Whistleblower Windfall: Why Dodd-Frank Provisions Should Concern You
In October 2010, a former GlaxoSmithKline employee received $96 million for reporting on her employer as part of $750 million paid to settle a manufacturing fraud case. It was the largest payment ever in a “whistleblower” case.
Can your workers get rich by reporting on you? In a nutshell, yes. The Dodd-Frank Wall Street Reform and Consumer Protection Act, enacted in July 2010, includes new whistleblower provisions designed to encourage employees to report securities laws violations to the Securities and Exchange Commission (SEC). Workers stand to gain a big payout by spilling the beans on their employers.
What’s more, the whistleblower provisions don’t apply to only public companies. Every non-public company is also at risk, because the provisions apply to any potential securities violation.
Perhaps the most potentially damaging result of such payouts is the fact that the potential windfalls are likely to discourage workers from reporting internally to their supervisors or officers of the company. And by going directly to the SEC, they will deny their employer the opportunity for internal investigation—and the chance to set things right.
You’ve put a lot of work into your internal corporate compliance programs. How can you protect them from being bypassed—and your company from taking a huge hit? With final decisions on Dodd-Frank Whistleblower Provisions due to arrive in April 2011, the work for internal compliance departments must begin now. Here are a few tips to get started:
Ensure that employees don’t fear retaliation for reporting potential violations. A big reason workers may go directly to the SEC is the very real fear that they could be fired for reporting a wrongdoing to a supervisor—who will then take it to the top. Review your compliance policies and procedures and makes sure that all of your managers support a policy of non-retaliation.
Treat all claims the same, regardless of who is accused of misconduct. Make the message clear that any report of a potential violation will be treated with the utmost seriousness, and that no one—no matter how high up in the organization—is immune to being investigated if necessary.
Consider creating an anonymous tip hotline. This will provide employees with the opportunity to discuss what they may perceive to be a violation without fear of recrimination or retaliation. Indeed, discussing it first with a knowledgeable hotline professional may reveal that a violation may not have occurred after all.
Get compliance and human resources staffers working together. If any HR or personnel action is about to be commenced against an employee who has reported in the past about a possible violation, both compliance and HR must be involved. Even if the HR action has nothing to do with the report, it is important to ensure that the individual cannot make a claim of retaliation.
Awards for reporting fraud hit a record high of $385 million in the 12 months ended September 30, 2010, according to the U.S. Justice Department. That total was an increase of nearly 50 percent from the previous year. There’s no doubt that the Whistleblower Provisions are already having an impact on U.S. businesses. By acting proactively and taking precautions now, you can help protect your company’s future.
Why You Need a Company Spokesperson
It may start out as something small—a single disgruntled customer who goes public with their grievance, or a false rumor started by a competitor. But when the media gets wind of a potential news story, it can quickly get out of hand. The lightning-fast pace of news today—with up-to-the-minute postings on Internet news Web sites and blogs—means a story can spread like wildfire. Journalists looking for a juicy story can severely damage your organization’s bottom line for years to come—unless you get proactive before an incident occurs.
The biggest source of news leaks to the media is often a current employee caught unaware who inadvertently spills the beans. That’s why you need to appoint a company spokesperson, and allow that person—and only that person—to speak to reporters.
The spokesperson doesn’t have to be a high level executive. They simply need to be calm, cool, competent and extremely knowledgeable about the firm. Their task is to present a professional "face" and consistent message for the company to the media and the public at large.
The ideal spokesperson should also:
- Be available. Don’t appoint someone in the organization who is constantly traveling or in meetings. If the media can’t reach that person, their frustration may lead them to portray your firm as being evasive.
- Be personable. You want someone who is outgoing and able to get along with people—including hostile or aggressive reporters—and is also articulate.
- Be concise. Articulate is one thing. “Talky” is another. A spokesperson should be able to summarize what they want to say about the company in one minute or less.
- Be truthful. They should never say anything untrue of something they are not 100% sure about—because it will come back to haunt them (and your company). If they aren’t sure of an answer to a question, they should tell the reporter they will call them back—after they have time to research and prepare their response.
