I’ve been thinking a lot about whistleblowers lately. I serve as a “management” representative to the Department of Labor Whistleblower Protection Advisory Committee and last week we presented the DOL with our recommendations for best practices for employers. We are charged with looking at almost two dozen whistleblower laws. I've previously blogged about whistleblower issues here.

Although we spend the bulk of our time on the WPAC discussing the very serious obstacles for those workers who want to report safety violations, at the last meeting we also discussed, among other things, the fact that I and others believed that there could be a rise in SOX claims from attorneys and auditors following the 2014 Lawson decision. In that case, the Supreme Court observed that: “Congress plainly recognized that outside professionals — accountants, law firms, contractors, agents, and the like — were complicit in, if not integral to, the shareholder fraud and subsequent cover-up [Enron] officers … perpetrated.” Thus, the Court ruled, those, including private contractors, who see the wrongdoing but may be too fearful of retaliation to report it should be entitled to SOX whistleblower protection.

We also discussed the SEC's April KBR decision, which is causing hundreds of companies to revise their codes of conduct, policies, NDAs, confidentiality and settlement agreements to ensure there is no language that explicitly or implicitly prevents employees from reporting wrongdoing to the government or seeking an award.

Two weeks ago, I spoke in front of a couple hundred internal auditors and certified fraud examiners about how various developments in whistleblower laws could affect their investigations, focusing mainly on Sarbanes-Oxley and Dodd-Frank Whistleblower. I felt right at home because in my former life as a compliance officer and deputy general counsel, I spent a lot of time with internal and external auditors. Before I joined academia, I testified before Congress on what I thought could be some flaws in the law as written. Specifically, I had some concerns about the facts that: culpable individuals could receive awards; individuals did not have to consider reporting wrongdoing internally even if there was a credible, functioning compliance program; and that those with fiduciary responsibilities were also eligible for awards without reporting first (if possible), which could lead to conflicts of interest. The SEC did make some changes to Dodd-Frank. The agency now weighs the whistleblower’s participation in the firm’s internal compliance program as a factor that may increase the whistleblower’s eventual award and considers interference with internal compliance programs to be a factor that may decrease any award. It also indicated that compliance or internal audit professionals should report internally first and then wait 120 days before going external.

Before I launched into my legal update, I gave the audience some sobering statistics about financial professionals:

  • 23% have seen misconduct firsthand
  • 29% believe they may have to engage in illegal or unethical conduct to be successful
  • 24% would engage in insider trading if they could earn $10 million and get away with it 

I also shared the following awards with them:

  • $875,000 to two individuals for “tips and assistance” relating to fraud in the securities market;
  • $400,000 to a whistleblower who reported fraud to the SEC after the employee’s company failed to address internally certain securities law violations;
  • $300,000 to an employee who reported wrongdoing to the SEC after the company failed to take action when the employee reported it internally first;
  • $14 million- tip about an alleged Chicago-based scheme to defraud foreign investors seeking U.S. residency; and
  • More than $30 million to a tipster living in a foreign country, who would have received more if he hadn't delayed reporting

I also informed them about a number of legal developments that affect those that occupy a position of trust or confidence. These white-collar whistleblowers have received significant paydays recently. Last year the SEC paid  $300,000 to an employee who performed “audit or compliance functions.” I predicted more of these awards, and then to prove me right, just last week, the SEC awarded its second bounty to an audit or compliance professional, this time for approximately 1.4 million.

I asked the auditors to consider how this would affect their working with their peers and their clients, and how companies might react. Will companies redouble their efforts to encourage internal reporting? Although statistics are clear that whistleblowers prefer to report internally if they can and don’t report because they want financial gain, will these awards embolden compliance, audit, and legal personnel to report to the government? Will we see more employees with fiduciary duties coming forward to report wrongdoing? Does this conflict with any ethical duties imposed upon lawyers or compliance officers with legal backgrounds? SOX 307 describes up the ladder reporting requirements, but what happens to the attorney who chooses to go external? Will companies consider self-reporting to get more favorable deferred and nonprosecution agreements to pre-empt the potential whistleblower?

I don’t have answers for any of these questions, but companies and boards should at a minimum look at their internal compliance programs and ensure that their reporting mechanisms allow for reports from outside counsel and auditors. In the meantime, it’s now entirely possible that an auditor, compliance officer, or lawyer could be the next Sherron Watkins.

And by the way, if you were in Busan, South Korea last Wednesday, you may have heard me on the morning show talking about whistleblowers. Drop me a line and let me know how I sounded.