The notion that a compliance officer can also serve as a whistleblower is unsettling to many in the business world. After all, the compliance function’s responsibility is to investigate and address issues so people don’t have to become whistleblowers. But under certain conditions, a compliance officer can blow the whistle on his or her employer’s illegal behavior—a fact validated by the U.S. Securities and Exchange Commission, which has recently issued awards of $300,000 and $1.4 million to compliance professionals. Courts have also permitted compliance officers to pursue qui tam suits under the False Claims Act. This article discusses steps a legal department can take to minimize these kinds of risks.
The Law’s View of Compliance Officer as Whistleblower
Several laws, including the Sarbanes-Oxley Act and the Dodd-Frank, allow whistleblowers to receive financial awards for providing regulators information about wrongdoing. These awards are a percentage of the fines and sanctions the company pays as the result of a settlement or being found guilty of wrongdoing. Section 21F of the Securities Exchange Act of 1934 exempts compliance officers from receiving whistleblower awards. There are, however, a limited number of exceptions. Compliance staff may receive an award if:
- More than 120 days have passed since the whistleblower notified his or her superior, the audit committee or the chief legal officer about potential wrongdoing; or
- the whistleblower believes the company may try to impede the investigation; or
- the whistleblower believes disclosure to the SEC is necessary to prevent financial harm to the company or its investors.
The False Claims Act also allows relators, or those who bring qui tam suits, to sue on the government’s behalf if the relator believes the government has been defrauded. Because qui tam suits can be brought in state or federal court, there is some disagreement among courts over compliance officers who are relators. The courts agree that a compliance officer is not automatically disqualified from serving as a relator, but the judiciary doesn’t necessarily look favorably on compliance officer relators. For example, courts may require compliance officers to show they are not using materials protected by attorney-client privilege (even if they are not attorneys), or that the allegations do not arise from the matters the compliance officer should have raised internally as part of their job function. Nonetheless, anecdotal evidence suggests a number of qui tam cases are being pursued by compliance officers. The bulk of the money the government recovers under the False Claims Act comes from qui tam actions involving Medicaid and Medicare fraud. In FY2017, they accounted for $2.4 billion of the $3.7 billion recovered. Relators receive a portion of a settlement or judgment—15 to 25 percent of a recovery if the government intervenes, and up to 30 percent if the government declines. The latter is an increasingly common occurrence thanks to litigation funders and lawyers willing to work on contingency.
Preventing Compliance Officers From Becoming Whistleblowers
To minimize the likelihood that a company’s compliance personnel become whistleblowers, the legal function and senior management should take three key actions. First, draft a strong employment contract for all members of the compliance function. It should include a strict confidentiality agreement specific to the types of information that the compliance officer will be privy to—the mere presence of which should deter whistleblowing. Second, the legal function should ensure that the compliance function specifically identifies communications that contain attorney-client privileged information, which generally cannot be used by the compliance officer as whistleblower, subject to some exceptions if there is a crime to be prevented. Often personnel either neglect to mark anything privileged, or as a protective matter they mark everything privileged. Neither of those are sufficient to identify actual privileged information. Companies also need to take the compliance function seriously. It’s not enough to simply hire compliance staff; there must also be an established process for identifying, reporting, investigating and addressing alleged wrongdoing. If compliance officers feel that senior management and the board of directors respect the department’s work and give timely and appropriate consideration to possible wrongdoing, it dramatically minimizes the likelihood that compliance professionals will blow the whistle on the company.
If Compliance Personnel Blow the Whistle
All it takes is one misstep for a company to find itself in a whistleblower situation. But if that whistleblower turns out to be a member of the compliance function, there are several ways to fight back and minimize the damage. For example, if a compliance officer shares confidential information with the government or in a qui tam case, the company should immediately raise the confidentiality agreement and breach of contract issues. A court may look less favorably on a whistleblower who took confidential information in violation of an employment contract. This is particularly true if the whistleblower took volumes of confidential information outside the scope of the alleged fraud, or if the whistleblower is seeking to use information subject to the attorney client privilege. This breach of contract can also be used to fight a whistleblower’s retaliatory dismissal case. The company may also be able to file a counterclaim if it suffered additional harm, such as the disclosure of trade secrets, as a result of the stolen confidential information. If the whistleblower is an attorney, it’s also worth investigating whether the individual violated state rules of ethics and professional responsibility regarding confidential and privileged information. Understand, however, that these rules may not apply if the compliance officer was not performing a legal role within the company. Bottom line: Companies should never lose sight of the fact that compliance officers may become whistleblowers. While confidentiality agreements can be used to a company’s advantage, taking allegations of fraud and wrongdoing seriously may be the best preventative medicine. A former false claims prosecutor for the Southern District of New York, Wendy Schwartz handles complex business disputes and internal and government investigations for significant multinational companies in the financial services, technology, life sciences and commodities trading arenas. She is a founding partner of New York City-based complex litigation boutique Binder & Schwartz.