- Think on their feet. The spokesperson should not only know your company inside and out—but also your entire industry. This will help them anticipate “industry trend” questions before they are asked.
- Return phone calls. Whether it is ABC News or the Podunk Press calling, the spokesperson should treat each and every reporter with courtesy. That means returning phone calls in a reasonable amount of time. Anything over 12 hours is excessive and makes your firm appear rude, unprofessional or both.
Consider media training
Once you’ve selected your spokesperson, consider sending him or her to a media training session. Any kind of hesitation or lowered eyes can send the message that the person isn’t telling the truth. Media training—offered by outside public relations firms and professional associations—can assist in the areas of body language, tone of voice, and overall composure. A session or two of media training—in which PR professionals may play the part of reporters, firing questions at the spokesperson while videotaping the session—will give your spokesperson confidence on camera.
HIPAA and HITECH - New Rules and Risks
Health care has always been a businesses seated in one-on-one interaction and communication: a doctor would never diagnosis an illness over the phone, and regulations limit even the advice a physician can provide via email. But the same federal mandate that enforces those limitations -- the Health Insurance Portability and Accountability Act, also known as HIPAA -- recently received an update, a move that simultaneously encourages movement into an increasingly paperless world and while at the same time enhances the regulations and responsibility on both medical practitioners and their colleagues.
The Health Information Technology for Economic and Clinical Health Act (HITECH), a part of the 2009 stimulus effort, encourages medical offices to switch to electronic medical records, even offering refunds to those offices that do and meet certain criteria. It also keeps privacy rule front of mind. Now not only are medical offices required to uphold the security provisions set fort in HIPAA, but business associates such as CPAs, attorneys and brokers are, as well. The act also enhanced the procedure for notifying the Department of Health and Human Services and the Federal Trade Commission of a breech in privacy.
These new regulations don’t come without cause. According to the Department of Health and Human Services’ Health Information Privacy/Security Alert, 58,119 HIPAA violation complaints were filed between April 2003 and January 2011. Between only January 18 and February 17, 2011, 25 breaches were reported, effecting more than 500 patients. Through investigations, it was determined the largest issues were impermissible use of patient protected health information (PHI) and lack of safeguards.
The HITECH Act, in part, attempts to control this issue by better monitoring both who is in access of sensitive information and how potential breaches are reported. While these rules went into effect over the course of 2010, and the final rules on some components are still being debated, many businesses that fall into that “associate” role are struggling to understand all the implications and what changes they need to make. For example, some security safeguards that businesses dealing with PHI and electronic medical records are expected to put in place aren’t required, but suggested, a determination to be made based on an initial risk assessment. That assessment will determine that provisions are necessary, and you can explain why those processes passed over would not work for that company should an auditor come your way. While that gives executives flexibility, it also can lead to potential missteps.
The new rules also place the regulations not only on the associate businesses, but on any contractors or consultants they employ. And since the responsibility to ensure those workers have complied with the security rules is put on the associate business itself, this creates more work, either in the form of auditing contractors or bringing such work in-house.
Based on the original HIPAA rules, the consequences of breaking one of the privacy or security rules was serious. A non-compliant business and its employees could receive civil penalties of a $100 fine per violation per person, up to $25,000 for the same violation. You could also see criminal penalties -- up to a $50,000 fine and one year in prison, or both, for anyone who knowingly releases information; up to a $100,000 fine, five years in prison, or both, for releasing information under false pretenses, and up to a $250,000 fine, ten years in prison, or both, for using information for commercial or personal gain or malicious harm.
HITECH only ups the stakes. Now, businesses, both medical centers and their business associates, can face up to $1.5 million in fines for multiple violations of a single requirement in a calendar year. One of the first major penalties was just handed down when Cignet Health was fined $4.3 million for not only being non-compliant, but then refusing to cooperate with an investigation.
While the is process daunting and the ramifications dear, ensuring your company is HIPAA and HITECH compliant isn’t impossible. Educate yourself and employees on the basic rules, run regular risk assessments to ensure all potential areas of breach are covered and enforce those rules that apply.
