How Does Your Organization Treat Whistleblowers?

by Thomas Fox

As almost everyone knows, Lance Armstrong spoke for the first time about his performance enhancing drug (PED) use recently on Oprah. On the first night he admitted for the first time that he used PEDs during his seven wins at the Tour De France. The title of my colleague Doug Cornelius’ piece in Compliance Building really said it all in his article “Lance Armstrong – A Lying Liar Just Like Madoff”. Cornelius said “What caught my attention about the Armstrong interview was the window into the mind of a pathological liar. Armstrong had been telling the lie over and over and over. He lied to the public. He lied to the press. He lied to cancer survivors. He lied under oath.”

One of the areas which came up for me was how the people who blew the whistle on Armstrong’s use of PEDs before his admission were treated and how Armstrong subsequently treated them. Armstrong admitted that he was a ‘bully’ to those who said, hinted, or even implied that he had taken PEDs. He attacked ex-teammates; wives of ex-teammates and even a masseur who saw him take such substances. He put on an aggressive PR campaign for the better part of the past decade, to which the wife of ex-Tour De France winner Greg LeMond said “I can’t describe to you the level of fear that he brings to a family.”

While I would hope that most American and European companies have moved past the situation where whistleblowers are ostracized or worse threatened, one can certainly remember the GlaxoSmithKline (GSK) whistleblower Cheryl Eckard. A 2010 article in the Guardian by Graeme Wearden, entitled “GlaxoSmithKline whistleblower awarded $96m payout”, he reported that Eckard was fired by the company “after repeatedly complaining to GSK’s management that some drugs made at Cidra were being produced in a non-sterile environment, that the factory’s water system was contaminated with micro-organisms, and that other medicines were being made in the wrong doses.” She later was awarded $96MM as her share of the settlement of a Federal Claims Act whistleblower lawsuit. Eckard was quoted as saying, “It’s difficult to survive this financially, emotionally, you lose all your friends, because all your friends are people you have at work. You really do have to understand that it’s a very difficult process but very well worth it.”

More recently there was the example of NCR Corp., as reported in the Wall Street Journal (WSJ) by Christopher M. Matthews and Samuel Rubenfeld, in an article entitled “NCR Investigates Alleged FCPA Violations”, who stated that NCR spokesperson Lou Casale said “While NCR has certain concerns about the veracity and accuracy of the allegations, NCR takes allegations of this sort very seriously and promptly began an internal investigation that is ongoing,” regarding whistleblowers claims of Foreign Corrupt Practices Act (FCPA) violations. In a later WSJ article by Matthews, entitled “NCR Discloses SEC Subpoena Related to Whistleblower, he reported that NCR also said “NCR has certain concerns about the motivation of the purported whistleblower and the accuracy of the allegations it received, some of which appear to be untrue.”

Lastly, is the situation of two whistleblowers from the British company EADS. As reported by Carola Hoyos in a Financial Times (FT) article, entitled “Emails tell of fears over EADS payments”, Hoyos told the story of two men who notified company officials of allegations of bribery and corruption at the company and who suffered for their actions. The first, Mike Paterson, the then financial controller for an EADS subsidiary GPT, internally reported “unexplained payments to the Cayman Island bank accounts for Simec International and Duranton International, which totaled £11.5M between 2007 and 2009.” Hoyos reported that Paterson was so marginalized in his job that he was basically twiddling his thumbs all day at work.

The second whistleblower was Ian Foxley, a retired British lieutenant-colonel, who had joined the company in the spring of 2010 stationed in Saudi Arabia, to oversee a £2M contract between the British Ministry of Defence (MOD) and the Saudi Arabian National Guard. In December 2010, Foxley discovered some of the concerns which Mike Paterson had raised. According to Hoyos, “The morning after he discovered Mr. Paterson’s concerns he assessed the emails that Mr. Paterson had told him he had written over the previous three years.” This led Foxley to flee Saudi Arabia with documents of these suspicious payments, which he has turned over to the Institute of Chartered Accountants and the UK Serious Fraud Office (SFO).

