Long heralded as the primary and most effective source for uncovering fraudulent activity within an organization, whistle-blowers frequently walk a fine line between being considered a friend or a foe.1 When WikiLeaks, an international non-profit organization purportedly formed to bring information of ethical, political and historical significance tthe public,2 began releasing sensitive government documents over the internet, politicians and lawmakers around the world frowned upon founder Julian Assange.
WikiLeaks personifies cyberactivism: a web-based platform for people to bring forward and publish internal and often secret documents disclosing perceived or actual injustices, corruption and other possible criminal offenses. WikiLeaks attempted to create a haven for whistle-blowers. However, the onslaught of information disseminated publicly produced a media frenzy with countless top-secret government and corporate details revealed. While certain governments legislated a ban on the site in their nations, other organizations lauded it with awards including the Reader's Choice for TIME's Person of the Year in 2010.3
As debates on rights and freedoms abound, the great divide in public opinion appears to stem not from an inability to be able to publish certain whistle-blower tips but from an inability to agree on which tips should be published.4 While matters of national security certainly should garner special consideration before they are released, should tips on publicly traded organizations be fair game? Again, views on this can be debated.
Well Known Whistle-blowers
Almost four decades before the advent of WikiLeaks, American whistle-blower W. Mark Felt agreed with the premise. Better known as "Deep Throat", he was responsible for tipping Washington Post reporters about then US President Nixon's involvement in the Watergate activities. This whistle-blowing eventually led Nixon's resignation from office and prison terms for two members of his staff. On the Canadian front, civil servant and whistle-blower Joanna Gualtieri waged a 12-year battle with the federal government over the retaliation she faced after blowing the whistle on excessive spending by certain diplomats within the Department of Foreign Affairs.
When the Whistle Blows
In a corporate setting, whistle-blower tips are typically directed to either the audit committee or senior management. In some cases, whistle-blowers may go directly to outside parties such as vendors or newspaper and television reporters. In cases where a financial issue is brought forward, the audit committee chair or management usually retains independent legal counsel who may appoint a forensic accountant to investigate the issue to confirm or dispel the concerns raised.
Yet, over the past 50 years there have been countless cases of whistle-blowers who have brought forward tips of alleged wrongdoing against their employers and have been ignored or, worse, fired for their actions.
Canadian Rules & Regulations
Canadian federal government employees are protected under the Public Servants Disclosure Protection Act ("PSDPA"),5 formed as part of the Federal Accountability Act, which establishes a regime for allegations of wrongdoing to be investigated, and for whistle-blowers to seek protection from reprisals.6 The PSDPA also provides for a Public Sector Integrity Commissioner ("PSIC"), to investigate whistle-blower tips and protect federal government whistleblowers. The effectiveness of the PSIC was questioned in a 2010 Auditor General Report which obtained much publicity and found that between 2007 and 2010, the PSIC received 228 disclosures of wrongdoing or complaints of reprisal but only five resulted in investigations; none resulted in a finding of wrongdoing.7 The PSDPA is scheduled for a mandatory five-year review in 2012 - it will be interesting to see what changes, if any, are implemented.
However, the PSDPA only applies to federal government workers. Moreover, only two provinces in Canada (New Brunswick and Saskatchewan) provide specific whistle-blower protections in labour standards legislation.8 While the Criminal Code of Canada (s.425.1) states that "employer reprisals against employees who provide information with respect to the violation of any federal or provincial law" is a criminal offense, there have been limited prosecutions.9
Some Recent Studies & Statistics
A recent Association of Certified Fraud Examiner's report on occupational fraud indicated that tips were responsible for uncovering three times as many frauds as other detection methods.10 More than half of these were from employees while customers, vendors, and anonymous persons, among others were also sources. The report also noted that in 67% of the cases where there was an anonymous tip, that tip was reported through the organization's fraud hotline. Clearly this supports the case for robust fraud hotlines and internal mechanisms which enable employees and others to come forward and disclose what they know in a confidential, anonymous and secure way. Similarly, a global KPMG study noted that 38% of frauds were uncovered through tips: formal internal whistle-blower tips were responsible for uncovering 10% of frauds; anonymous tips accounted for 14%; a further 8% were reported by customer or supplier complaints; and 6% came in response to issues raised by third parties, including banks, tax authorities, regulators, competitors, or investors.11 Clearly, this signals a need for formal secure frameworks for tipsters to report what they know or suspect.
The American Landscape
Americans are no strangers to whistle-blower protections: The False Claims Act prohibits the firing of a whistle-blower and provides for compensation of between 15% to 25% of awards or settlement amounts for information on individuals or companies who defraud governmental programs. The Notification and Federal Employee Antidiscrimination and Retaliation Act ("No-FEAR Act"), passed in 2002, discourages discrimination and retaliation against whistle-blowers and provides them with cash settlements. And the Sarbanes-Oxley Act of 2002 offered protection for employees of publicly traded companies who provide evidence of fraud including compensation for lost wages and litigation costs.
