This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print this page

Risk Angles

Five questions on retaliation risk


DOWNLOAD  

An interview with Robert Biskup, director, Deloitte Forensic, Deloitte Financial Advisory Services LLP and closer look by Brian Huchro, partner, Deloitte Forensic, Deloitte Financial Advisory Services LLP.

The interconnected issues of whistleblowers and retaliation lawsuits are experiencing a resurgence among businesses today, pushed along by new regulatory frameworks like those found in whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Too often, companies don’t realize their exposure to retaliation risks until it’s too late.

How can leaders help guard their organizations from such risks? How can they foster a culture that empowers employees to actively engage with the issues of ethics and compliance? Risk Intelligent organizations are already taking a proactive approach to these challenges; designing and deploying programs that seek to encourage a speak-up culture — one that promotes internal reporting and resolution before problems spiral out of control.

In this issue of Risk Angles, Robert Biskup offers some thoughts on questions executives ask him most frequently about this issue. Then, Brian Huchro takes a closer look at the role of culture in managing retaliation risks.

Quick links:
A closer look: The role of culture in managing retaliation risks in a Dodd-Frank world | Comments | Poll

Question

Rob's take

Why is retaliation risk an issue on the rise again?  

Today, there’s less of a stigma associated with being a whistleblower. So people feel empowered to level public accusations against their employers, due in part to both positive media coverage of high-profile whistleblowers and changing public perceptions. Plus, U.S. courts have loosened the standard for retaliation claims. All of which raises the likelihood of retaliation risk.

What tools should we have in place to help guard against retaliation risk?

The place to consider starting is with a comprehensive incident management program and strong anti-retaliation policies, grounded in clear messages from executive leadership on the importance of reporting known or suspected unethical or illegal conduct. It’s also important to have a compliance committee that oversees investigations in addition to tracking their progress. Such a committee typically works best when Compliance, Audit, HR, Legal, Security and IT sit at the same table.

We already have tools and processes for escalating concerns about ethics. What more do we really need?

We find that many leaders tend to underestimate the variety of communication strategies needed to engage their employees, increasing loyalty and performance. Consider that in a global company, cultural differences alone demand a wide variety of approaches. It’s not enough to have a helpline in place — email channels, P.O boxes, intranet links, and discreet management channels all have to be in the mix.  Just as important, you have to routinely remind employees that these tools exist. It’s easy — and dangerous — to be lulled into complacency by over-reliance on the “hotline” concept.

What are the major pitfalls we should avoid?

Even among companies that have well-structured issue identification protocols in place, we see many taking an unstructured, ad hoc approach to incident response and investigations. As a result, they’re constantly playing catch-up. If there’s one mistake we see companies making time and time again, it’s in the areas of roles, responsibilities, process, and documentation.

How can we determine whether what we’re doing is actually working?

This is exactly the question regulators are asking with much more frequency these days — so it’s an important one. Regulators are looking for unbiased, independent assessments of compliance programs. Management interviews, employee surveys, focus groups, reviews of historical incidents, exit interviews, coaching and counseling all are components of some effective assessment techniques we’ve seen.
Return to top

 

A closer look: The role of culture in managing retaliation risks in a Dodd-Frank world

By Brian Huchro

The U.S. Securities and Exchange Commission’s (SEC) whistleblower program went into effect in 2010, when the Dodd-Frank Act became law. As many observers know, the program provides monetary incentives for individuals to report possible violations of the federal securities laws to the SEC.Whistleblowers are entitled to an award of between 10% and 30% of the monetary sanctions collected in actions brought by the SEC and related actions brought by other regulatory and law enforcement authorities, providing ample motivation for employees to step forward. Just as important for both the whistleblower and the company, it prohibits retaliation by employers against employees who provide information on possible securities violations.

This creates the opportunity for unwanted surprises for companies that may have been otherwise unaware of festering complaints from those within their own organizations. So how can companies encourage their employees to report concerns internally, in lieu of, or at least in advance of the whistleblower complaint being filed with regulators?

Culture is a key place to start. If your people feel that they’re part of a culture that values doing the right thing, they’re more likely to look for ways to resolve issues internally. But if they don’t, organizational culture could have a negative impact. In business, “culture” can seem like a hazy, hard-to-define issue. It can seem even harder to influence. But it’s actually not as difficult to change an organization’s risk culture as it may seem. “Tone at the top” training and communication typically play big roles in shaping corporate culture, but there’s no reason to stop there. For example, do ethics and compliance issues just receive a perfunctory mention in training programs, or is there a whole training module devoted to them? Does it include details regarding the processes that should be followed by the company in addressing whistleblower complaints?

Armed with information about the process, and the understanding that it can take some time to assess the allegation, employees are less likely to regard issue resolution as a “black box” — and as a result may feel more empowered to choose the internal route.

Performance management and internal communications also have a big role to play in influencing the culture. Is there a vocal executive team constantly communicating a zero-tolerance policy for not doing the right thing? When something appears inconsistent with business ethics, does corporate culture essentially demand that it be reported? Does the compliance organization routinely deliver “blinded” updates on whistleblower reports and their resolution to the broader organization? Using live examples of what the organization did to evaluate the allegation and what action steps were taken can go a long way toward reinforcing the corporate culture. If employee whistleblowers can see that they can make a difference, and that allegations are taken seriously, it may be much easier to mitigate related risks.

Download the Risk Angle above.

 

 

Poll

By participating in this poll, you consent and acknowledge that your responses may be disclosed without attribution by Deloitte in future publications and you are authorized to respond to the poll on behalf of your company.*

*Please review the guidelines before providing your comments.

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

 

 

Related links

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Stay connected