclosure programs maximize the number of employees reporting problems internally before they seek outside help:
- Announce the program widely. Are employees properly informed about how and when they can report issues? It’s amazing how many may not even know that an internal disclosure program exists. Companies can take proactive steps by emailing employees, posting signs around common areas and placing information in newsletters. One company, for example, even distributes wallet-sized information cards for all of their employees.
- Invite discussion. Managing the growing risk that an employee would first go to the authorities begins with the ability to talk openly about the subject. Many employees probably will not be aware of the fact, for example, that voluntary participation in an internal compliance and reporting system will be counted as a factor that can actually increase the amount of a whistleblower award should the SEC later become involved. Posting lists of frequently asked questions and periodically holding question and answer forums will save the company time and money later on.
- Make reporting easy. A hotline for employees to come forward with information is a first step, but companies should also ensure that the hotline is easy to use. Is it available to employees outside of work hours and in different time zones? Is it accessible to employees who don’t speak English? Companies are also embracing advances in technology to allow employees to contact them through other forms of communication, including by email, in online discussion forums or even by mobile app.
- Make reporting available to everyone. Information about an internal issue need not necessarily come from an employee, and companies are increasingly opening up avenues of communication to persons outside of the company such as customers, agents and vendors. Remember, the important thing is not who is reporting the wrongdoing, but what is being reported. And given that companiesare increasingly liable for the activities of third-parties, making reporting programs available to these outside persons will only become more important with time.
- Eliminate obstacles such as fear of retaliation and ostracism. Make it clear that there is zero tolerance for retaliation against those that come forward internally in good faith. This can be re-emphasized during training sessions and can be supported by procedures that protect the confidentiality and anonymity of the individual. Some offer psychological counseling to employees who report, and most programs at least assure employees that their jobs will remain secure after an internal investigation.
- Be aware of cultural differences. A good compliance program should take into consideration cultural biases that may inhibit employees from reporting issues against their employers. In translating policies and procedures between languages, for example, some companies are choosing their words carefully in order to avoid loaded or pejorative words like “informant” or “collaborator” in favor of more neutral ones. In places where reporting may carry a very heavy cultural stigma, companies may forego procedures where the identity of the employee is made available on a confidential basis for follow-up and choose to make reporting completely anonymous.
- Observe a necessary level of formality. It is key to leave as much of a paper-trail as possible during an investigation. Not only will this be important should the problem escalate at some future point, but it will also enable you to monitor reports and track them over time. You may, for example, be interested in both the quantity of internal disclosures in a given year as well as the quality of the response to each reported incident. Credible claims should quickly flow up the reporting chain to reach appropriate personnel.
- Always be professional. During the investigation, in-house counsel should observe all rules of professional ethics, especially those concerning joint representation, potential conflicts of interest, and, should the need arise, communications with represented persons. Things to avoid include interviewing multiple witnesses at once, aggressively promoting exculpatory evidence, and blaming lower-level employees. Remember, the purpose of the initial investigation is to gain information, not to pass judgments. If the employee goes to the SEC, it is unlawful for anyone to interfere with that person’s efforts to communicate with the SEC.
In the end, an internal reporting system is only as strong as the company’s compliance culture. We were again reminded of this just last month when a former compliance officer at Siemens AG sued the company in federal court for wrongful termination based on accusations that the company had fired him after he tried to expose a bribery scheme involving medical equipment sales in China. Since 2008, after pleading guilty to various FCPA violations, Siemens AG has spent large amounts of money to put in place an expansive compliance program meant to avoid such scenarios from ever happening again. And while it’s yet unknown whether the accusations against Siemens are true, the mere fact that they exist has already brought negative media attention back to the company.
Simply put, companies are learning that it’s in their own best interest to deal with compliance issues in an appropriate manner in-house rather than face the alternative: receiving a telephone call from an outside lawyer, or worse, the SEC.