As published in Forbes, April 22, 2019.
Last May, the U.K. Financial Conduct Authority and the Prudential Regulation Authority fined Barclays CEO Jes Staley over £600,000 for non-compliance with U.K. laws aimed at protecting whistleblowers. Then, in December, New York’s banking regulator fined Barclays another $15 million for its CEO’s wrongdoing. Mr. Staley had attempted to improperly identify a whistleblower employee who had written anonymous letters to the bank’s board and senior management raising concerns about a fellow employee. And just recently, Duke University settled with the government over allegations that it violated the False Claims Act. The whistleblower in that matter was awarded $33.75 million and the school was fined $112.5 million.
In just the last year, the Securities and Exchange Commission (SEC) has awarded some of the largest whistleblower awards in history, with awards like $50 million, $39 million, $37 million, and $33 million paid out to whistleblowers. The SEC has awarded $376 million to 61 individual whistleblowers since 2012. These significant awards are paid out of the funds that the SEC procures from the companies that violate securities law and they indicate that the government is serious about putting an end to unethical activity.
These recent regulatory actions and awards should serve as a reminder that whistleblowers may be harbingers of large monetary penalties, reputational damage, and increased regulatory scrutiny. But a focus on whistleblowers and their attendant consequences miss the more important point. Rather than fearing the whistleblower, companies ought to use them as an opportunity to protect the interests of the company and strengthen compliance. Companies need to get to a place where they embrace the potential whistleblower by creating a transparent culture, instilling the shared value of compliance at all levels.
Unfortunately, given human frailties, even compliant companies can face the risk of individual bad actors. Despite significant progress made by many global corporations in fostering a more compliant culture, it’s clear that even some of the most sophisticated companies still get into trouble. Institutions must shift their mindsets to view the reporting of regulatory problems as an opportunity to shine by addressing the problem, improving the institution and preventing large settlements. Here are some techniques companies can use to promote and encourage the reporting of issues internally, thereby mitigating the risk of a whistleblower.
Creating safe places for complaints and complainants
Internal reporting is obviously highly preferable to an organization over having a valid claim reported to a regulator, the media, or a congressional committee. It raises an issue to senior leadership who are then in a position to address the issue and remediate the deficiency outside of the public spotlight. The goal, therefore, is to create a safe environment in which not only do all employees understand their role in escalating concerns, but they are well-informed about the reporting process, and are secure in the knowledge that their report is welcomed, without fear of retaliation. Creating this environment requires a thoughtful and dedicated approach with the following features.
Set the tone at the top
Avoiding an ethical lapse starts at the top of the organization. In any industry, when ethical leadership by the executives is demonstrated on a daily basis, that often filters down to the rest of the company, creating a culture of openness, integrity, honesty, and compliance. If the top executives in an organization adhere to these principles, it is likely everyone else will, as well.
Prioritizing internal reporting at executive levels is critically important. To set the tone, senior leadership should emphasize that it embraces a culture of compliance through periodic corporate communications, which should include town halls and messaging from the CEO. These communications should stress the value of compliance to the company and encourage employees to speak up if they see something. This is a key component in establishing an environment that favors internal reporting.
Create and internally advertise a reporting hotline
Creating a reporting hotline is one of the easiest things you can do to encourage internal reporting. The hotline should offer the complainant an opportunity to remain anonymous and be easily accessible to your employees (i.e., a toll-free number). The number should be conspicuously placed on orientation materials, employee handbooks, and other relevant communications. Give thought to the primary language(s) of your employees and consider setting up the hotline in multiple languages for ease of use.
Remember that an absence of hotline calls does not equate to an absence of issues. A robust internal controls and audit function is also critical in identifying problem areas. Without a robust process, a failure to adequately examine incoming complaints could lead to greater exposure.
Appropriate manager training
All levels of management should be trained in whistleblowing regulations and case studies. Managers should also be given training about how best to raise awareness of the institution’s internal reporting mechanisms with those they supervise. They should be educated on the advantages of internal reporting and urged to speak positively about that process, bolstering the tone from the top.
A compliance training program specifically tailored for a company’s senior executives is also critical, especially in a large company where those senior executives have their focus pulled in any number of different directions.
Create a culture of response
When you receive an internal report of fraud or other wrongdoing, it is important to take action as quickly as possible. You must have a plan in place to investigate the accusation and respond. Often, this plan must be deployed quickly but without overreaction. In creating a culture of response, your employees will know that their concerns will be taken seriously. This fosters confidence and trust from your employees. It is this trust that could be the difference between an internal reporting and an external whistleblowing situation.
Additionally, a culture of response gives you an opportunity to solve internal problems before they cause greater harm.
Blame the problem, not the person who discovered it
As described above, you should develop a reporting system that maintains anonymity for reporters whenever possible. If, for some reason, the identity of the internal reporter is known, it is important to attack the deficiency highlighted by the internal report, not the person who made the report. Your employees need to internalize this compassionate approach in order to feel comfortable making the report. Be careful not to blame someone for making a report or complain about the extra work required to remediate the issue. Those types of responses are likely to create a chilling effect that could drive a frustrated employee to whistleblowing.
The advantages of a compliance framework that encourages internal reporting are innumerable. Not only does it give an institution an opportunity to fix problems and improve the company but dealing internally with these issues is always better than the external reputational harm inevitably caused by whistleblowers. Companies must build a culture where employees trust that they are a valued partner in compliance and will not be retaliated against for raising issues. The most successful companies will be those that shift their perspective and embrace internal reports of potential fraud or other wrongdoing, thereby avoiding the need for a whistleblower at all.