How much difference will Dodd-Frank and the new whistleblower incentives truly make to internal compliance efforts? Participants in a recent symposium hosted by the RAND Center for Corporate Ethics and Governance observed that boards and senior management already face some of the same basic problems in promoting effective internal compliance and reporting, regardless of the Dodd-Frank whistleblower rules. Differences of opinion over the new whistleblower roles tie back, in part, to perceptions of how well current corporate compliance mechanisms are actually working.
Critics of the rules tend to view internal compliance efforts as adequate but broadly threatened by the prospect of whistleblower bounties and direct reporting to the SEC, whereas advocates for the Dodd-Frank rules tend to view existing internal compliance efforts and reporting channels as inadequate or insubstantial in too many instances.
On a similar note, the importance of improving the ways in which companies manage their internal reporting mechanisms—encouraging adequate resourcing, board-level oversight, more consistent and professional investigation protocols, and more meaningful protection of internal whistleblowers from retaliation, all of which require strong, independent leadership in the role of the chief ethics and compliance officer (CECO)—cannot be understated.
These are the key issues to consider when making internal corporate reporting more robust and in reducing the attractiveness of or need for an external whistleblowing pathway for employees. Some of the ensuing discussions touched on the specific role of boards in dealing with whistleblower issues, the independence of the CECO and how that particular management role relates to whistleblower issues, and the connection between whistleblowing (whether internal or external) and corporate culture. The reality that corporate misbehavior and ethically dubious conduct remain serious problems in the United States and abroad, despite widespread awareness and recent scandals, was also a significant theme.
Session participants generally agreed on several points:
- Boards of directors play an important role in reinforcing internal reporting mechanisms and ethical culture.
- Empowered leadership for internal reporting, in the form of a senior-level experienced CECO, is vital to the success of C&E programs and internal reporting mechanisms.
- Creating a culture in which internal reporting is valued—and in which those who report are protected— is critical to preventing and detecting misconduct internally.
- Financial and non-financial incentives could be used by corporations to make internal corporate reporting mechanisms more effective.
- From the perspective of the employee, trust in the system is a key motivator in coming forward and reporting internally.
Reinforcing an Ethical Culture
One major theme involved the role of boards of directors in dealing with, supporting, or otherwise responding to corporate whistleblowers. In principle, internal whistleblowers ought to be an important resource to boards and senior management, one that can provide an early warning of instances of material fraud or misconduct within companies.
At the same time, concerns about opportunistic whistleblower litigation also rise to the board level, based on fears that such litigation might affect corporate bottom lines, even when specific claims are without merit. The challenges posed by whistleblowers and effective internal reporting arise against a backdrop of boards’ increasing responsibility for a range of C&E matters. Recent revisions to the Federal Sentencing Guidelines for Organizations notably emphasized the role of the board and the CECO in contributing to effective corporate compliance.
And several major common-law precedents in Delaware, including In re: Caremark and Stone v. Ritter, have established that corporate boards are at risk for personal liability if they neglect to fulfill a duty of oversight connected with the compliance function. Taken together, these various strands underscore the fact that internal reporting and external whistleblower issues are closely tied to the responsibilities of persons serving in corporate boardrooms.
The perceived independence of the board and its availability as the ultimate recipient of internal reports of corporate wrongdoing are important factors contributing to an effective internal reporting process and a strong ethical culture. One participant suggested that visible board-level support for compliance programs and internal reporting conveys a message to corporate employees that “the company cares” and that there is meaningful substance to the internal reporting channel.
Board involvement in internal reporting was tied to a range of other issues, including appropriate compensation incentives, related performance metrics and non-retaliation. The board potentially has some involvement in all of these matters, either by contributing to internal policy or by ensuring that appropriate performance data and information are flowing back up to the board.
In turn, the board’s engagement with these issues contributes to a strong “tone at the top” and the messages conveyed to employees about the fundamental values of the organization (i.e., regarding its “culture”). Ultimately, the discussion about the role of the board also revisited the basic tension over whether the Dodd-Frank whistleblower provisions are a good idea. Although participants continued to express different opinions about this, one of the most striking comments during the session was the suggestion that boards could view the new whistleblower regime as representing an opportunity rather than a catastrophe—an opportunity in which to reinforce the strength of internal reporting mechanisms, to visibly align with anti-corruption and anti-retaliation efforts, and to recognize that employee reporting on fraud is potentially a valuable resource, rather than a threat, to the company.
The Importance of the CECO
Internal reporting is a primary element of effective compliance and, in turn, the CECO is the driver of both a strong program generally and a robust internal reporting mechanism in particular. It was observed that the CECO is the single person in the company who has the expertise and responsibility to articulate the necessary features of an effective internal reporting program and who can educate and inform both the board and senior management on these issues.
