by Stephen Kohn
Consequently, whether or not an employee should contact a hotline should be carefully planned, monitored, and independently judged. These programs are inherently conflicted. They empower the fox to police the chickens. But they also can put the company on the spot. On the one hand they can force the company to live up to its commitment to transparency and accountability; on the other hand they can be used as a tool to cover up misconduct and gather evidence to destroy a whistleblower. The burden is on a company to demonstrate that its internal compliance program is truly independent, and that it will aggressively protect the employee. Today, most programs do not meet this standard. Programs managed by a company’s general counsel cannot meet this standard. The burden is on the company to establish corporate governance procedures that are truly independent and will work, not just on paper but also in practice.
The Traps
But can a company properly investigate its own wrongdoing? What is the cost of compliance? What happens when it is cheaper to violate the law than to adhere to unpopular or overly burdensome regulations? What if the top managers are responsible for the crimes?
Case in point, Houston Lighting and Power Company and its subcontractor, EBASCO Constructors, Inc. In the 1980s Houston Lighting was investing millions in the construction of two nuclear power plants, known as the South Texas Project. One of the main companies hired to actually build the plant was EBASCO. The South Texas Project was plagued by regulatory violations, building delays, and cost overruns. They were under heightened regulatory scrutiny. In response to these pressures, Houston Lighting established an “independent” internal compliance program known as SAFETEAM. SAFETEAM was given the authority to receive and investigate safety complaints filed by employees. Houston Lighting and EBASCO heavily promoted the program. As a Department of Labor review concluded, “postings about SAFETEAM” were “quite visible” throughout the plant, and employees were strongly encouraged to contact this “independent” safety program.
On its face, the SAFETEAM program was very reasonable and operated in a manner consistent with most “hotlines” and corporate employee concern programs. It offered employees a safe haven to raise concerns, and it promised a full and objective investigation into safety violations. What company would not want to promote safety and compliance with regulatory rules? What company would want its nuclear power plant to have an accident?
Just ask Ronald J. Goldstein. He would know. Goldstein was hired by EBASCO as a craft supervisor at the South Texas Project. In the summer of 1985 he identified serious safety problems onsite, including the failure of project managers to follow “correct safety inspection procedure(s),” the “falsification of documents,” the failure of employees to “issue non-conformance reports on safety problems,” and “serious” quality control violations that impacted systems “critical” for the safe construction of the plant. Consistent with company policy, Goldstein reported his concerns to SAFETEAM, the “independent safety organization.”
But what Houston Lighting and EBASCO did not tell their employees was that the company did not believe reports to its SAFETEAM program were legally protected. In other words, they believed they could fire employees who raised safety concerns with SAFETEAM. Goldstein learned the hard way. After raising his concerns with SAFETEAM, he was fired.
In the beginning everything went according to plan. He filed a whistle-blower complaint under federal law with the U.S. Department of Labor. After a hearing the DOL ruled that Goldstein’s termination was illegal. The DOL found that Goldstein’s reports to SAFETEAM were protected activities. How could they not be? He raised safety concerns to a responsible “independent” organization designed to investigate and fix problems in order to ensure that the nuclear plant was safe. The judge ordered that Goldstein be reinstated with full back pay. He also awarded compensatory damages for emotional distress and attorney fees and costs. His employment record was cleared up, and references to his termination were expunged.
Lynn Martin, President George W. Bush’s secretary of the DOL, affirmed the judge’s ruling. She ruled that SAFETEAM was “an organization established by Houston Lighting and Power Company to receive and investigate allegations of safety and quality violations” and that “reporting violations” to SAFETEAM was therefore “protected activity.”
The company appealed to the U.S. Court of Appeals for the Fifth Circuit, arguing that SAFETEAM was simply an internal management program and that in order to be legally protected, employees had to contact government regulators. According to the company, Goldstein’s case had to be dismissed because his complaints to SAFETEAM were not covered under the federal nuclear whistleblower law. Obviously this limitation was not presented in any of the literature or “posters” that encouraged employees to report safety concerns to SAFETEAM. Who would contact a hotline program if the propaganda encouraging such contacts also told employees they could be fired simply for making a hotline disclosure!?! Indeed, reading the company propaganda, one would readily expect that employees who filed such allegations would be rewarded, not punished.
Incredibly, the appeals court agreed with the company. The court reversed Secretary Martin’s ruling and concluded that the federal nuclear safety whistleblower law did not protect employees who made disclosures to SAFETEAM. According to the court, whistleblowers had to contact a government agency to be protected, and SAFETEAM, although marketed to employees as an independent safety program designed to investigate complaints, was, legally speaking, a sham. Contacts with the program offered no protection whatsoever, and companies were free to use these programs to identify whistleblowers and fire them.
Goldstein lost his right to back pay, compensatory damages, and attorney fees. He lost his right to work at the South Texas Project. His termination was upheld.
