With Whistleblower Enforcement Expanding, Companies Need to Focus on Culture and Employee Reporting

With Whistleblower Enforcement Expanding, Companies Need to Focus on Culture and Employee Reporting

LexisNexis recently hosted a Webinar titled “Whistleblower Update 2013: Complying With an Evolving, Growing & Increasingly Enticing Government Program,” including panelists from law firms and companies that deal with compliance and employment matters at their organizations. Panelists included Philip Berkowitz of Littler Mendelson, Christopher Calsyn of Crowell & Moring, Jay Cohen, Senior Vice President and Chief Compliance Officer with Assurant, Inc., and Saidah Grayson, Director of Employment Law for Cisco Systems. The materials for the presentation were created in part by Gregory C. Keating of Littler Mendelson. Keating is author of Retaliation and Whistleblowing: A Guide for In House Counsel and Human Resources Professionals, published by LexisNexis.

Highlights from the Webinar include:

Identifying the Whistleblower. Berkowitz began by cataloging some of the ways in which the Whistleblower Protection Program is expanding. For example, he noted a recent case which held that identifying an employee who brought a complaint was retaliation under Sarbanes-Oxley even though, he noted, everyone already knew who the person was.

Beyond Securities Fraud. The law says that companies are prohibited from retaliating against employees for reporting securities fraud on shareholders. However, Berkowitz said, that has expanded. The Department of Labor’s Administrative Review Board (ARB) now says it is unlawful to retaliate against an employee who reports any kind of corporate fraud.

Potential Fraud. Under recent interpretations the employee does not have to show that there even is an existing fraud, Berkowitz said, merely that a potential fraud exists. In one case, Berkowitz said, an employee complained about a litigation hold, contending that it conflicted with internal document retention policies and therefore would compromise the internal financial reporting system. He was let go and the ARB said he had sufficient information to state a claim under Sarbanes-Oxley (SOX) even though he did not allege actual fraud, Berkowitz said. During the Bush Administration it was difficult to prevail. During that time about 1% of whistleblower employees ended up with successful decisions. The ARB and the courts read SOX read in a restrictive way in terms of kinds of proof an employee needed to establish himself or herself as a whistleblower. That has changed in the Obama Administration as far as the ARB is concerned. “The ARB is taking a very, very expansive view of SOX remedies and is opening up the door to these claims where in the past they would have been held to be foreclosed,” Berkowitz said.

Specific Expansion Efforts. There is no question that both federal and state legislatures have been expanding remedies for whistleblowers, the Littler Mendelson attorney continued. Recent expansion has included:

• Antitrust Criminal Penalties Enforcement and Reform Act. Proposed federal legislation to extend whistleblower protections to employees who give federal prosecutors information in criminal antitrust investigations.

• National Defense Authorization Act for Fiscal Year 2013. This introduced new whistleblower protections for federal contractors and subcontractors.

• Fraud Enforcement & Recovery Act

• Revised False Claims Act

• American Recovery & Reinvestment Act 2009

• Consumer Product Safety Act

• 20+ Federal Whistleblower Protection Statutes

• Since 2006, 16 states have strengthened laws

Dodd-Frank. Berkowitz said that Dodd-Frank’s amendments provided the following new provisions: jury trial guaranteed, no waiver, no pre-dispute arbitration, a longer statute of limitations, and broader application to subsidies. It also was expanded to permit anyone who alerts the SEC of a violation to recover between 10% and 30% of the amount recovered in any enforcement action. “You need not be an employee or a U.S. citizen, and you can be anonymous,” Berkowitz explained. “You can file directly in federal court, and the statute of limitations is up to 10 years of when the person learned of the fraud.”

When the SEC proposed its rules for Dodd-Frank, they did not require that employees complain internally, let alone exhaust internal remedies. “The SEC rejected that,” Berkowitz explained. “Congress determined that it was important to essentially deputize employees. Congress didn’t want to shackle the whistleblower with a potentially ineffective complaint procedure.”

OSHA Enforcement. OSHA is increasing its enforcement efforts as well, Berkowitz said, and received most of the budget it requested from Congress. OSHA requested a $6.1 billion budget increase to fund an additional 45 investigations in FY 2012, and President Obama’s FY 2013 budget seeks an additional $5 million. Also, on March 1, 2012, OSHA announced it was elevating the Whistleblower Protection Program to report directly to the Assistant Secretary of Labor.

Theft Protected. Berkowitz told Webinar participants of a case in which theft of confidential information was a protected activity. In the case, an employee allegedly stole information to support his whistleblower claims. The data included social security numbers of thousands of company employees and other confidential information. He was fired for taking the information. The ARB held it was protected activity because he was planning to use it to support his whistleblower claims, Berkowitz said.

The False Claims Act. Referring to it as “The Original Whistleblower Statute,” Chris Calsyn of Crowell & Moring said the law, enacted in 1863 to combat abuse of federally funded programs during the Civil War reconstruction era, allows for treble damages, making it attractive to the plaintiffs’ bar. It prohibits “knowing” of the submission of false payment claims, use of false information to support payment claims, and improper retention of federal funds. This is a qui tam act, he explained, allowing the claimant to stand in the shoes of the government, making it different from SOX or Dodd-Frank. Also, he said these claims are sealed for at least 60 days and can be extended in six-month increments sometimes for several years—so that even the defendant does not know the claim exists. This was so in the high-profile case in which the U.S. Postal Service was trying to recoup money paid to since-disgraced cyclist Lance Armstrong when he was racing for the U.S. Postal Service team. During that seal period the DOJ decides whether to participate in the investigation. It does so less than 25% of the time, Calsyn said.

