Avoiding retaliation for reported workplace misconduct is essential for companies and enforcement officials. Companies are accountable not just for their bad acts, but also for the cover up, including how they respond to allegations. A new survey of conduct in the US workplace by the Ethics and Compliance Initiative (ECI) has some bad news. Employees say that retaliation against whistleblowers is on the rise, doubling in the past four years. These disturbing results should motivate companies to (1) encourage candid internal discussions of what exactly constitutes retaliation (and what does not); (2) train managers to handle retaliation concerns and to avoid unintended acts of retaliation; and (3) ensure anti-retaliation programs are supported by a strong ethical culture.
The ECI Survey
Since 2000, ECI, a leading ethics and research organization for compliance professionals, has surveyed workplace conduct from the employees’ perspective. Their 2017 survey of more than 5,000 employees across the US has good and bad news. Continue reading →
In 2010, in the wake of the financial crisis, Congress passed comprehensive financial regulation reform legislation known as the Dodd-Frank Act (Pub.L. 111-203). Section 922 of the Dodd-Frank Act established both a bounty award program as well as anti-retaliation protection for whistleblowers who report securities law violations.
Pursuant to the mandate of Section 922, the US Securities and Exchange Commission (“SEC”) established an Office of the Whistleblower, and implemented its final rules on the Dodd-Frank Program through a comprehensive rulemaking process that involved significant public input in May 2011. Continue reading →
Effective anti-corruption compliance programs include protections for whistleblowers that raise corruption concerns. Article 13.3 of Russia‘s 2008 Federal Law No. 273-FZ on Counteracting Corruption (the “Anti-Corruption Law”) addressed Russian lawmakers’ expectations regarding effective compliance programs. But the law was silent on whistleblower protections. Recently proposed legislation in Russia may help address this gap.
Even before the Anti-Corruption Law came into effect, Russian law included several provisions that could be interpreted to provide some protection for whistleblowers. For example, Russian employment law prohibits discrimination and sets out an exhaustive list of permissible grounds for dismissing an employee for cause; firing an employee for blowing the whistle on potential corruption is not among them. As a result, firing an employee for whistleblowing could ran afoul of Russian employment law. In addition, the Russian government can protect individuals whose security might be threatened as a result of their participation in criminal proceedings that involve alleged corruption. The state might, for example, provide such witnesses with physical protection, relocate them, or even give them new identities. Continue reading →
Next October, the Supreme Court will hear oral argument in Digital Realty Trust, Inc. v. Somers. The case asks the Court to resolve whether the Dodd-Frank Act’s anti-retaliation protections for “whistleblowers” apply to those individuals who first report information solely to the SEC, or instead to the broader group of individuals who report information internally or other enforcement agencies before seeking out the SEC. As noted in an earlier post on this blog, circuit courtsaresplit on the issue, and whereas the SEC itself has embraced the broader definition, Dodd-Frank’s explicit definitional language offers some room for doubt.
When the case does reach the Supreme Court, litigants favoring the broader definition presumably will portray what has now become the standard depiction of the whistleblower’s dilemma: An employee knows her bosses are cooking the books. She would like nothing to do with this sort of activity but she fears she will lose her job and be iced out of her industry if she says anything. Continue reading →
Confidentiality and employment agreements have not historically been a matter of concern for the nation’s leading securities regulator. However, since August, the SEC has settled eight enforcement actions involving allegations of improper conduct with respect to employment agreements as part of its efforts to encourage, protect and reward whistleblowers. If this enforcement blitz surrounding Rule 21F-17 continues, it could ultimately change the terms of confidentiality provisions at a far ranging list of employers from publicly traded companies to financial institutions to government contractors.