In the wake of the Goldstein decision, and other similar rulings stripping protection from employees who raised nuclear safety concerns with corporate-run programs, Congress amended the nuclear whistleblower law to explicitly protect such internal reports. But the precedent was set, and even today it is still uncertain whether reports to internal hotlines or compliance programs are fully protected. Where a statute explicitly protects such disclosures, the law is clear. But in the absence of such rules, contacting an internal hotline may result in retaliation that is outside the law’s protection.
In a sense, Houston Lighting and its contractor EBASCO won the legal battle. But ultimately they lost the war, as employee confidence in “hotlines” and compliance programs was seriously eroded.
At the Tennessee Valley Authority (TVA) another problem with hotline programs arose. TVA hired an outside corporation, the Quality Technology Company, to develop and operate an on-site “employee concerns program” that would investigate employee safety concerns and protect the confidentiality of any worker who filed charges with the program. The program worked, and the number of employees who filed credible safety issues “far exceeded the expectations” of TVA. Instead of welcoming this development, TVA upper management became concerned, and officials for the company actually complained that the Quality Technology Company was “finding too many problems.” One official went so far as to call the Quality Technology program a “cancer” that had to be “dealt with.” The solution: TVA terminated its contract with Quality Technology. All Quality Technology investigators lost their jobs, and TVA’s independent employee concerns program was ended. Quality Technology’s investigators filed a lawsuit claiming they lost their jobs in retaliation for performing a critical safety function for TVA, but their case was dismissed on legal technicalities.
Hotline programs are under no duty to help whistleblowers. They are voluntary programs, and the nature and extent of their “investigations” are outside of the control of the employee. There is no requirement that these programs offer employees complete or accurate information about their legal rights. In other words, the programs exist for the benefit of the government/corporation; they are not “legal service” programs for whistleb
lowers.
As an example, in 2010 a federal inspector general’s office published a brochure entitled “Fraud, Waste, and Abuse.” The pamphlet accurately set forth examples of how workers can identify fraud and had a section entitled “Common Fraud Schemes—What to Look for from Your Suppliers, Vendors, Contractors, or Subcontractors.” The flier had specific advice on how to report fraud allegations: “Contact” the Inspector General’s “Hotline.” It also had a page entitled “Whistleblower Protection” that set forth two laws designed to protect whistleblowers.
What was wrong with the flier? There was nothing wrong with what it said. The problem was what it did not say. The flier failed to mention the most powerful federal antifraud law, the False Claims Act. Under this law, whistleblowers not only can obtain protection from retaliatory discharge, they are also entitled to a reward based on any financial recovery obtained by the United States. In other words, if a whistleblower provided proof of a fraud to an Office of the Inspector General hotline, and the inspector general investigated the fraud and collected $10 million from the contractor in fines, what would the whistle-blower obtain? Nothing, except maybe a pink slip and the “right” to try to get your job back.
But under the FCA, the very same whistleblower (if he or she had properly filed the claim) would be entitled to 15 percent to 30 percent of the monies collected by the government as a reward for having the courage to “do the right thing.” The inspector general’s information materials failed to mention this most important law. The office wanted the information from the employee, but did not want the employee to file a proper claim for a reward.
Legislative Reforms
Government or corporate sponsored “hotlines” sometimes work as intended. For example, in 2008 Compliance Week published the results of a study of hot-line calls made over a five-year period in 650 various companies (small and large businesses engaged in various industries and services). The hotline programs handled 280,000 calls, determined that 65 percent of the allegations submitted warranted investigation, and concluded that in 45 percent of the investigated cases the whistleblowers’ claims were valid and corrective action was warranted. As these statistics and other studies demonstrate, hotline-initiated investigations of whistleblower complaints can be instrumental in weeding out fraud and vindicating the whistleblower.
But the failure of internal compliance programs became evident in 2001 and 2002. Wall Street was shocked by the overnight disintegration of two highly respected, multinational corporations that employed tens of thousands of workers and supposedly were worth billions upon billions of dollars. These two companies, Enron and WorldCom, imploded, literally, overnight. Their highly rated and expensive blue-chip stocks crashed in value, and the companies went bankrupt. What were once highly respected and powerful corporations became worthless; shareholders lost fortunes, including billions in retirement accounts. The losses were caused by good old-fashioned fraud—both criminal and civil. The managers of the companies were able to hide behind numerous complex financial transactions to deceive their investors and the public.
In each case there were whistleblowers who tried to identify and fix the problems in-house: Sherron Watkins at Enron and Cynthia Cooper at WorldCom. As in other cases, employees were in the best position to see what was happening and uncover potential violations. But in each case, after the frauds had their devastating impact on investors, it was painfully obvious that the companies lacked any reliable in-house compliance program capable of responding to legitimate employee concerns. In each case the entire network of internal and external auditors had failed to detect or report massive civil and criminal fraud. The whistleblowers were either ignored or harassed. In the case of Watkins, the company’s lawyers started to plot her termination—and like the lawyers who prevailed against Goldstein at the South Texas Project, they delighted in the fact that the law did not protect Watkins because she had only availed herself of internal reporting mechanisms.