Age Discrimination in Hiring
It’s a scenario that’s increasingly frequent these days. A 50-something professional applies for a job. He carefully crafts a resume that shows many years of solid and impressive employment—yet omits his college graduation date. He is called in for an interview, which goes very well. Then he waits by the phone…and waits.
Ten or 15 years ago, adults over 50 who lost their jobs could generally find employment after a serious job search. Today, they can barely get a foot in the door for an interview. And when they do, it’s their gray hair—and not their skill set—that often generates the most attention.
Unemployment for people age 55 and older rose from 3 percent in November 2007 to 7.3 percent in August 2010, according to the U.S. Department of Labor. Many of these unemployed workers are adrift at a time when they were counting on a decade more of paychecks until retirement.
The Age Discrimination in Employment Act (ADEA) of 1967 prohibits employers with 20 or more employees from discriminating against employees or applicants on the basis of age. Individuals must be at least 40 years of age to be covered by the ADEA. A full text of the ADEA is here: http://www.eeoc.gov/laws/statutes/adea.cfm
While ADEA is supposed to protect workers, it was written during the “pension era”—when many older workers could remain with one company their entire careers and few were pounding the pavement. Many employers today believe that while it’s illegal to make hiring decisions based on race or gender, doing so on the basis of age is entirely acceptable. They count on the fact that few rejected job applicants have access to the required proof that they were indeed passed over because of their age. Thus, companies aren’t too worried about leaving older applicants out in the cold—despite the fact that age discrimination is illegal.
That picture may soon change. Age discrimination may become easier to prove and result in harsher penalties.
On November 17, 2010, the Equal Opportunity Commission (EEOC) held a hearing on the plight of older workers in the current economy. They noted that the number and percentage of age discrimination charges filed with the EEOC has risen from 16,548 charges (21.8 percent of all charges) filed in fiscal year 2006 to 22,778 (24.4 percent) in fiscal year 2009.
As a result of the hearing, there’s an indication that tougher enforcement of the ADEA may soon follow. Companies who don’t want age discrimination lawsuits should make sure they hire based on skills and experience alone. For more on the hearing, and for employer best practices, click here: http://www.eeoc.gov/eeoc/meetings/11-17-10/index.cfm
Misuse of Company Property Series - Abuse of Company Expense Accounts Hiring
When the popular chief executive of a global Fortune 100 company was ousted by its Board of Directors this summer for allegedly filing inaccurate expense accounts, the message was clear: companies are becoming increasingly concerned about compliance and ethical behavior.
As organizations continue to tighten their belts in touch economic times, expense account recklessness is not taken lightly. To the employee abusing an expense account, the first offense can seem harmless enough—a $40 lunch with a friend that is written off as a “business meeting.” Yet abuse of company expense accounts can lead to major headaches—especially if the company gets audited as a result.
The Internal Revenue Service has stringent rules about expense accounts which all businesses must follow. It permits companies to steer clear of payroll taxes on reimbursements or allowances in situations in which the employee expense has a clear business connection, has accounted for it in a reasonable time period, and has given back any leftover allowance within a reasonable time period. If any of those steps are discovered to have been disregarded, it’s a red flag.
In addition, expense account abuse can tell a lot about an employee’s ethics and character. In essence, they’re stealing from the company—with no remorse about doing so. That’s not a character trait you want in a long-term employee. That’s why it’s so important for employers to watch for warning signs. They might include:
* Inflated travel expenses, such as a $30 cab ride over a $10 distance
* Charging for items used for personal reasons (such as gas, toiletries or groceries)
* Seeking reimbursement for items never purchased (client gifts, office supplies, etc.)
* Adding tips to reimbursement claims when they were already included in the bill
* Tuition reimbursement claims for classes never taken or seminars not attended
* Keeping unused cash advances
Make sure your company has clear guidelines about expense accounts. Spell out what exactly is an allowable expense and what the reimbursement policies are. The IRS has many stipulations that must be followed. For example, employees must return unused advances within 120 days after paying or incurring an expense. Establish categories of expenses the company will not cover, such as alcohol or clothing.
If expense limits must be changed due to economic conditions, be sure to clearly communicate what those new limits are. Finally, lead by example. Set the tone from the top—by requiring the highest level executives in the firm to abide by the same rules as everyone else.