What is SEC Rule 21F-17? It is the 2011 regulation adopted by the SEC as part of the rules governing its Dodd-Frank Act authorized whistleblower program. It prohibits, with a few small exceptions, “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement ….” 17 C.F.R. 240.21F-17(a). In short, it bars efforts to impede whistleblowers from reporting misconduct to the SEC. Continue reading →
Whistleblowing is considered to be an integral component of corporate governance by exposing and remedying corruption, fraud and other types of wrongdoing in both the public and private sector. Australian whistleblowing legislation emerged in the aftermath of the systemic government corruption inquiries of the late 1980’s, meaning that although whistleblower protection was squarely on the political agenda, legislative development was firmly fixed on the public sector. The Commonwealth, States and Territories have all enacted public sector whistleblower protection or public interest disclosure acts based on a structural approach, which prohibit retaliation against whistleblowers for reporting misconduct. While academic debate continues as to whether private sector legislation should ultimately be based on a structural, anti-retaliation, reward-based or blended model, political will to enact comprehensive private sector legislation has stagnated and current legal avenues that are available to targets of retaliation are inherently complex, fragmented and unpredictable. Continue reading →
Who counts as a “whistleblower” when it comes to Dodd-Frank’s statutory protections against employment retaliation? In recent years, corporate defendants have argued that employees who complain internally about wrongdoing are not protected by Dodd-Frank’s whistleblower anti-retaliation provisions if they do not report wrongdoing to the Securities and Exchange Commission before they suffer retaliation. Continue reading →
Companies seeking to mitigate that risk of cybersecurity whistleblowing through insurance face a unique set of challenges. Cyber whistleblower claims fall in an area somewhere between cyber and D&O insurance, and poorly structured policies will yield little to no coverage. Organizations that have placed both policies nonetheless will likely assume that they have performed their due diligence and that coverage is in place for claims at time of loss. However, affording broad coverage for even standard whistleblower claims can be difficult. Continue reading →
2016 was a banner year for the Dodd-Frank Act’s most significant anti-fraud enforcement provisions: the whistleblower programs at the Securities and Exchange Commission and the Commodity Futures Trading Commission.
In the five years since these programs were established, whistleblowers have rapidly changed the global securities and commodities compliance landscape. The success of the Dodd-Frank whistleblower programs can be attributed largely to the significant actions the SEC and CFTC have taken that signal that whistleblowers will be rewarded and protected for their information and assistance.
As a result of the SEC whistleblower program, more than $874 million in financial remedieshave been collected from companies in financial penalties and disgorgement since the program was established in 2011. Because the totals attributed to the whistleblower program are only reported after a whistleblower award has been made, the reported totals lag behind the amounts actually recovered. I believe that the actual amounts the SEC has recovered by virtue of whistleblower information exceed $1.5 billion.
Last year, the SEC surpassed the $130 million mark in total awards paid to whistleblowers. The SEC also set a new bar for whistleblower protection, demonstrating that it will go after companies that retaliate against whistleblowers or have severance or confidentiality agreements that aim to discourage employees from reporting wrongdoing to government enforcement agencies.
The CFTC, meanwhile, paid out in 2016 its largest ever award — $10 million — to a single whistleblower.
With that momentum, 2017 is shaping up to be another transformative year for these programs. Here’s what to expect: Continue reading →
Your company’s security controls are lacking, and a high level employee in IT is naturally worried – he’s addressed his concerns a number of times. Employees are regularly transmitting unencrypted information, sharing passwords and using non-compliant cloud services to share data and sensitive client side IP. This doesn’t seem overly alarming, we’ve all made similar mistakes, so the comments fall on deaf ears and operations continue. A few months later however the employee becomes increasingly vocal so senior management decides to let him go. Problem solved. Or…the problem might just be beginning.
Companies that ignore (and retaliate against) employees who address cybersecurity vulnerabilities can face significantly increased liability resulting from a new breed of whistleblower claims – cyber whistleblowing. With cyber regulatory oversight increasing at a rapid rate, these claims are poised to increase as well. While no federal laws specifically protect cybersecurity whistleblowers, existing anti-retaliation provisions are often broad enough to cover employees who raise information security concerns. Most notably, federal statutes prohibiting retaliation against corporate whistleblowers and employees who report misconduct in connection with federal funds, as well as state wrongful discharge actions, may apply to cybersecurity whistleblowers. Continue reading →