The CECO notably serves as the agent of the CEO and the board in heading the internal reporting pipeline and managing related investigations; the CECO can also report findings back to the CEO and the board in a way that protects internal whistleblowers from retaliation. One person commented that the CECO is the visible person at the management level who “stands between the whistleblower and retaliation, without any conflicting duties.” Another observed that the term “anti-retaliation” is often perceived as empty by corporate employees, absent the demonstrated commitment of the CECO to standing behind confidential reporting.
In the context of allegations of misconduct against powerful figures within management, the CECO role may some times involve confronting senior executives to ensure that the confidentiality and integrity of the reporting process is maintained, despite strong pressures to violate it. This is one of the major reasons that the CECO position can be a very challenging one to fulfill and why there is strong policy momentum to create a robust CECO role with “adequate autonomy from management.”
The necessary features of the CECO role sparked discussion. Several participants alluded to the language of the recent OECD guidance, suggesting that a “senior-level, experienced CECO with adequate autonomy from management” is vital to the success of C&E programs and internal reporting mechanisms. Multiple participants also commented on the importance of separating the C&E function from the general counsel’s office, suggesting that the risk management responsibility of the general counsel, at times, pulls in a different direction from the compliance role of the CECO— perhaps particularly in dealing with whistleblowers. Another participant offered a different view, however: that compliance responsibility is not necessarily incompatible with the role of general counsel and that the broader challenge for corporations involves managing institutional conflicts of interest around compliance (and whistleblowing) in a nuanced and reasonable way.
There was stronger agreement that the head of the compliance function requires direct access to, and oversight by, the board for the internal reporting and anti-retaliation aspects of the role to be truly empowered and to ensure the independence of the overall compliance program. Discussion also touched on the idea that CECO compensation, hiring and firing ought to involve board-level supervision and involvement to preserve the independence of the CECO role.
One of the other key comments about the CECO role and internal reporting was that the CECO has both practical and cultural importance. On a practical level, the CECO oversees all the mechanics of operating a confidential reporting line, performing investigations, educating employees and executives, and so on. By extension, when the CECO is not sufficiently empowered, experienced, or resourced, the ability of the company to prevent and detect misconduct is likely to be impaired. Meanwhile, on a cultural level, the CECO role demonstrates corporate commitment to the internal reporting process and to genuinely encouraging employees to come forward and report. The practical and cultural aspects of the CECO role are important to building trust and common ethical values in the workplace, and may be very relevant in modulating the risks associated with external whistleblowing under Dodd-Frank.
Protecting Truth and the Whistleblower
Another theme that emerged during the session involved the relationship between reporting and corporate culture and the importance of “getting the culture right” to facilitate reporting efforts. It was observed that the relationship between ethical culture and internal reporting practice is multifaceted and that the success of each depends to some degree on the other. The topic arose initially through an interchange between participants with different views on the likely impact of the Dodd-Frank whistleblower provisions. One person suggested that the prospect of financial awards for direct reporting to the SEC might have an explosive effect on efforts to build a “culture of integrity” within corporations because such awards encourage a mercenary mentality and undermine trust between employees and management. It was further argued that “companies have to clean from within” and that creating an avenue for employees to bypass internal reporting of fraud could have the effect of “detonating” corporate culture.
However, a contrasting viewpoint was also expressed— namely, that the availability of the Dodd-Frank whistleblower channel need not be viewed as antithetical to ethical culture and could instead serve as a rallying point for organizations in seeking to build such a culture. The group discussed the new Dodd-Frank whistleblower rules as presenting incentives for companies to “raise their game” and to evaluate the leadership and resources dedicated to their C&E programs, with the aim of making internal reporting mechanisms the natural choice for employees seeking to report misconduct.
Incentives for Reporting
One of the central topics of discussion during the symposium involved the various uses that might be made of financial and non-financial incentives to try to influence employee-reporting behavior in different ways. Again, several respondents expressed worry about the potential for invidious impact of SEC financial incentives under the Dodd-Frank whistleblower provisions and the resulting possibility that some employees might circumvent internal reporting channels altogether or passively allow instances of misconduct to proliferate. Such fears may be overblown and historical evidence on whistleblowing and qui tam litigation suggests that the vast majority of whistleblowers do try to make use of internal avenues for reporting fraud, prior to going to outside authorities.
One participant argued that Dodd-Frank presents less of a challenge to internal reporting mechanisms than does simple skepticism on the part of employees regarding whether the internal reporting pathway is robust and safe to pursue. Another suggested that, ideally, internal and external reporting avenues could be aligned with each other, even if employees do have the option to go directly to the SEC to report instances of fraud. Still another said that the chief problem faced by all whistleblower mechanisms, internal and external, involves getting people to come forward to report fraud when silence is typically easier and presents far less risk to an employee’s career.
