Whistleblower claims can present substantial risk to a business. Generally, whistleblower protection laws are designed to protect those who report misconduct that implicates some matter of societal interest. The various state and federal whistleblower protection laws cover a wide range of subjects, literally from “a” (airline safety) to “z” (zoo animal abuse). In the corporate environment, Section 806 of the Sarbanes-Oxley Act protects from reprisal individuals who report fraud that affects shareholders; any party that retaliates against a whistleblower can face significant sanctions.
Needless to say, whistleblower claims must be properly managed to mitigate the risk of financial and reputational harm that results from an adverse court ruling, a regulatory fine, or some other unwanted outcome. By implementing the following suggestions, the risk of that adverse finding can be significantly reduced.
Overview of Whistleblower Laws
To better manage a whistleblower claim, compliance and legal officers must first understand its components. The common elements of a whistleblower claim include: (1) the person claiming retaliation engaged in protected activity; (2) subsequently, the person suffered a recognizable adverse action; and (3) there is an intersection between those two elements.
As I mentioned, there are many whistleblower protection laws out there, and the definition of a “protected activity” will depend on which statute applies to your particular case. Suffice to say that protected activity generally includes a report of misconduct, or cooperation as a witness in the investigation. Within the context of employment discrimination, the protection afforded to complainants and witnesses continues to expand in scope, as evidenced by the recent (January 2009) U.S. Supreme Court decision in Crawford v. Metropolitan Govt. of Nashville & Davidson County, Tenn.
After Crawford, an employee can demonstrate that he engaged in legally protected activity, even when he made no formal complaint of employment discrimination. Now, all that an employee must demonstrate is that he provided information to the employer during the internal investigation of an employment discrimination claim. If the Crawford decision is any indication, employers can expect the meaning of “protected activity” to continue to expand.
In the retaliation context, an “adverse action” can encompass a broad range of conduct, and includes harm that a reasonable person would deem to be materially adverse. The ultimate question is whether the action taken produced enough injury or harm that it would have deterred the whistleblower from initially reporting a concern.
The final element of the claim—the nexus between a complaint and punishment—can be established by direct or circumstantial proof. Key to the analysis is whether the alleged retaliator was aware of the whistleblower’s protected activity when the employment action was approved. Without such knowledge, the reprisal claim will fail. Where the decision maker was aware of the protected activity, the timing of the decision becomes important. When an adverse action closely follows the protected activity, it will suffice to establish an inference of reprisal.
Best Practices
Against this framework, compliance and legal departments have several ways to mitigate the risk that an otherwise warranted employment action will be deemed to constitute retaliation.
Manage the risk through enforcement of a robust anti-retaliation policy.
A compliance program is only as good as the risks that it can identify and mitigate. An employee report of illegal or unethical behavior is an important method by which a company can identify and eliminate risk. A concern sometimes expressed in employee surveys is that bad behavior goes unreported for fear of reprisal. Address that fear with consistent messages from leadership that retaliation for good-faith reports of misconduct will not be tolerated.
In addition, a clear anti-retaliation policy must commit that retaliation against whistleblowers will be severely punished. More importantly, the business must keep this promise and thoroughly investigate allegations of retaliation. Also, to further demonstrate its commitment to its anti-retaliation policy, the company should (as appropriate) inform its employees of identified instances of retaliation and the resulting disciplinary action. This will both demonstrate the company’s commitment to the policy and may deter future instances of retaliation.
Finally, as part of a periodic review, the company may want to revisit directly or indirectly with prior whistleblowers to determine whether they suffered any punishment after reporting a concern. And, if so, the company should evaluate the basis for such action to confirm retaliation did not occur.
Manage the risk by facilitating anonymous reporting to the hotline.
A key component of any compliance program seeking to avoid whistleblower claims is a hotline that facilitates anonymous reporting. As indicated above, to the extent that the whistleblower cannot demonstrate a connection between the protected activity—such as a report to the hotline—and the adverse action, the reprisal claim must fail.
Let me repeat that: If the alleged retaliator didn’t know that the person claiming whistleblower protection had previously reported a matter to the hotline, the reprisal claim must fail. Facilitating anonymous reporting is not only a legal requirement for certain types of claims, such as required by SOX for allegations of accounting misconduct; it is indispensable to mitigating the risk of all types of whistleblower claims. In short, your hotline should facilitate reporting by providing alternate means for anonymity. These may include accepting anonymous written correspondence, using a third-party vendor to receive anonymous complaints, or establishing an e-mail box that will accept e-mails with an anonymous header.
Even where the reporting party has identified himself to the hotline, you can mitigate the risk of a retaliation claim by scrupulously limiting any disclosure of the identity of the reporting party. Again, the requisite link between the protected activity and the adverse action cannot be established when you can demonstrate that the alleged retaliator didn’t know who the whistleblower was. To this end, in many instances the allegation of misconduct can be investigated without involving the reporting party. One example might be where an employee is accused of operating a competing business or other enterprise that deprives the employer of business opportunities.
Similarly, many types of financial misconduct can be investigated without the assistance of the reporting party. These investigations often hinge on the paper trail of financial records. By carefully limiting disclosure of the identity of the reporting party, the enterprise can mitigate the risk that a retaliation claim will succeed. Therefore, every intake should include an assessment of whether the identity of the reporting party must be disclosed to enable the matter to be fully investigated.
Manage the risk with a thorough investigation.
The timing of events, who had knowledge of the protected activity, the basis for the purported adverse action—all are critical to assessing whether retaliation occurred. In other words, a detailed understanding of the facts underlying the reprisal claim is essential. Below are some considerations for the investigation you conduct.
First, the investigator should identify the decision makers—that is, each person who decided upon the adverse action. Also, at the outset the investigator should determine the stated reason for the action.
Next the investigator should collect all key documents. These typically include:
Records of the original allegation that constitutes the protected activity (for example, the hotline call or a complaint to regulators);
Records of the alleged adverse action, such as a transfer notice or disciplinary memorandum;
Claimant’s personnel folder, including performance evaluations;
Records of relevant communications, such as e-mail, pertaining to the alleged adverse action; and
Documents that indicate when the alleged wrongdoer became aware of the protected activity.
The investigator should also develop a chronology of key events. Since the timing of protected activity in relation to the adverse action is critical in determining whether retaliation occurred, preparing a detailed timeline will let the investigator identify the key chain of events.
Finally, the investigator should interview the complainant, all key witnesses, and the decision maker. If the evidence supports a finding of retaliation, the remedial action should be implemented immediately.
Manage the risk through a system that drives consistent discipline.
To achieve consistency in discipline, many organizations have disciplinary action committees with representatives of compliance, human resources, and the law department. Such a committee can use a database to record and track trends in discipline. By using the available data to track discipline, the company can mitigate the risk that the disciplinary action imposed will later be deemed unjustified or influenced by the subject employee’s prior protected activity.
Conclusion
Whistleblower claims can be costly to defend, and an adverse outcome can cause substantial harm to the business. By following the suggestions above, employers can mitigate the risk of a successful whistleblower claim and create an environment where employees are willing to participate as the enterprise’s eyes and ears in detecting and reporting misconduct.
No comments yet