Damages. In addition to fees, the claimant, known as the “relator,” can get up to 30% of recovery of treble damages, Calsyn reported. The trend in the last year to 18 months are cases in which an employee or former employee brings a retaliation claim without a substantive FCA claim. It starts as a demand letter laying out the violations of the FCA, the good their client was doing, the retaliation he or she experienced, and concludes with a settlement demand. The statute has been expanded in recent years so it does not just cover people bringing a qui tam case, but to include anyone who makes other efforts to stop possible violation of the FCA, Calsyn explained. Plaintiff lawyers have read that to broaden what is covered under the retaliation statute, and defense lawyers will argue this change is merely a clarification and doesn't greatly expand who is covered as a whistleblower under the FCA. This has not reached the federal appellate courts yet, Calsyn said, saying it is something to keep an eye on.

Recovery Targets. In FY 2012 the government recovered nearly $5 billion in FCA cases—$3.3 billion of which came from whistleblower suits, Calsyn said. Relators took home $430 million of this recovery. There was a record 647 qui tam suits filed in FY 2012, he said, nothing that the DOJ has identified the pharmaceutical, healthcare and financial industries as FCA targets.

Motivation. Saidah Grayson of Cisco said that in her experience the monetary awards—while substantial—may not be the biggest motivator to blow the whistle. “Employment law retaliation claims are driven by personal concerns. There isn’t a more personal commercial relationship than how one makes a living and feeding your family. If [the employee] feels they are being treated unfairly, then it has a tendency to bubble up these claims,” she said.

Corporate Environment. Grayson said it is important for companies to educate employees on the avenues for reporting. She said companies must work on the employees’ level of trust in the organization. “Employers are in a precarious position because you want to imbue an environment where employees feel comfortable coming forward and filing cases—but in the back of most employees’ minds is a slight skepticism that the company may not be doing right by them.” And, given the confidentiality requirements there isn’t an avenue for a company to report successes, such as when a whistleblower goes on to thrive at the company after making a claim and a potential wrongdoing was snuffed out.

Organizational Justice. Assurant’s Jay Cohen said companies need to foster organizational justice. “Employees who feel this exists are less likely to see problems in the first place, and are more likely to report a problem when they do see it,” he said. “Do employees feel comfortable they can report concerns without retaliation, and that the company will respond in a reasonable and timely way? We have to wrestle with how do we keep in touch with people who come forward so they know we’re taking them seriously and how we can communicate to the organization when we do treat them fairly and take action against violators. Employees have to feel comfortable in their organization’s justice.”

The panel pointed to a 2011 survey which reported that 45% of employees observed misconduct in the previous 12 months. Two thirds of those who observed misconduct reported it.

Global Training & Reporting. Grayson was asked how Cisco, with employees all over the world and the potential for retaliation claims, establishes a protocol for handling these complaints and the communication challenge. “Annual compliance training for employees is key,” Grayson said. It is vital to have one location where an employee knows where to go, such as a page on an Internet site, and multiple avenues to make those reports anonymously, like an 800 number, plus access to managers, human resources and email reporting.

Cohen added that they also offer employees multiple ways to report. “We literally beg them to report concerns. We get out in front of as many employee groups as we can so they can see how dedicated we are to hearing from them.” Employees are surveyed as to where the code of ethics is, whether management has made a commitment to integrity and how comfortable they are in reporting problems without retaliation. It is important to note, he said, that most employees, even those who become whistleblowers, try to report internally first. They go to their manager first, not a help line. It also is important for managers to know they must report claims. The board and the managers, as well as the employees, must take the training.

Human Resources. Grayson said it is necessary for your company’s HR team—often the first to receive complaints—to have some information about whistleblowers and to understand what types of retaliation there might be. “They need to have access to someone who can help them vet that out,” she said, “because there may be in the complaint a kernel that could lead to a greater whistleblower issue, so knowing who to contact in the legal department or compliance department is key.”

Incident Management System. Grayson pointed to the importance of an effective incident management system. A meaningful system has these elements, she explained:

1) Effective report and intake procedures.

2) Good “speak up” training for managers and employees.

3) Notification protocols to make sure everyone in your internal ecosystem knows how the company handles complaints, documents and individuals.

4) Effective investigation protocols—including training for investigators and a good connection between HR and Compliance to know who is taking on which aspects of the investigation. Grayson suggests that companies bring individuals from those groups together to role play a situation as part of their training.

5) Effective remedial measures and an appropriate way to track and communicate discipline before it occurs. Know what needs to be considered, the magnitude of harm and a person’s knowledge or concerns, so you can ensure that the person who raises concerns feels safe in doing so, and that the company takes the matter seriously.

6) Effective reporting and communication. It is important to know what can be reported and to whom. Finally, she said, make your code of business conduct a user-friendly document. Grayson likes the example of the motto use by the Traffic Safety Administration: “If you see something, say something.”