One suggestion offered to help reinforce internal reporting was that corporate compensation schemes could be tweaked to include a set of ethical leadership criteria for management, thereby supporting a culture in which internal whistleblowers are supported and valued.…
Far more controversial was the suggestion that companies might consider offering bounties or bonuses directly to employees for coming forward internally to report allegations of fraud. One participant suggested that management ought to reward good internal whistleblower tips with bonuses, in much the same way that other valuable contributions to the corporate bottom line are rewarded. Another suggested that specific examples of internal reporting can sometimes involve huge contributions to risk management and corporate welfare, adding that employees who contribute in that way should be recognized and celebrated within the company for doing so.
Deep ambivalence toward whistleblower incentive payments (whether made by the SEC or a corporation itself) was expressed in the comments of several symposium participants, who noted that such payments seem “unsavory” or may smack of “paying a rogue to catch a rogue.” It was also noted, however, that the public policy for instituting whistleblower incentives has typically been formulated precisely with the latter aim in mind. The success of past whistleblower efforts in combating fraud is arguably demonstrated by the billions of dollars in settlements and damage payments that have been awarded as a result. By loose analogy, one person suggested that some form of internal corporate incentive payments might also serve as a useful tool for reinforcing the internal compliance function and for rooting out corruption within a company.
Trust Is Imperative
One significant observation shared at the symposium was that employee trust in internal reporting mechanisms, and in the corporate commitment to anti-retaliation, is central to enticing employees to come forward internally with evidence of fraud or misconduct.
As one participant remarked, “People will only come forward to report when they have trust in the system.” Another said, “Providing avenues to protect the confidentiality of people who report” is an important factor in “overcoming employee reticence …and [fears of] retaliation.”
Embedded in these comments was the notion that employee trust in internal reporting may often be hard to come by and that a lack of trust might be part of the explanation for recent survey findings that a substantial fraction of witnessed incidents of workplace misconduct are never disclosed by the witnessing employee to anyone.
In some basic sense, employee trust in internal reporting and antiretaliation efforts is a complement to strong organizational culture. If the latter is perceived by employees as lacking or weak, the former is more likely to be found in short supply. On this point, one participant noted that the corporate commitment to anti-retaliation has sometimes been inconsistent or ambivalent, as reflected in a series of high-profile court cases in which corporations successfully argued that statutory anti-retaliation provisions do not and should not protect employees who make use of internal reporting mechanisms. It was also asserted that these precedents have had the effect of weakening internal reporting channels and simultaneously making corporations look less sincere in their commitment to anti-retaliation. One putative result has been a loss of trust among employees. As another participant put it, whistleblowers “serve a critical purpose” in corporate efforts to self-police against fraud. By extension, protecting confidentiality and fostering trust in internal reporting are key steps for making whistleblowers a corporate asset rather than a threat to the company.
Michael D. Greenberg is the director of the RAND Center for Corporate Ethics and Governance. This article is excerpted from the May 2011 report For Whom the Whistle Blows: Advancing Corporate Integrity and Compliance in the Era of Dodd-Frank. Copies of the full report are available at www.Rand.org.
Michael D. Greenberg: Symposium Chair, Director, RAND Center for Corporate Ethics and Governance
Donna C. Boehme: Symposium Co-Chair, Principal, Compliance Strategists
Urmi Ashar: President, NACD Three Rivers Chapter
Stephen Cohen: Deputy Chief, Enforcement Division, SEC
Keith T. Darcy: Executive Director, Ethics and Compliance Officer Association
Randy DeFrehn: Executive Director, National Coordinating Committee for Multiemployer Plans
James N. Dertouzos: Director, RAND Institute for Civil Justice
Paula J. Desio: Former Deputy General Counsel, U.S. Sentencing Commission
Charles M. Elson: Edgar S. Woolard Jr. Chair and Director, Weinberg Center for Corporate Governance, University of Delaware
Patrick J. Gnazzo: SVP, General Manager U.S. Public Sector CA Technologies (retired)
John P. (Jack) Hansen: Executive Fellow, Center for Business Ethics, Bentley University; Immediate Past Chair, Compliance and Ethics Committee, Association of Corporate Counsel, Chuck Howard Partner Shipman and Goodwin
Peter E. Jaffe: Chief Ethics and Compliance Officer, AES Corp.
Fred Kipperman: Senior Director of Strategic Relationships, RAND Corp.
Stephen Kohn: Executive Director, National Whistleblowers Center
Alexandra R. Lajoux: Chief Knowledge Officer, NACD
Sean McKessy: Head of Whistleblower Office, SEC
Joseph Murphy: Director of Public Policy, Society for Corporate Compliance and Ethics; Of Counsel, Compliance Systems Legal Group (retired)
Steven Pearlman: Partner, Seyfarth Shaw
James Thomson: President, CEO RAND Corp.
Harold J. Tinkler: Chief Ethics and Compliance Officer, Deloitte LLP and the Deloitte U.S. firms (retired)