Compliance in the Era of 'Undersight'

Edmund Burke's famous 18th-century dictum encapsulates why compliance efforts cannot rely on written policies or Codes of Conduct alone. After all, Enron had policies on paper forbidding the practices that brought down the company. Without people willing to report violations of law or Codes of Conduct, compliance efforts inevitably will be frustrated.

The thesis of this article is that the new civil and criminal whistleblower provisions of Sarbanes-Oxley (SOX), coupled with growing acceptance of whistleblowing in both the law and popular culture, may create a climate in which employees more frequently engage in “undersight” to report violations of law or policy. “Undersight” is a term this author has coined to describe corporate employees who witness potential fraud first-hand and voice their concerns, in contrast with “oversight” through which corporate outsiders attempt to detect fraud relying on second-hand information.

The SOX Whistleblower Provisions

The whistleblower provisions of SOX differ substantially from previous federal and state whistleblower laws. Until SOX, most federal and state whistleblower laws applicable to the private sector protected only employees who raised concerns about issues affecting the public health or safety. Most such laws did not protect private sector employees who raised concerns about fraud against shareholders, because such issues were not perceived as affecting the public health or safety.

In contrast, most federal and state laws covering government sector whistleblowers did protect government employees who raised concerns about waste of funds. The public interest in financial abuse in the government sector has always been clear, because such abuse involves waste of taxpayer funds. However, until SOX, the issue of financial fraud in the private sector was viewed as of concern only to shareholders.

With the spectacular failures of several major corporations, and the corresponding investment losses suffered by millions of employees and shareholders, Congress decreed in Sarbanes-Oxley that fraud against shareholders is an issue of public concern justifying significant new civil and criminal protections for private-sector employees who raise concerns about financial fraud.

SOX departs from the prior pattern of whistleblower protection in numerous respects. For the first time, it creates a civil remedy for whistleblowers in the private sector who raise concerns about financial matters that implicate violations of federal securities laws. (Section 806 of Sarbanes-Oxley creates a federal civil right of action on behalf of any employee of a publicly traded company, or any employee of a contractor of a publicly traded company, who is subject to discrimination in retaliation for reporting corporate fraud or accounting abuses. Section 806 prohibits publicly traded companies from discriminating against an employee in retaliation for any lawful act done by the employee to: 1) provide information or otherwise assist in any investigation regarding conduct which the employee reasonably believes constitutes a violation of federal securities fraud statutes or SEC rules, provided the investigation is conducted by a federal regulatory or law enforcement agency, any Member of Congress or Congressional Committee, or a person with managerial authority within the publicly traded corporation; or 2) file, testify, participate in, or otherwise assist in any proceeding related to an alleged violation of corporate fraud laws or regulations.)

Thus, the subject matter of protected disclosures has been significantly broadened beyond the categories of public health and safety. In addition, the penalties for retaliation against whistleblowing have been greatly strengthened. The civil provisions of SOX allow for immediate reinstatement of whistleblowing employees, even before an evidentiary hearing on the merits. Even more drastically, the Act creates severe criminal penalties (including substantial fines, and up to 10 years in prison) for retaliation against whistleblowers who raise concerns about violation of any federal criminal statute, not simply laws limited to financial fraud. These criminal penalties may apply to any employer, regardless of whether the employer is publicly traded or privately held, and may apply to individual managers as well as to corporate employers. Moreover, SOX uses whistleblower protection as a key component of federal securities law enforcement. By 2002, the collapses of Enron, WorldCom, and numerous other companies demonstrated that the system of “oversight” created by the Securities Exchange Act of 1934 had failed to prevent massive financial fraud by several issuers of publicly traded securities. During 2001 and 2002, numerous persons testified before Congress about the reasons for the Enron and WorldCom corporate collapses. The Report of the Senate Judiciary Committee on the bill that became Sarbanes-Oxley states: “In a variety of instances when corporate employees at both Enron and Andersen attempted to report or 'blow the whistle' on fraud, but (sic) they were discouraged at nearly every turn.” Senate Report No. 107-146, 107th Congress, 2d Sess., at 5.

