Today we return to a subject of high importance to compliance officers: how to handle retaliation against yourselves — which, for better or worse, is a reality in this line of work.
Several weeks ago I wrote a post recounting the tales of the compliance professionals now suing their former employers, alleging retaliation after those CCOs raised misconduct concerns to senior management. Not only did that post get lots of attention; many of you then emailed me privately with more tales of retaliation you had suffered yourselves.
- One audit executive at a municipal agency, who had been investigating misconduct by the agency’s chief operating officer. In theory, that auditor reported directly to the board, but after the COO inquiries he was told his and the ethics officer’s job were to be reorganized under the general counsel “at the direction of the superintendent” (the COO’s boss). That audit exec found another job. The ethics officer sued and won a settlement, but is still unemployed.
- A compliance program manager who reported concerns about a new chief compliance officer. That CCO was subsequently removed, but senior leaders then stripped this person of his compliance duties: no more organizing compliance training, no duties over conflicts of interest or data privacy. It was retaliation for “revealing that the C-Suite was completely aware of the CCO’s misdeeds but looked the other way.”
- A compliance consultant who told me, “It’s all too common. Happened to me twice at [Company A] and [Company B]. Now I’m my own boss and I love it.” (I’m with the consultant on being your own boss.)
So how should a compliance or audit professional handle retaliation? When should you take your concerns to regulators, or contemplate a lawsuit against your employer? To explore those questions I spoke with Jason Zuckerman, a lawyer in Washington who represents whistleblowers in retaliation cases. You can hear the full podcast at the top of this post. Meanwhile, here are my impressions.
Specific Issues Trigger Retaliation
Most organizations and their senior leaders don’t don’t deliberately want to be an unethical organization. They don’t draw up business plans predicated on breaking the law and silencing critics.
Rather, they oppose some specific issue that the compliance officer raises, because that makes the company confront multiple business objectives suddenly brought into conflict.
That is, you might audit one specific business unit and discover myriad ineffective controls; or raise corruption concerns in one specific M&A deal that undermines the logic of the whole transaction; or you document one specific star employee’s pattern of sexual harassment. Then executives start opposing what you’re doing.
That’s when multiple business objectives clash. One of those objectives is commitment to ethical conduct; the other is achieving some desired performance goal. Suddenly the temptation to achieve a performance goal comes into much sharper relief, so the business tries to delay or defuse your point that ethical conduct is more important.
After all, few companies would flat out declare: “Yep, that’s misconduct and we’re fine with it.” They’ll begin by saying something closer to, “You’re wrong, it’s not that bad,” or “You don’t understand the full picture, and if you did you’d see that this isn’t an issue.” That’s the start of the slippery slope that eventually leads to retaliation.
So if you’re a compliance officer trying to avoid retaliation risk (because who needs that garbage in your life?) you need to assess the leadership’s commitment to ethical conduct. You need to discern whether that objective is a higher priority than the objective of hitting performance goals. You need to assess how strong that commitment to ethics is when the company is under pressure.
The When and How of Whistleblowing
Zuckerman brought up another retaliation question that’s especially important for compliance and audit professionals: Are you blowing the whistle on a clear violation of the law, or are you arguing that the company isn’t doing something as optimally as you would like?
If the issue is a violation of law, in a certain sense your path forward is easier: you need to speak up — including the prospect of going to regulators, if the company ignores or silences your concern — because not speaking up could lead to dire consequences later.
For example, if regulators, prosecutors, or plaintiff lawyers do hear about the misconduct and bring action against the company, one natural defense for the company will be to say that its compliance program was effective. In that case, prosecutors might start to wonder why the compliance program failed in this particular situation, and suddenly you’re getting hung out to dry.
More broadly, no matter what the company says in response to a violation of law, prosecutors will inevitably ask, “Where was the compliance officer when this happened?” So you need to document where you stood at the time.
Translation: when illegal acts are happening, copy the emails. Write a memo for the file, and take a copy home. Make contemporaneous notes. As Zuckerman said, “If you bring up a clear violation and the only response was, ‘You need to look away,’ then you need to make it clear where you stood.”
On the other hand, if no clear violation of law happened, the argument is more about how much attention some issue should receive from management. That’s a lot harder to navigate. For example, if you’re raising concerns about the appropriate number of internal controls for a financial process, what’s “reasonable” to which parties? What happens if you’re overruled by the CFO or the audit committee?
We cover all those points in the podcast, plus more specific issues around whistleblower protections under Section 806 of the Sarbanes-Oxley Act, Section 922 of the Dodd-Frank Act, and even potential avenues under state law.
None of this is easy for compliance officers. Then again, if you want one sign of reassurance — on Tuesday a federal appeals court upheld an $8 million judgment in favor of the ex-general counsel of Bio-Rad, who claimed he had been fired for raising concerns about possible FCPA violations at the company.