From Enron to Lehman Bros.: What Can We Learn From These Corporate Governance Failues? (PART IV)
04/19/2013 | by Lipman, Frederick D.
Elements of a Robust Whistleblower PolicyIf audit committees and independent directors want to receive information from executives below the CEO or CFO level in order to fulfill their oversight obligations, they must establish a robust whistleblower system and an effective compliance program.
An effective compliance program requires the following elements:
- Independent directors must be in charge and must be given the resources to fulfill their responsibilities.
- The whistleblower system for accounting, auditing and enterprise risk complaints must be independently administered. This means that employees of the company (such as HR, internal audit or inside counsel) should not initially receive such hotline complaints, as is the current practice, but rather complaints should initially go directly to the audit committee chair or his or her designee ( such as completely independent counsel or other ombudsman). This assures the executive whistleblower that their more serious complaints will be independently handled by persons not beholden to management.. Routine employee complaints, such as employment discrimination, sexual harassment, and similar complaints, should be referred back to HR for investigation. Alternatively, a separate hotline can be developed solely for non-employment related complaints, with HR continuing to receive employment related complaints on its own hotline.
- Whistleblower complaints (other than routine employment discrimination, sexual harassment and similar complaints) should be investigated by completely independent counsel (or other ombudsman) reporting directly to the independent directors. Employees of the company should not be used to investigate non-employment complaints in order to encourage executive whistleblowers to use the system.
- There should be no presumption that anonymous complaints are less deserving of investigation.
- Absolute protection of whistleblowers' identity is essential. Whistleblowers (other than routine employment complaints described above) should be permitted to use their own personal counsel and to form entities in order to protect their identity. This protection of identity is designed to encourage executives to use the whistleblower system.
- The motivations and personality of the whistleblower are not relevant to the truth of the allegations. Whistleblowers with difficult personalities or who have obviously ulterior motives may receive short shrift in any investigation, even though their complaints may be valid. SEC officials made this mistake in ignoring Harry Markopolos' revelations about Bernie Madoff approximately 10 years before his Ponzi scheme was revealed. 
- Periodically assess the effectiveness of any employee hotline and provide employee compliance training. Independent counsel should report to the whistleblower or his or her attorney the status and results of the investigation and the organization should provide annual reports to all employees as to actions taken.
- Legitimate employee whistleblowers should receive meaningful monetary rewards.
- The whistleblower policy must be communicated effectively.
- There should be milder sanctions for whistleblowers involved in illegal group activity.
- Retaliation claims should be independently investigated.
- The director of corporate compliance (if any) should report to the independent directors and become their eyes and ears within the organization.
- The tone at the top of the organization must support an ethical, law-abiding culture. The tone at the top should be established not only by the CEO and CFO but also the chair of the audit committee.
A key factor in employee willingness to use hotlines is the communication of the results of investigations of hotline tips and the actions taken. Many companies do not adequately communicate this information to the whistleblower.
 U.S. Securities and Exchange Commission, Office of Investigations, “Investigation of Failure of the SEC to Uncover Bernard Madoff’s Ponzi Scheme—Public Version,” Report No. OIG-509, August 2009, p. 250. See also H. Markopolos, No One Would Listen (Hoboken, NJ: John Wiley & Sons, 2010).
 IbidCATEGORY: Internal Whistleblowing