Woven throughout the Act is the theme that protection of employees who report financial abuse may help to prevent future corporate collapses and securities frauds. Now, corporate insiders who see the daily operations of companies are protected by SOX if they report concerns about financial fraud. In addition to strengthening “oversight” by creation of the Public Company Accounting Oversight Board and other actions, SOX also added new “undersight” provisions protecting corporate insiders who witness fraud. Protection for employees engaging in “undersight” is reflected in many facets of SOX:

• Congress required corporate Audit Committees to create mechanisms for receiving anonymous employee concerns about financial improprieties;
• Section 806 creates new civil protection for employees who report concerns about alleged fraud upon shareholders, and Section 1107 creates new criminal penalties for retaliation which extend more broadly than does Section 806;
• Congress required the SEC to issue regulations setting forth minimum standards of practice applicable to attorneys who practice before the SEC. The rules issued by the SEC require attorneys who are aware of financial fraud by their clients to alert the issuers' executive management, and then the issuers' Boards of Directors if executive management does not respond appropriately; See 17 C.F.R. Part 205.
• Sarbanes-Oxley requires the SEC to promulgate rules that prohibit brokerage firms from retaliating against securities analysts because of an “unfavorable research report that may adversely affect the present or prospective investment banking relationship of the broker or dealer with the issuer that is the subject of the research report.” This new legal protection for securities analysts was driven by concerns that brokerage firms were pressuring securities analysts to write overly favorable evaluations of stocks in order to obtain additional investment banking business; and
• Congress required issuers of publicly traded securities to disclose whether they have Codes of Ethics applicable to senior financial officers. Both the New York Stock Exchange and the National Association of Stock Dealers have gone further by requiring companies who wish to maintain their listings on those exchanges to implement Codes of Ethics not limited to executive management, and to include in such codes provisions that protect employees who report alleged violations from retaliation.

Additional Legal and Cultural Developments

There is growing recognition in the law, apart from SOX, that protection against retaliation is an essential component of any enforcement scheme. Recently, the U.S. Supreme Court held that protection against retaliation is essential to enforcement of Title IX of the Education Amendments of 1972, even though Title IX itself did not contain a provision forbidding retaliation. In Jackson v. Birmingham Board of Education, a male coach of a girls' high school basketball team alleged that his employment had been terminated in retaliation for his complaints that the team was underfunded in violation of Title IX. Acknowledging that Title IX itself did not contain a provision forbidding retaliation, the Court implied a private right of action for retaliation. The Court stated: “Reporting incidents of discrimination is integral to Title IX enforcement and would be discouraged if retaliation against those who report went unpunished. Indeed, if retaliation were not prohibited, Title IX's enforcement scheme would unravel.”

Popular culture has kept pace with these legal developments. Today, whistleblowers may be held up to public esteem as occurred in the Dec, 30, 2002 issue of TIME magazine. The cover of that issue named “The Whistleblowers” as Persons of the Year, and carried a photograph of Cynthia Cooper of WorldCom, Colleen Rowley of the FBI, and Sherron Watkins of Enron. Hollywood has sympathetically portrayed whistleblowers in films including “Erin Brockovich” and “The Insider.” In contrast, 30 years ago, whistleblowers were often vilified as “snitches” or “tattletales.”

Will Legal Protections for 'Undersight' Create Cultures of Compliance?

Fear of being ostracized may have deterred some employees from blowing the whistle in the past. Today, the question is whether the significant changes in legal protections for whistleblowers, coupled with more favorable depictions in the popular culture, will encourage employees to engage in “undersight” with greater frequency. A number of factors suggest that employees may more freely report legal or ethical violations today than in the past.

First, high-ranking executives now have a compelling personal interest in knowing whether fraud is occurring within their organizations. Thanks to Section 302 of SOX, CEOs and CFOs must personally certify the accuracy of corporate financial reports, on pain of criminal prosecution. Employees who engage in “undersight” and disclose potential fraud may help to ferret out fraud, thereby improving the accuracy of financial reports, and lessening the risk of prosecutions against CEOs and CFOs. Realizing this, executives may devote sufficient resources to compliance to convince the workforce to actively report potential fraud.

