Home / Commentary / Dust off your whistleblower program

Dust off your whistleblower program

Brian hedgesThe Association of Certified Fraud Examiners (ACFE) publishes its Report to the Nations on Occupational Fraud and Abuse on a bi-annual basis.  The most recent study was published last month and covered the period from January 2012 through the end of December 2013.

The Report quantifies and analyzes responses submitted by Certified Fraud Examiners (CFE) for up to two cases that a responding CFE investigated during the period of the study.  To be eligible, the following criteria must be met:

–        The individual performing the study must be a licensed CFE

–        The case must have been committed by an individual against his/her employer (i.e., occupational fraud)

–        The investigation must have been completed at the time the survey was submitted

In the 2014 Report, there were 1,483 affirmative responses to the survey, of which 646 were in the United States.  The remaining locations are detailed below:

Table 1_hedges

No geographical area is immune to fraud, waste or abuse.  Understanding how potential frauds are initially identified, wherever they may occur, will help organizations to prepare themselves for early detection.

Identifying Fraud

The 2014 report ascertained the initial identification of the fraud cases that were reported, which is detailed in Table 2 below.  Much like the prior Report to the Nations in 2010 and 2012, a tip is the most common cause of identifying a potential fraud.

In 2010, 2012 and 2014, the number of cases reported via tip exceeded 40 percent of the total, at 40.2 percent, 43.3 percent, and 42.2 percent, respectively.  In all years, it was more than twice as common as the next method of identifying fraud – a review by management.

The following table highlights all of the sources of fraud identification.  It is important to note that the fourth most common way fraud is identified is by accident in the ACFE studies.

Table 2_hedges

Who is a whistleblower?

Most broadly, a whistleblower is anyone who draws attention to illegal or other alleged dishonest behavior.  Such a tip may be brought to management, the Audit Committee, Board of Directors, local, state, or federal authorities, government regulators, , or a collection of two or more of these groups.

More specifically, the Dodd-Frank Act defines a whistleblower in Section 922 as “…any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission…”  Additionally, in Section 21F-2(a) in the Securities and Exchange Act of 1934: “A whistleblower must be an individual.  A company or another entity is not eligible to be a whistleblower.”

Referring back to the ACFE’s 2014 Report, in all cases reported by a whistleblower’s tip, the information was provided by the following individuals (and percent of cases):

–        Employee (49.0 percent)

–        Customer (21.6 percent)

–        Anonymous (14.6 percent)

–        Vendor (9.6 percent)

–        Other source (6.5 percent)

–        Shareholder/Owner (4.3 percent)

–        Competitor (1.5 percent)


Public Company Whistleblowers

Effective August 11, 2011, the SEC issued its Final Rules relating to whistleblowers.  The additional guidance puts the policy into practice and defines appropriate payment for information leading to monetary sanctions for tips at public companies.  Providing a tip to the SEC or which leads to “monetary sanctions” (i.e., penalties, disgorgements, and interest) in excess of $1 million can lead to a financial benefit to a whistleblower, historically totaling 10-30 percent of the sanction.

The SEC created an Office of the Whistleblower, which issues an annual report to Congress on whistleblower activities at public companies.  While the calls have increased steadily in the first few years, monetary benefits paid lag behind due to the review and investigation period required:

Table 3_hedges

Best Practices for Small Businesses

While the SEC policies are geared towards protecting investors in public companies, small businesses are well served to borrow a page out of the SEC’s playbook.  Below are some best practices for small businesses to consider when initiating anti-fraud and/or whistleblower programs:

  1. Set a tone at the top.  A key to the success of an anti-fraud effort is the full support of management.  Make sure this tone is one that does not stand for fraud, waste, or abuse while empowering employees to come forward when they have information implicating wrongdoing.
  2. Keep up on anti-fraud training.  Educating employees to understand fraud risk areas and knowing what to do in case they have knowledge of a fraud will help determine the success of any anti-fraud program.  Educated employees are the front line for an anti-fraud program.
  3. Publicize and honor your whistleblower policy.  Make sure all employees, suppliers, and customers understand management’s commitment to fraud prevention.  Include with any whistleblower policy the mutual understanding that any claims made will not be subject to retaliation.  A line of plaintiff’s attorneys is standing ready to file a retaliation lawsuit.
  4. Perform an annual review at the management level.  Smaller companies often do not have the resources to employ an internal audit department.  Therefore, performing an annual review of key areas with fraud risk may help to head off a fraud before it can grow.  Focus on areas where inadequate separation of duties may occur, which has a profound impact on smaller companies.
  5. Do not work alone.  Accountants, attorneys, and bankers all may provide expert guidance tailored to your business or industry.  In addition, these experts can provide an independent view on issues – proactively or, worst case, retroactively – which may be beneficial to management.


Brian C. Hedges, CPA is a manager in the Investigative and Dispute Resolution Services group at Mengel, Metzger, Barr & Co. LLP and may be reached at BHedges@mmb-co.com or 585-672-1883.


About Brian Hedges