What Drives ‘Open Secrets’
So there I was this week, attending the annual conference of the Association of Certified Fraud Examiners in Texas. ACFE had asked me to moderate a keynote interview with Tyler Shultz, the immensely brave employee who endured personal and professional pressure to blow the whistle on Theranos.
You might already know the tale. Shultz, 28, worked at Theranos in 2013. He saw all sorts of nuttiness there: shouting matches, threatening emails, sudden firings, sky-high employee turnover, and bitter jokes about Theranos’ supposedly transformational blood-testing technology, which never actually worked.

Shultz
Eventually Shultz became a source for the Wall Street Journal, which published devastating articles in 2015 that exposed Theranos for the fraud that it was. The company collapsed, and its founder — the young, stunning, and charismatic Elizabeth Holmes — now awaits criminal trial. The Wall Street Journal landed a Pulitzer Prize for its work, which led to the book Bad Blood by reporter John Carreyrou, which every compliance and audit professional should have on your shelf.
Anyway, Shultz and I were on stage and he recounted his time at Theranos. I asked a bit about working with Holmes, and how Shultz tried to raise his concerns with regulators.
Then I asked about talk within the company, among Shultz and his coworkers, about the shortcomings at Theranos. So often compliance officers hear about poor corporate culture as a warning sign — so, I asked, what was that like at Theranos? Did he and his coworkers ever turn to each other and simply ask, is this place nuts?
“Well, yeah,” Shultz said, in a tone that almost suggested the answer should be self-evident. He paused for a minute and then continued, “It was almost like an open secret.”
Tyler Schultz, Theranos whistleblower, bringing it this morning as he lays out the fraud at Theranos. #fraudconf #@TheACFE pic.twitter.com/bO1viUD8re
— Brian H (@thinbluebbq) June 25, 2019
And there it is, fellow travelers in corporate compliance. That short-hand phrase for something that should drive us all crazy.
Open secrets.
Speaking Without Speaking Up
As soon as Shultz said those words my mind raced to Harvey Weinstein, movie mogul and all-around-jackass who sexually assaulted women for decades. Everyone in Hollywood knew, and nobody spoke up. His misconduct was an open secret.
We could say the same for KPMG and its scandal of auditors cheating on CPE exams. We could say it for any number of FCPA settlements, where executives in some far-flung operating unit paid bribes to foreign government officials and seemingly everyone in that far-flung unit knew. We could find many other examples, I’m sure.
Open secrets, everywhere.
Open secrets drive me batty specifically because they aren’t secrets. Everybody speaks about them, yet nobody speaks up about them, to the ethics and compliance function or some other senior executive who could put a stop to the misconduct.
Why? I have a few thoughts.
First, employees won’t speak up about misconduct if they believe nobody in senior ranks will care. Shultz, for example, reported his fears about Theranos to medical regulators in the state of New York. During our interview, I asked him what happened after he made that report.
“As far as I know, nothing,” he said.
Only later did Shultz respond to an inquiry from Carreyrou, the Wall Street Journal reporter — and Carreyrou, Shultz said, was more than happy to hear what Shultz had to say. Yes, they used burner phones bought with cash, and took many other protective steps too; but fundamentally, Carreyrou cared about what Shultz had to say. So Shultz kept on talking.
Second, employees need to see that some other locus of power exists in the organization, that can address their concerns. After all, what’s the point of calling the whistleblower hotline, and even having detailed conversations about misconduct with the ethics and compliance officer, if that CCO can’t then do anything about it?
Employees generally want to work at ethical organizations, and want to see their companies succeed. At the same time, however, employees fear powerful managers with a mean streak — and that manager is the immediate threat. That’s the threat they see every day.
So the company, somehow, needs to protect employees from that threat. Anti-retaliation policies help, but let’s not kid ourselves: they’re only policies. Employees (and powerful managers with a mean streak) need to see action taken, and the only ones who can take action against powerful managers are other powerful managers.
Where Power Resides
In an organization like Theranos, where the problem manager is a charismatic CEO like Holmes, that other locus of power must be the board. Perhaps that’s why Holmes painstaking cultivated a terrible board, filled with old men who apparently were suckers for a cute blonde with a good story.
You can see a positive example of this idea from Cognizant Technologies, which settled an FCPA case earlier this year that avoided a criminal charge even though two of Cognizant’s senior executives committed the offenses.
Why did Cognizant avoid a criminal charge? Because the board self-reported the misconduct right away. Why the board self-report? Because it had high ethical standards, and the power to decide to self-report. Not every board can say as much.
So ask: Do employees believe we care about corporate misconduct? Have they seen us demonstrate that commitment? Does someone in the organization have the power to make those demonstrations, and make them stick?
If you do, good. You’re on your way to closing down those open secrets.