As a result of the credit crunch and crippling global financial crisis which began in the US in 2007, the Dodd-Frank Act was passed in July 2010 to reform the financial regulatory system. On May 25, 2011, the Securities and Exchange Commission (SEC) adopted final rules to implement a whistle-blower program for securities laws violation. The new rules authorize the SEC to pay rewards of between 10% and 30% of the funds recovered to individuals providing original information that leads to a successful enforcement action garnering sanctions of at least US$1 million. The clear legislative intent of the rules is to "create incentives to report wrongdoing and protect whistle-blowers."12
Dodd-Frank Bounty Provision Concerns
The new provisions are likely to increase SEC enforcement activity given the financial incentive for individuals to come forward with information. Corporate counsel and compliance officers have expressed several concerns with the new rules.
- Existing compliance processes will be undermined
There is concern that these provisions will encourage insiders to goutside the company without first letting anyone inside know there is a concern and/or giving the organization a chance to address and fix the problem.
- Increased regulatory workload
Opponents argue that regulatory workload will increase as companies will have to demonstrate why claims may not have merit by launching investigations into each.
- Contingency awards will result in aggressive representatives
Since the whistle-blower can remain anonymous and elect to be represented by a lawyer, that representative may "be aggressive in trying to get the SEC to proceed on enforcement action, as the attorney will often also be paid a portion of the award."13
Guidance for Canadian Companies
While the Dodd-Frank whistle-blower rules apply to public companies traded in the US, its effects will be felt by subsidiaries and SEC registrants north of the border. Canadian organizations can take note and ensure the following are addressed within internal policies:
- Maintain an external hotline and communicatecompliance issues to employees
Ensure that employees have a resource for any questions they may have regarding compliance issues.
- Include language to prohibit retaliation against whistleblowers in internal policies and ensure the prohibitions are followed
A survey of Fortune 500 entities revealed that 16% of oil and gas companies, 27% of technology companies, 9% of chemical companies, and 10% of financial institutions do not address retaliation in their codes of conduct.14
Organizations should foster an environment where employees do not fear reprisal for coming forward with information they know.
- Complaints should be credibly followed through
It is likely that the new rules will cause a surge in the number of complaints and tips internal compliance programs will receive. Investigations into allegations of misconduct should be timely, credible, accurate and thorough. The following issues need to be considered in establishing an investigation process to address whistle blower reports:15
- how management will respond to whistle-blower complaints in light of the fact that any actions the organization takes (before and after the complaint) may be subject to SEC review
- how confidentiality is preserved during investigations
- the timely preservation and retrieval of relevant documents and contact with appropriate personnel
- how whistle-blowers are apprised of the investigation
- how whistle-blower protection rules will be complied with.
It is important to note that there is no exhaustive checklist where compliance matters are involved as actions and policies need to be tailored to the size and composition of the organization. In the end, it is imperative that processes be established to address how whistle-blower matters are dealt with and that the established processes be closely and consistently followed.
As on the soccer field, teamwork and communication will be paramount. With communication, coordination and a solid plan, management and corporate counsel can certainly limit the instances of unsportsmanlike conduct, while permitting the referee to blow the whistle without incurring the wrath of the home team fans.
Dodd-Frank Whistle-blower Eligibility
- The whistle-blower must provide "original information" about a possible federal securities law violation that has occurred, is ongoing, or is about to occur.
- The "original information" must be based on the person's independent knowledge or analysis and not on information that has been provided to the SEC by another source (unless the whistle-blower was the original source of information).
- Knowledge may be obtained from any of the whistleblower's independent experiences, communications and observations in business or social interactions, which can include information obtained from a third party.
- Specifically excluded is information solely derived from:
- allegations made in judicial or administrative hearings;
- allegations made in a government report, hearing, audit or investigation;
- allegations made in the news media; or
- persons (either in-house or external) whose duties involve compliance or internal audit responsibilities for the company in connection with a firm conducting an inquiry or investigation into possible violations of law; or by a public accounting firm while it is performing functions that are required under the federal securities laws.
- The exclusion against persons with compliance or internal audit responsibilities will be lifted if:
- the whistle-blower reasonably believes that disclosure is necessary to prevent conduct that is likely to cause substantial injury to the financial interest or property of the company or its investors;
- the whistle-blower has a reasonable belief that the entity is engaging in conduct that will impede an investigation of the misconduct (e.g., document destruction, witness intimidation); or
- at least 120 days have elapsed since the whistleblower reported the information to the company's audit committee, chief legal or compliance officers, or a supervisor.
- Information that is deemed by a US court to have been obtained in violation of applicable federal or state criminal law will not be eligible for the reward.
- Information from Attorney-Client Communications or Legal Representation is ineligible unless disclosure by that attorney would otherwise be permitted under applicable state bar ethics rules.
1 This topic was addressed by retired KPMG partner James Hunter in At Risk, Summer 2008.
10 Association of Certified Fraud Examiners' 2010 Report tthe Nation. (http://www.acfe.com/rttn/rttn-2010.pdf)
12 Shruti Shah & Robert N. Walton, The SEC's Tricky Balancing Act, FCPA BLOG (Nov. 8, 2010, 7:28 AM), http://fcpablog.
squarespace.com/blog/2010/11/8/the-secs-tricky-balancing-act.html. 13 http://www.mitchellwilliamslaw.com/wp-content/files_flutter/1309277460LifeUnderNew
Anna Maria Cicirello is a Senior Manager within KPMG's Forensic practice in Toronto. She holds a Bachelor of Commerce degree, is a Chartered Accountant, and a Certified Public Accountant in the United States of America. With over 10 years of experience in public accounting, she has assisted in investigations around the globe.
Contact: firstname.lastname@example.org or (416) 777-8471