As the Senate Judiciary Committee noted during its investigation of the scandals, there were no reliable “gatekeepers” who could “detect and deter fraud.” Instead, the company managers, lawyers, and accountants “brought all their skills and knowledge to bear” “covering up” the frauds. These shortfalls prompted Congress, in 2002, to enact the historic Sarbanes-Oxley Act. Key aspects of the reform legislation were statutory mandates for internal compliance programs.
Although a modest start, for the first time Congress enacted mandatory rules governing internal compliance programs. First, every publicly traded corporation was required to establish, by law, an independent “audit committee.” The committee was required to create procedures for the “receipt, retention, and treatment of complaints” filed by employees with the audit committee.
Second, the audit committee was also required to establish internal employee concerns programs that would permit any employee to file “confidential” or “anonymous” complaints “regarding questionable accounting or auditing matters.” In other words, every publicly traded corporation was mandated to create procedures that would protect the identity of employees who reported allegations of stock or accounting fraud to the audit committee. Because it is often easy to identify a whistleblower based on the nature of the allegations filed (often a supervisor knows which employee reported him or her to the authorities based on the nature of the concerns and which employees would have knowledge of those concerns), companies were required to create safeguards to prevent the identification of employee whistleblowers.
Third, Congress also enacted an antiretaliation law that specifically ensured that employee complaints raised with an audit committee would have the same legal protections as complaints raised directly with government regulators. In the context of corporate whistleblower disclosures protected under the SOX law, the dilemma faced by Goldstein based on his contacts with SAFETEAM were statutorily fixed. Internal disclosures were explicitly included in the legal definition of a protected disclosure.
But the SOX law did not go far enough. Corporate law firms worked endlessly to find loopholes in the law, and some companies even fired their chief compliance officers after they identified too many problems. In the end, it is often impossible for a company to balance the legal requirement to encourage (and protect) internal disclosures of misconduct, while at the same time trying to promote the stock value of a company. The pressure to hide bad news from investors is often impossible to overcome, and firing a whistleblower may be a much cheaper alternative than risking the fallout from the investor community.
On June 30, 2008, the “Close the Contractor Fraud Loophole Act” was signed into law. The act—just a few sentences added onto a large appropriations bill—barely scratched the surface of attacking fraud in U.S. government contracting. Its main purpose was to require the Federal Acquisition Regulatory Council to enact new rules that would require government contractors to create truly effective internal compliance programs. This time the target was large government contractors (companies that obtained government grants or contracts of $5 million or more).
Five months later the Council amended the Federal Acquisitions Regulations (FAR) and published new rules for corporate internal compliance programs designed to finally close the loopholes in the sentencing guidelines and SOX.
These rules, although only mandatory in the context of corporations that engage in large government contracting, ultimately set forth the framework for an effective internal compliance program. The main requirements included the following:
• Mandatory Disclosures. All contractors and grant recipients (regardless of the $5 million threshold that applies to other parts of the act) can be debarred or suspended from all government contracting if they fail to “timely disclose” to an inspector general “credible evidence” of a “violation of Federal criminal law involving fraud, conflict of interest, bribery, or gratuity violations” or any violation of the “civil False Claims Act.”
• Code of Ethics. Contractors are requir
ed to have a “written code of business ethics and conduct” made available to every employee who works under a government contract.
• Culture of Compliance. Contractors must “exercise due diligence” in order to “detect” and “prevent” criminal conduct and must “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”
• Internal Compliance Program. Contractors must establish a compliance and an ethics program. All employees, contractors, and subcontractors must obtain training in these programs.
• Internal Control System. The government contractors must establish procedures to “facilitate” the “timely discovery of improper conduct in connection with Government contracts” and procedures that “ensure corrective measures are promptly instituted.”
• Employee Hotline. The rule mandates an “internal reporting mechanism, such as a hotline, which allows for anonymity or confidentiality by which employees may report suspected instances of improper conduct.”
Unfortunately, even these aggressive new rules did not fully fix the problems. They continue to parcel out compliance. Government contractors do not need to report all criminal violations—just those that immediately impact their contract. The ethics code only needs to be provided to employees working under the government contract. The mandate for an “ethical” work “culture” only applies when employees are performing work under a federal contract. The “internal control system” only monitors misconduct and violations of law related to the contract. The compliance rules do not apply to violations of other federal laws, such as federal environmental statutes, federal worker safety statutes, or consumer safety laws. Thus, a company can have two compliance programs—a substandard program filled with loopholes and conflicts governing violations of federal law and public safety, and another program, narrowly tailored just to monitor government spending. Workers who contact the hotline would bear the risk that they call the right phone number.