Second, until SOX, anonymous employee complaints were often dismissed out of hand. Anonymous complaints may be difficult to investigate due to lack of details and inability to follow up with the anonymous source, and may be deemed less credible than complaints by employees who identify themselves. SOX, however, requires that anonymous complaints be given credibility by requiring Audit Committees of publicly traded companies to establish procedures for receipt and investigation of anonymous concerns. To the extent that fear of retaliation has deterred employees from identifying themselves by openly raising concerns, the ability to make anonymous complaints knowing that such complaints must be investigated may encourage whistleblowing. Put differently, before SOX, it may have been easier to rationalize remaining silent based on fears of retaliation. The new stature given to anonymous complaints, however, may give employees greater assurance that their identities will not be discovered, and that their concerns still will be addressed. Thus, a common rationalization for not blowing the whistle may be significantly undermined.

Third, popular culture has long been ambivalent about “informing” or “turning in” co-workers. Pejorative terms such as “fink” or “stool pigeon” exemplify such ambivalence. However, almost every American who had an investment in the stock markets suffered significantly by the meltdowns of Enron, WorldCom, and others, and the resulting stock market collapse. Today, employees may feel that reporting potential fraud is necessary to protect their own personal financial interests, as well as the interests of the investing public. After Enron, it may not be as easy to turn a blind eye to fraud based on the rationalization that “it's not my problem.”

Conclusion

Fraud examiners have long known that the most common source of tips reporting fraud originate from employees. In 2004, the Association of Certified Fraud Examiners reported that over 40% of corporate fraud was discovered through employee tips. Updating Burke's dictum for purposes of the 21st century, perhaps what is necessary to prevent securities fraud is legal protection for employees who engage in “undersight.” The coming years will demonstrate whether the era of “undersight” increases the percentage of employee tips about fraud. In the meantime, professionals with responsibility for compliance may find that legal protection for “undersight” is an important factor in achieving compliance goals.

Daniel P. Westman ([email protected]) is a partner in the law firm Morrison & Foerster LLP, who specializes in whistleblower litigation including claims under the Sarbanes-Oxley Act. He is the lead author of Whistleblowing: The Law of Retaliatory Discharge, Second Edition (BNA Books 2004), from which this article is extrapolated. In addition, he also maintains a Web site with resource information about whistleblowing, www.danielwestman.com.

Edmund Burke's famous 18th-century dictum encapsulates why compliance efforts cannot rely on written policies or Codes of Conduct alone. After all, Enron had policies on paper forbidding the practices that brought down the company. Without people willing to report violations of law or Codes of Conduct, compliance efforts inevitably will be frustrated.

The thesis of this article is that the new civil and criminal whistleblower provisions of Sarbanes-Oxley (SOX), coupled with growing acceptance of whistleblowing in both the law and popular culture, may create a climate in which employees more frequently engage in “undersight” to report violations of law or policy. “Undersight” is a term this author has coined to describe corporate employees who witness potential fraud first-hand and voice their concerns, in contrast with “oversight” through which corporate outsiders attempt to detect fraud relying on second-hand information.

The SOX Whistleblower Provisions

The whistleblower provisions of SOX differ substantially from previous federal and state whistleblower laws. Until SOX, most federal and state whistleblower laws applicable to the private sector protected only employees who raised concerns about issues affecting the public health or safety. Most such laws did not protect private sector employees who raised concerns about fraud against shareholders, because such issues were not perceived as affecting the public health or safety.

In contrast, most federal and state laws covering government sector whistleblowers did protect government employees who raised concerns about waste of funds. The public interest in financial abuse in the government sector has always been clear, because such abuse involves waste of taxpayer funds. However, until SOX, the issue of financial fraud in the private sector was viewed as of concern only to shareholders.

With the spectacular failures of several major corporations, and the corresponding investment losses suffered by millions of employees and shareholders, Congress decreed in Sarbanes-Oxley that fraud against shareholders is an issue of public concern justifying significant new civil and criminal protections for private-sector employees who raise concerns about financial fraud.

