Whistleblower protection: sincere application of a compliance programme

The United States Government’s recent legislative activities have also highlighted employee accountability as an essential factor of a successful compliance programme. In 2002, the Sarbanes-Oxley Act (SOX) was passed, which identified confidential employee reporting as an important method of learning about potential misconduct within a business.

In 2010, the United States Congress took another step to push employee reporting to the forefront by including a whistleblower provision in the Dodd-Frank Act. This provision created a federally-administered whistleblower programme to financially reward whistleblowers who make reports that lead to enforcement actions by the Securities and Exchange Commission (SEC).

The most important feature of the Dodd-Frank whistleblower programme is the anti-retaliation provision, which protects whistleblowers from retaliation from their company or co-workers and demonstrates the growing importance of non-retaliation as a necessary component of confidential reporting. Section 806 of the SOX also provides for whistleblower protection. In A Resource Guide to the US Foreign Corrupt Practices Act, the Department of Justice (DOJ) identified non-retaliation as one of the ten hallmarks of an effective compliance programme. Consequently, there has been a growing trend for best-practice compliance programmes to include non-retaliation as a key aspect and inform employees of this guarantee through various avenues.

However, two recent United States court cases involving the Dodd-Frank whistleblower provision show a possible disparity between federal efforts to stress non-retaliation and the actual delivery of this promise by companies to their employees. Some companies may be willing to discuss non-retaliation as a key feature of their compliance programmes, but may not always be willing to guarantee protection to good-faith reporters.

In Asadi v GE Energy, the United States Court of Appeals for the Fifth Circuit held that the Dodd-Frank whistleblower protections only apply to those who report to the SEC and do not apply to reporters who only make disclosures internally. In the more recent Liu v Siemens AG, the United States Court of Appeals for Second Circuit held that the anti-retaliation provision of the Dodd-Frank Act does not apply to reporters disclosing potential misconduct that occurred abroad.

If global corporations promote the importance of ethics and non-retaliation, yet argue against the right of employees to actually receive protection for internal disclosures (even if the protection would be through the SEC), how can employees sincerely buy into any organisational compliance programme? If corporations can instruct employees about compliance laws with global application like the Foreign Corrupt Practices Act (FCPA), promote compliance across the business and stress honest reporting on potential violations, yet cannot actually afford protection to good-faith reporters, what value does the compliance programme actually have?

Companies claiming to guarantee non-retaliation as a feature of their compliance programmes should be willing to actually provide protection to good-faith reporters, whether non-retaliation is required by the law or not. The recent cases of Asadi and Liu show that an extremely important feature of a compliance programme is sincerity in applying the tenets a company claims to live and operate by.

Employees who make good-faith reports internally should be protected from retaliation

Employees should be able to make good-faith reports internally without fear of retribution. A 2010 survey by the Association of Certified Fraud Examiners noted that close to 40 percent of misconduct issues identified by companies were learned about through confidential reporting hotlines, while only 14 percent of issues were discovered through internal audits and 17 percent through reviews by management. Thus, confidential reporting is an extremely effective way for companies to learn about and remediate wrongdoing, and providing protection from retaliation is paramount to keeping this avenue open.

Some may argue that companies should be able to handle reports of misconduct as they choose to, pointing to decisions like Asadi as evidence that while there is growing federal legislation promoting the importance of non-retaliation, companies are not legally bound to provide protection to good-faith reporters. In Asadi, the plaintiff, who served as GE Energy’s Iraq Country Executive in Jordan, reported potential FCPA violations to his supervisor. One year after making these internal reports, GE Energy fired him. As mentioned above, the Fifth Circuit held that the anti-retaliation provision of the Dodd-Frank Act does not apply to whistleblowers making reports internally.

Companies should not necessarily rely on the Asadi decision as a precedent, however. In Bussing v COR Clearing LLC, a Nebraska, United States district court held that the anti-retaliation provisions do apply to those who report internally by looking at the plain meaning of the word ‘whistleblower’: ‘a person who tells police, reporters, etc., about something (such as a crime) that has been kept secret’. The case will now be reviewed by the United States Court of Appeals for the Eighth Circuit. If the Eighth Circuit agrees with the Nebraska district court ruling it will set up a split opinion across the United States. Ultimately, the Supreme Court may be required to determine a conclusive answer. This emerging split of opinion demonstrates that companies must still genuinely apply the values of transparency, honesty and non-retaliation to employee disclosures as the law has not yet been settled on this matter.

Whistleblowers reporting foreign misconduct should also be protected

It is well known that the FCPA, SOX and other compliance laws that the SEC enforces also apply in other jurisdictions. Every year companies enter into agreements with the SEC and DOJ for violations of these key compliance laws, usually stemming from corrupt acts committed in offices abroad and resulting in fines worth hundreds of millions of dollars. However, the Liu decision shows that employees working for global companies would not be protected from retaliation under the Dodd-Frank Act when making internal disclosures regarding conduct that occurred abroad, whether or not that conduct breaches the FCPA or other key compliance regulations.

While the decision as to whether the Dodd-Frank provisions apply extraterritorially is for the courts to decide, for companies that operate on a culture of transparency and the promise of non-retaliation it shouldn’t matter – a company should always protect its employees from retaliation, even if the reported acts occurred abroad.

The fact that some companies may instil a programme based on transparency, ethics and integrity but then argue that good-faith reporters should not receive protection (even if the protection would be levied by the SEC) demonstrates that compliance programmes need more than just robust controls – they need to be infused and run with sincerity.


While companies must be familiar with relevant laws and important legal decisions, responsibility should always remain with organisations to operate by the values they preach. Accountability has often centred on employees, but companies must set an example for employees by demonstrating accountability in their dealings.

Previous Article
Database screening for third party compliance
Database screening for third party compliance

Companies have a number of choices when deciding how to quantify and deal with the compliance risks related...

Next Article
Preserving privilege when undertaking internal investigations - should it remain a priority?
Preserving privilege when undertaking internal investigations - should it remain a priority?

While traditionally seen as a strong shield against discovery requests, recent developments have shown the ...


Subscribe to The Red Flag Group Insights

First Name
Last Name
Job Title
Thanks for subscribing
Error - something went wrong!