What does the response of any of these three companies say about the way that it treats whistleblowers? Is it significantly different from the bullying Armstrong admitted he engaged in during his campaign to stop anyone who claimed that he was doping? While I doubt that companies will ever come to embrace whistleblowers, the US Department of Justice’s (DOJ’s) recent FCPA Guidance stated that “An effective compliance program should include a mechanism for an organization’s employees and others to report suspected or actual misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation.” However, by marginalizing, attacking or even making a whistleblower fear for their life, such actions can drive a whistleblower to go the DOJ, Securities and Exchange Commission (SEC) or SFO. The Guidance recognized that “Assistance and information from a whistleblower who knows of possible securities law violations can be among the most powerful weapons in the law enforcement arsenal.”

So what is the compliance professional to make of the Armstrong confession and how can it be used for a compliance program? A recent White Paper, entitled “Blowing the Whistle on Workplace Misconduct”, released by the Ethics Resource Center (ERC) detailed several findings that the ERC had determined through surveys, interviews and dialogues. One of the key findings in this White Paper was that that a culture of ethics within a company does matter. Such a culture should start with a strong commitment to ethics at the top, however it is also clear that this message must be reinforced throughout all levels of management, and that employees must understand that their company has the expectation that ethical standards are vital in the business’ day-to-day operations. If employees have this understanding, they are more likely to conduct themselves with integrity and report misconduct by others when they believe senior management has a genuine and long-term commitment to ethical behavior. Additionally, those employees who report misconduct are often motivated by the belief that their reports will be properly investigated. Conversely, most employees are less concerned with the particular outcome than in knowing that their report was seriously considered.

This is the ‘Fair Process Doctrine’. This Doctrine generally recognizes that there are fair procedures, not arbitrary ones, in a process involving rights. Considerable research has shown that people are more willing to accept negative, unfavorable, and non-preferred outcomes when they are arrived at by processes and procedures that are perceived as fair. Adhering to the Fair Process Doctrine in two areas of your Compliance Program is critical for you, as a compliance specialist or for your Compliance Department, to have credibility with the rest of the workforce.

In this area is that of internal company investigations, if your employees do not believe that the investigation is fair and impartial, then it is not fair and impartial. Furthermore, those involved must have confidence that any internal investigation is treated seriously and objectively. One of the key reasons that employees will go outside of a company’s internal hotline process is because they do not believe that the process will be fair.

This fairness has several components. One would be the use of outside counsel, rather than in-house counsel, to handle the investigation. Moreover, if company uses a regular firm, it may be that other outside counsel should be brought in, particularly if regular outside counsel has created or implemented key components which are being investigated. Further, if the company’s regular outside counsel has a large amount of business with the company, then that law firm may have a very vested interest in maintaining the status quo. Lastly, the investigation may require a level of specialization which in-house or regular outside counsel does not possess.

Phrasing it in another way, Mike Volkov, writing in his blog Corruption, Crime and Compliance, in an article entitled “How to Prevent Whistleblower Complaints”, had these suggestions: (1) Listen to the Whistleblower – In dealing with a whistleblower, it is critical to listen to the whistleblowers concerns. (2) Do Not Overpromise – At the conclusion of an initial meeting with a whistleblower, the company representative should inform the whistleblower that the company will review the allegations, conduct a “preliminary” investigation and report back to the whistleblower during, or at the conclusion of, any investigation. (3) Conduct a Fair Investigation – Depending on the nature of the allegations, a follow up inquiry should be conducted. The steps taken in the investigation should be documented.

I would add that after your investigation is complete, the Fair Process Doctrine demands that any discipline must not only be administered fairly but it must be administered uniformly across the company for the violation of any compliance policy. Simply put if you are going to fire employees in South America for lying on their expense reports, you have to fire them in North America for the same offense. It cannot matter that the North American employee is a friend of yours or worse yet a ‘high producer’. Failure to administer discipline uniformly will destroy any vestige of credibility that you may have developed.

Lance Armstrong has and will continue to provide the ethics and compliance practitioner with many lessons. You can use his treatment of whistleblowers as an opportunity to review how your company treats such persons who make notifications of unethical or illegal conduct. With the increasing number of financial incentives available to persons to blow the whistle to government agencies, such as the SEC under the Dodd-Frank Act, it also makes very good business sense to do so.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.