SOX departs from the prior pattern of whistleblower protection in numerous respects. For the first time, it creates a civil remedy for whistleblowers in the private sector who raise concerns about financial matters that implicate violations of federal securities laws. (Section 806 of Sarbanes-Oxley creates a federal civil right of action on behalf of any employee of a publicly traded company, or any employee of a contractor of a publicly traded company, who is subject to discrimination in retaliation for reporting corporate fraud or accounting abuses. Section 806 prohibits publicly traded companies from discriminating against an employee in retaliation for any lawful act done by the employee to: 1) provide information or otherwise assist in any investigation regarding conduct which the employee reasonably believes constitutes a violation of federal securities fraud statutes or SEC rules, provided the investigation is conducted by a federal regulatory or law enforcement agency, any Member of Congress or Congressional Committee, or a person with managerial authority within the publicly traded corporation; or 2) file, testify, participate in, or otherwise assist in any proceeding related to an alleged violation of corporate fraud laws or regulations.)

Thus, the subject matter of protected disclosures has been significantly broadened beyond the categories of public health and safety. In addition, the penalties for retaliation against whistleblowing have been greatly strengthened. The civil provisions of SOX allow for immediate reinstatement of whistleblowing employees, even before an evidentiary hearing on the merits. Even more drastically, the Act creates severe criminal penalties (including substantial fines, and up to 10 years in prison) for retaliation against whistleblowers who raise concerns about violation of any federal criminal statute, not simply laws limited to financial fraud. These criminal penalties may apply to any employer, regardless of whether the employer is publicly traded or privately held, and may apply to individual managers as well as to corporate employers. Moreover, SOX uses whistleblower protection as a key component of federal securities law enforcement. By 2002, the collapses of Enron, WorldCom, and numerous other companies demonstrated that the system of “oversight” created by the Securities Exchange Act of 1934 had failed to prevent massive financial fraud by several issuers of publicly traded securities. During 2001 and 2002, numerous persons testified before Congress about the reasons for the Enron and WorldCom corporate collapses. The Report of the Senate Judiciary Committee on the bill that became Sarbanes-Oxley states: “In a variety of instances when corporate employees at both Enron and Andersen attempted to report or 'blow the whistle' on fraud, but (sic) they were discouraged at nearly every turn.” Senate Report No. 107-146, 107th Congress, 2d Sess., at 5.

Woven throughout the Act is the theme that protection of employees who report financial abuse may help to prevent future corporate collapses and securities frauds. Now, corporate insiders who see the daily operations of companies are protected by SOX if they report concerns about financial fraud. In addition to strengthening “oversight” by creation of the Public Company Accounting Oversight Board and other actions, SOX also added new “undersight” provisions protecting corporate insiders who witness fraud. Protection for employees engaging in “undersight” is reflected in many facets of SOX:

• Congress required corporate Audit Committees to create mechanisms for receiving anonymous employee concerns about financial improprieties;
• Section 806 creates new civil protection for employees who report concerns about alleged fraud upon shareholders, and Section 1107 creates new criminal penalties for retaliation which extend more broadly than does Section 806;
• Congress required the SEC to issue regulations setting forth minimum standards of practice applicable to attorneys who practice before the SEC. The rules issued by the SEC require attorneys who are aware of financial fraud by their clients to alert the issuers' executive management, and then the issuers' Boards of Directors if executive management does not respond appropriately; See 17 C.F.R. Part 205.
• Sarbanes-Oxley requires the SEC to promulgate rules that prohibit brokerage firms from retaliating against securities analysts because of an “unfavorable research report that may adversely affect the present or prospective investment banking relationship of the broker or dealer with the issuer that is the subject of the research report.” This new legal protection for securities analysts was driven by concerns that brokerage firms were pressuring securities analysts to write overly favorable evaluations of stocks in order to obtain additional investment banking business; and
• Congress required issuers of publicly traded securities to disclose whether they have Codes of Ethics applicable to senior financial officers. Both the New York Stock Exchange and the National Association of Stock Dealers have gone further by requiring companies who wish to maintain their listings on those exchanges to implement Codes of Ethics not limited to executive management, and to include in such codes provisions that protect employees who report alleged violations from retaliation.

