On July 30, 1778, the Second Continental Congress passed the Whistleblower Protection Act of 1778, which is considered to be the first whistleblower law in world history. Much has changed in two and a half centuries, but very recently, there has been a revolution of sorts in the whistleblower space:
- The regulatory landscape has been changing rapidly in the United States and abroad, as government institutions have taken decisive action to create, overhaul, and enhance whistleblower protections.
- At the same time, the rate and rewards for whistleblowing have been on the rise, indicating that individuals are more empowered, willing, and incentivized to report bad acts.
What began as a nascent concept of the American Revolution has emerged as a ubiquitous and quickly evolving feature of global compliance. Global organizations must recognize that times are changing, and that adaptation is a must, if they haven’t already. Failing to do so could result in a variety of costs – legal, reputational, and financial – as well as a loss of stakeholders’ confidence. And importantly, it could shortchange employees of their inviolable right to speak up.
In just the past year, multiple countries have either strengthened their whistleblower protections or adopted whistleblower protections into law for the very first time.
The United States
As a legal concept, America’s protection of whistleblowers predates the formal establishment of the country itself, as the Whistleblower Act of 1778 was enacted roughly nine years before the U.S. Constitution was ratified in 1787. Over the past two centuries, the body of law has been fortified with a multitude of jurisdictional principles and regulations. These include for example, provisions of the False Claims Act (also known as “Lincoln’s Law” of 1863), Lacey Act (1900), Foreign Corrupt Practices Act (FCPA, 1977), Tax Relief and Health Care Act (2006), and the Dodd-Frank Act (2010).1
The most recent evolution of the law is the Anti-Money Laundering (AML) Whistleblower Improvement Act, which was signed into law in December 2022. Among other provisions, the legislation raises the minimum eligible award for whistleblowers and further facilitates the payment of awards with the creation of a “Financial Integrity Fund.” 2
Along with legislative activity, regulators have taken decisive steps to enhance the efficacy of their own whistleblower programs. For example, in August 2022, the U.S. Security and Exchange Commission (SEC) passed two amendments to their whistleblower program which administers awards in the sphere of public company registrants. The first amendment expanded eligibility to include awards that stem from “non-SEC actions.” The second rule “affirmed the SEC’s authority to amend awards for the limited purpose of increasing, but not lowering an award.” The two amendments had the dual effect of loosening the criteria for awards and raising the dollar caps to those that provide awardable information to the commission.3
These amendments are emblematic of the SEC’s active posture. In May 2023, the commission announced the largest-ever award to an individual whistleblower, totaling nearly $279 million.4
EU Whistleblower Directive and German Whistleblower Protection Act
Passed in November 2019, the EU Whistleblower Directive requires all member nations to implement laws establishing the rights and obligations of whistleblowers. The directive, which applies to government bodies as well as private organizations, establishes the minimum conformance requirements for all member countries.5 For example, while the directive applies to whistleblowing over breaches of EU rules, each member country has the discretion to establish stronger whistleblower protections than those promulgated in the directive.
Perhaps one of the most significant laws arising from the EU mandate is the German Whistleblower Protection Act (GWPA), which officially came into force on July 2, 2023. Consistent with the EU Directive, the GWPA sets requirements for internal whistleblower channels, whistleblower confidentiality, and imposes strict restrictions against whistleblower retaliation. But the GWPA is much broader in reach than the EU Directive. For example, the law applies to any company with more than 50 “workers,” with a presumption that both full-time and part-time employees count toward the 50-employee threshold. Further, not only does the GWPA mandate reporting channels involving reported violations of “EU rules,” it also encompasses reported violations of criminal, tax, securities, and administrative laws governing employee rights.
Other European countries have been enacting their own versions pursuant to the EU Directive.6 For any organization operating in Europe, it is important to understand both the baseline EU Directive as well as any additional laws enacted by member nations.
Japanese Whistleblower Protection Act
In June 2022, the Japanese government took action to significantly enhance its existing Whistleblower Protection Act (WPA). The amended WPA added new requirements for companies to create internal systems for responding to whistleblower reports, including the designation of personnel responsible for receiving and investigating whistleblower reports and imposing corrective measures. The WPA also created new confidentiality requirements and imposed strict penalties on companies that failed to maintain whistleblowers’ confidentiality.7
The U.S., Europe, and Japan are just three examples of a global pattern. Others, countries, such as Brazil, Australia, and South Korea, have recently enacted similar whistleblower laws or amended existing regulations. The nuanced implications of these laws must be examined and understood for entities operating in those regions, as the impact on individual organizations will be geographically dependent.
However, the overall message on the global stage is a resounding one: government institutions are adding teeth to protect whistleblowers, and whistleblowers are listening.
The Rate of Whistleblower Activity is on the Rise
The regulatory developments of the past year may be an apogee of a years-long trend: in various domains and geographies, the rate of whistleblower reports has been rising drastically.
