Compliance officials have a great deal to worry about. They are judged by results and loaded with stress over the latest changes in government guidance documents and internal budget pressures. They need to continually update their programs to stay abreast of those developments, including revisions that target in-house processes to encourage disclosures from whistleblowers. Failure to provide for such revisions places both a company and individuals at risk
Whistleblower Protection Expanded and Includes Rewards
In response to the financial crisis of 2007–2008, Congress passed the Dodd–Frank Wall Street Reform and Consumer Protection Act in July 2010 (the “Act”). This legislation recognized that many of the ills that sunk the financial system could have been mitigated, if not prevented, if people “in the know” had spoken out. It was also acknowledged that many people refrain from speaking out when doing so could result in retaliation and a loss of their jobs.
PRODUCT FOCUS: ALL BIOLOGICS
PROCESS FOCUS: MANUFACTURING
WHO SHOULD READ: OPERATIONS, MANAGERS, LEGAL, HUMAN RESOURCES
KEYWORDS: RISK MANAGEMENT, COMPLIANCE, FDA, STAFFING
The Act codified certain financial incentives to encourage people to blow the whistle while imposing additional protections for whistleblowers. Because the ultimate goal is compliance and not punishment, legislators included other incentives within the process. They also ensconced enforcement in the Securities and Exchange Commission (SEC).
The SEC subsequently adopted rules that provide for a “whistleblower’s reward” to be given to people who notify it of compliance issues — even for circumstances in which internal corporate-reporting systems have not been used by the employee. For example, an employee who tells the SEC about a publicly traded pharmaceutical company’s illegal promotion of off-label uses of its drugs can receive up to 30% of a subsequent settlement of the allegations. With settlements in the high millions and even billions, the reward serves as a wake-up call to corporate America.
Likewise, the rules apply to broker-dealers and investment advisers. Even private entities could be subject to these rules if they seek to raise capital under certain federal Securities Act provisions.
As with any rule, there are exceptions that might prevent a whistleblower from being rewarded. There are also provisions that prohibit certain staff members (attorneys, directors, officers, compliance staff, and internal audit personnel) from making disclosures for 120 days. That’s intended to allow a company time to address any problems raised to those personnel. But the main points for corporate compliance professionals are that both incentives and protections have been enhanced.
Similarly, the federal False Claims Act (passed in 1863) makes it illegal to knowingly present a false or fraudulent claim for payment. Liability can bring a penalty imposed by the government — on a per-claim basis plus treble damages — or qui tam action. The latter involves a suit by a relator (a whistleblower), who brings a fraud action on behalf of the government and is allowed to keep a portion of damages recovered. Recent changes to the False Claims Act allow relators to sue based on a broader class of publicly disclosed information than previously had been the case.
Other statutes, such as the antikickback law, also can trigger a whistleblower’s claim. That law makes it illegal to induce someone to purchase an item or service for which reimbursement can be had under a federal healthcare program. Such illegal actions can provide fodder for a whistleblower’s disclosure. Fortunately, some trends exist that can make compliance easier for companies.
Some areas of greatest risk are particular to a business in question, such as off-label marketing in the pharmaceutical world. It is also true, however, that some fraudulent activities transcend any one specific industry.
Statistically speaking, fraud more often than not relates to the contents of financial statements, bribery in foreign countries, and illegal kickbacks made in exchange for business. Take fraudulent financial reporting as an example. Compliance programs not only help to discover this type of fraud, but they also — if the programs are well advertised — dissuade tempted employees who know that someone is paying attention. Overzealous corporate officials, however, need to be careful.
Antiretaliation and Personal Liability
The new rules anticipate a backlash against whistleblowers. They prohibit retaliation against employees who have a reasonable belief in the truth of their allegations, which means that adverse employment decisions made against a whistleblower require deep thought, even if they are made for a legitimate business reason.
Moreover, corporate officers, directors, and managers can be personally liable for violations discovered as a result of a whistleblower’s disclosures. By way of example, for decades the federal Food, Drug, and Cosmetic Act has prohibited introduction of a misbranded drug into interstate commerce. It also imposes criminal consequences upon violators. Criminal prosecutions have been brought against corporate officials over the years, especially in the past few years.
Such individual prosecution came into favor years ago with the decision in United States v. Park, in which a corporation’s chief executive officer was found criminally liable for inadequate warehouse sanitation. That court relied on the fact that a corporation can act only through individuals and that the liability of corporate managers can be predicated on a manager’s power to prevent the prohibited acts rather than on the manager’s actual knowledge. Such persons bear the burden of proving that they were powerless to prevent or correct a violation. This “responsible corporate officer” concept of strict liability (a violation can result even without actual knowledge) threatens each and every owner, officer, and manager.
Moreover, responsible corporate officials can be debarred (or excluded) from participating in government healthcare programs — a career-killer for pharmaceutical and medical device executives whose companies rely on such programs. Factors relating to such exclusion include the harm caused, the degree of authority that an individual had, whether disclosure of the problem was timely made, and all mitigating steps taken. As can be deduced from such factors, the commitment to compliance extends even after a problem is discovered.