Additional Legal and Cultural Developments

There is growing recognition in the law, apart from SOX, that protection against retaliation is an essential component of any enforcement scheme. Recently, the U.S. Supreme Court held that protection against retaliation is essential to enforcement of Title IX of the Education Amendments of 1972, even though Title IX itself did not contain a provision forbidding retaliation. In Jackson v. Birmingham Board of Education, a male coach of a girls' high school basketball team alleged that his employment had been terminated in retaliation for his complaints that the team was underfunded in violation of Title IX. Acknowledging that Title IX itself did not contain a provision forbidding retaliation, the Court implied a private right of action for retaliation. The Court stated: “Reporting incidents of discrimination is integral to Title IX enforcement and would be discouraged if retaliation against those who report went unpunished. Indeed, if retaliation were not prohibited, Title IX's enforcement scheme would unravel.”

Popular culture has kept pace with these legal developments. Today, whistleblowers may be held up to public esteem as occurred in the Dec, 30, 2002 issue of TIME magazine. The cover of that issue named “The Whistleblowers” as Persons of the Year, and carried a photograph of Cynthia Cooper of WorldCom, Colleen Rowley of the FBI, and Sherron Watkins of Enron. Hollywood has sympathetically portrayed whistleblowers in films including “Erin Brockovich” and “The Insider.” In contrast, 30 years ago, whistleblowers were often vilified as “snitches” or “tattletales.”

Will Legal Protections for 'Undersight' Create Cultures of Compliance?

Fear of being ostracized may have deterred some employees from blowing the whistle in the past. Today, the question is whether the significant changes in legal protections for whistleblowers, coupled with more favorable depictions in the popular culture, will encourage employees to engage in “undersight” with greater frequency. A number of factors suggest that employees may more freely report legal or ethical violations today than in the past.

First, high-ranking executives now have a compelling personal interest in knowing whether fraud is occurring within their organizations. Thanks to Section 302 of SOX, CEOs and CFOs must personally certify the accuracy of corporate financial reports, on pain of criminal prosecution. Employees who engage in “undersight” and disclose potential fraud may help to ferret out fraud, thereby improving the accuracy of financial reports, and lessening the risk of prosecutions against CEOs and CFOs. Realizing this, executives may devote sufficient resources to compliance to convince the workforce to actively report potential fraud.

Second, until SOX, anonymous employee complaints were often dismissed out of hand. Anonymous complaints may be difficult to investigate due to lack of details and inability to follow up with the anonymous source, and may be deemed less credible than complaints by employees who identify themselves. SOX, however, requires that anonymous complaints be given credibility by requiring Audit Committees of publicly traded companies to establish procedures for receipt and investigation of anonymous concerns. To the extent that fear of retaliation has deterred employees from identifying themselves by openly raising concerns, the ability to make anonymous complaints knowing that such complaints must be investigated may encourage whistleblowing. Put differently, before SOX, it may have been easier to rationalize remaining silent based on fears of retaliation. The new stature given to anonymous complaints, however, may give employees greater assurance that their identities will not be discovered, and that their concerns still will be addressed. Thus, a common rationalization for not blowing the whistle may be significantly undermined.

Third, popular culture has long been ambivalent about “informing” or “turning in” co-workers. Pejorative terms such as “fink” or “stool pigeon” exemplify such ambivalence. However, almost every American who had an investment in the stock markets suffered significantly by the meltdowns of Enron, WorldCom, and others, and the resulting stock market collapse. Today, employees may feel that reporting potential fraud is necessary to protect their own personal financial interests, as well as the interests of the investing public. After Enron, it may not be as easy to turn a blind eye to fraud based on the rationalization that “it's not my problem.”

Conclusion

Fraud examiners have long known that the most common source of tips reporting fraud originate from employees. In 2004, the Association of Certified Fraud Examiners reported that over 40% of corporate fraud was discovered through employee tips. Updating Burke's dictum for purposes of the 21st century, perhaps what is necessary to prevent securities fraud is legal protection for employees who engage in “undersight.” The coming years will demonstrate whether the era of “undersight” increases the percentage of employee tips about fraud. In the meantime, professionals with responsibility for compliance may find that legal protection for “undersight” is an important factor in achieving compliance goals.

Daniel P. Westman ([email protected]) is a partner in the law firm Morrison & Foerster LLP, who specializes in whistleblower litigation including claims under the Sarbanes-Oxley Act. He is the lead author of Whistleblowing: The Law of Retaliatory Discharge, Second Edition (BNA Books 2004), from which this article is extrapolated. In addition, he also maintains a Web site with resource information about whistleblowing, www.danielwestman.com.