In the U.S. for example, the volume of whistleblower tips received by the SEC has increased by over 300% over a ten-year span, from 3,001 tips in 2012 to 12,322 tips in 2022.8 In 2022, the Commodity Futures Trading Commission (CFTC) received 1,506 whistleblower tips (under the Dodd-Frank Act), which was almost double that received in 2016.9
These U.S. statistics are consistent with global trends. In its annual benchmarking Hotline & Incident Management report, NAVEX includes whistleblower data from various small and large companies, including a metric that tracks whistleblower “Report Volume”, which is the rate of reports per 100 employees. In 2012, there were 4.9 reports per 100 employees.10 By 2022, this metric had increased 170% to 12.7 reports per 100 employees.11
The law firm Baker McKenzie described this trend succinctly, pointing out that the rising rates in whistleblower reports are attributable in large part to economic volatility. Such economic volatility has led to more fraudulent behavior, and at the same time, an increase in scrutiny by authorities.12
Implications for Organizations
The past year has brought with it a myriad of international whistleblower regulations, and on the ground, the rate of whistleblower reports has been rising. Organizations must therefore be positioned to face this complex new reality.
There are things organizations can do proactively – before a whistleblower incident – and reactively, when an incident occurs. Resources on these topics abound, but referenced here are past StoneTurn articles that cover the most essential steps for avoiding whistleblower pitfalls, including: (i) establishing a speak-up culture, (ii) improving your speak-up program, and (iii) responding to complaints.
(i) Establish a speak-up culture:
A robust whistleblower program (also known as a “speak-up” program), begins with a strong speak-up culture. In “Whistleblowing Success – Key Actions An Organization Can Implement,” our team highlights components, including:
- Model a culture of compliance with a strong tone at the top;
- Effectively communicate to employees regarding the importance and aspects of the speak-up program;
- Provide adequate training for employees on the speak-up program;
- Appoint a “speak-up champion” from senior management; and
- Emphasize the organization’s commitment to a speak-up culture.
(ii) Implement (or enhance) the speak-up program:
After establishing a speak-up culture, the next step is to put the actual program into practice. In “Beyond Whistleblowing: Five Steps to Establish an Effective Speak-up Program,” we outline the key components of an effective speak-up program:
- Establish a framework to receive, escalate, and report;
- Maintain awareness with ongoing communication and training;
- Implement policies, procedures, and controls to drive responsiveness and accountability;
- Establish metrics to monitor program effectiveness and update key stakeholders; and
- Periodically test design and operating effectiveness.
(iii) Responding to complaints:
Finally, our team answers the question: What should an organization do when a whistleblower reports a complaint? There are Four Critical Steps for Responding to a Whistleblower Complaint, including:
- Triage the complaint based on an evaluation of the fact pattern, including possible violations of laws and regulations and whether the complaint raises issues that demand immediate attention;
- When making decisions to disclose the whistleblower report, keep the circle small in order to preserve confidentiality, protect the whistleblower from retaliation, and manage organizational risks;13
- Establish communication protocols for internal and external stakeholders;
- Prepare to investigate the complaint with consideration of the severity of the allegations and the risks to the organization.
National Whistleblower Day marks an annual occasion for honoring the contributions of whistleblowers around the world. For global organizations however, whistleblowing will remain in the spotlight even as the calendar flips forward.
That said, take today to reflect on the history of whistleblowing, its evolution in recent years, and the lessons to be drawn from it: the value of the individual speaking truth to power; of acting as a check against bad actors and illicit or inappropriate activities. Furthermore, take notice that the very human act of speaking up has lost none of its potency, even in an age of automation, data analytics, and artificial intelligence.
This potency has been reaffirmed by both institutions and individuals in recent years, as governments continue to strengthen whistleblower protections, and individuals continue to speak up. Organizations who make a real commitment to enhancing their whistleblower programs can demonstrate that they are not only listening – they are taking action, every day.
We should also remember the example set by Daniel Ellsberg, who was the famous “Pentagon Papers” whistleblower central in exposing the U.S. government’s opacity surrounding the war in Vietnam: “We need the courage to face the truth about what we are doing in the world and act responsibly to change it.”
8 SEC Whistleblower Office Announces Results for FY 2022, https://www.sec.gov/files/2022_ow_ar.pdf
9 CFTC Whistleblower Program & Education Initiatives, 2022 Annual Report, https://www.whistleblower.gov/sites/whistleblower/files/2022-10/FY22%20Customer%20Protection%20Fund%20Annual%20Report%20to%20Congress.pdf
10 “2020 Risk & Compliance Hotline Benchmark Report”, NAVEX.
11 “2023 Risk & Compliance Hotline & Incident Management Benchmark Report”, NAVEX
13 Of course, as our article explains, organizations must be cognizant that disclosure to a regulator or law enforcement may be required in certain situations and jurisdictions.