Practical Impact of the Rules
The whistleblower reward, which is often referred to as a “bounty,” allows an eligible person to recover 10–30% of judgments exceeding US$1 million. The actual amount of a reward depends on various factors — for example, the reliability and completeness of disclosed information, and the degree to which that information assists in a government enforcement action. Perhaps most important, there is no requirement that the complaining employee first made a disclosure to an int
ernal corporate compliance program; that is, internal reporting is not a precondition to getting a reward. Nevertheless, such disclosure does increase the monetary reward. Therefore, an internal corporate-compliance program is essential to reducing the possible negative impact of these whistleblower rules.
Not Business As Usual
Companies can take several steps to encourage in-house disclosures before a frustrated employee blows the whistle outside the organization.
Communication: Compliance often starts and ends with effective communication, which takes many forms. For example, employees and agents need to have a clear understanding of how and where to report suspected violations, as well as a complete picture of what will happen if they know something yet fail to report it. Mandatory training is often considered one primary method of communicating unacceptable practices. Similarly, corporations often create and maintain a method for interaction between compliance staff and sales and marketing personnel to keep everyone in line with corporate policy. Many corporations also have implemented an anonymous “hotline” to allow for internal disclosure while precluding the disincentive to it that often results from a fear of retribution.
Commitment: A company must be committed to compliance. Commitment starts with training and distributing a clear message that fraud and abuse, and retaliation against whistleblowers, will not be tolerated. Adequate funding of compliance programs can be viewed as part of that commitment. Avoid any implication that adverse information is being “buried” because that in and of itself may generate a complaint.
Standards of Conduct: A guide to daily and ethical operation is an essential component to compliance. That should include standard operating procedures (SOPs) and/or corporate manuals, which are always revised. The standards must be fluid and respond to changing circumstances, rather than words on a page or in a binder collecting dust in some dark corner.
Validity: Ensure that all data used to establish the basis for government reimbursement are demonstrable and fully documented. Procedures must be in place to prevent any manipulation of information.
Consequences: A compliance program should promise discipline against violators and then follow up when misconduct is discovered. Mete out punishment intelligently and swiftly when fraud is discovered. Often, performance evaluations help to identify problem areas and rectify situations soon after they occur. Again, a clear message against retaliation is essential to encouraging in-house disclosures.
Corrections: A company should maintain its ability to respond to violations by correcting them as soon as possible. If violations are corrected, a whistleblower will be less likely to get traction with any government complaints. Moreover, the government will factor such compliance into any enforcement action it considers taking.
Creativity: Pharmaceutical and medical device manufacturers should expect activity in certain areas — such as requests for information about off-label uses — and create procedures that track US Food and Drug Administration (FDA) guidance documents. Companies should also consider the impact of social media. Failure to think creatively will provide easy picking for whistleblowers — and more important, increase by orders of magnitude the possibility of a government enforcement action.
Leadership: A senior management team should be part of the compliance program and play a substantial role in developing and refining the compliance procedures. A top-down commitment to compliance (such as a “compliance committee” that is tasked with overseeing the process) also communicates a commitment to compliance. The main point is that employees with a complaint need someone on the inside who they can trust. Those aspects of a compliance program let employees know that the company takes compliance seriously and that someone is watching.
Auditing and Monitoring: Compliance cannot be static. To stand the test of time, it needs to be tested periodically by way of, for example, surprise audits. This will send a message to the employees that compliance is a constant goal. It will also tell wayward employees that they are being watched. In fact, studies show that random audits work. Finally, an audit will protect against inadvertent violations. Each of those three areas is important to stopping the ability of a whistleblower because it stops violations before they occur.
No Better Time Than Now
Plaintiffs’ lawyers are sensitive to these issues and troll the waters for cases. They seek to convert garden-variety employment disputes into qui tam action with the hopes of hitting it big. As more high-profile rewards are publicized, both employees and lawyers who are savvy to the benefits will be ready.
Regardless of those motives, companies need constant reminding that whistleblowers are rewarded only when noncompliance actually exists. So, leave the lawyers to someone else; instead, focus on ways that corporate executives can tailor the compliance programs to allow for internal disclosures while maintaining the economic bottom line.
Doing so will have added benefits. As the government continues to stress its commitment to punishing fraud and abuse, effective corporate management of risk will provide a good dose of prevention and prove to be an asset for stockholders and investors. Robust programs — “pressure tested” to ensure functionality and enforcement within a company — start with taking care of dirty laundry in-house.
Compliance makes sense not just from preventing a whistleblower, but also because it encourages trust and breeds a culture of greater compliance. Although reservations with regard to in-house disclosures are normal, the positive results that will be realized after the initial period of doubt are worth the effort.
Corresponding author David Restaino, Esq. is a partner in the Princeton, NJ office of Fox Rothschild LLP; 1-609-895-6701; email@example.com. Leslie Gladstone Restaino, Esq. is general counsel of Validus Pharmaceuticals LLC.