02.28.2024 | Linda J. Rosenthal, JD
Whistleblower Policy for Nonprofits
It’s not uncommon these days to read news reports about corporate whistleblowers.
Since 2002, these brave people who report wrongdoing have had substantial protection under the federal Sarbanes-Oxley Act. That landmark legislation emerged in the aftermath of high-profile corporate corruption cases in the early 2000s; most notably, Enron. Whistleblowers were key to taking down these economic giants who were guilty of massive frauds.
In California, workers have rights as well under the state’s whistleblower statute. Even before significant amendments effective January 1, 2014, California Labor Code section 1102.5 included protections broader than in the federal statute.
Sarbanes-Oxley and Nonprofits
We already discussed some of the history of Sarbanes-Oxley in “Written Governance Policies: Which Ones Should a Nonprofit Organization Have?” The primary focus of Sarbanes-Oxley has been publicly traded companies. But two of its criminal provisions apply to nonprofits as well: one section “prohibit[s] retaliation against whistleblowers and [another section] prohibit[s] the destruction, alteration or concealment of certain documents or the impediment of investigations.”
In this post, we’ll discuss the whistleblower protections, leaving the document retention issue for later.
Section 1107 of H.R. 3763 (Sarbanes-Oxley) amended the existing federal obstruction of justice statute, section 1513 of title 18 of the United States Code. Sarbanes-Oxley added a new section (e):
Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense, shall be fined under this title or imprisoned not more than 10 years, or both.
It is illegal for a corporate entity—for-profit and nonprofit alike—to punish the whistle blower in any manner. [A company is not allowed to] “… fire, demote, suspend, harass, or fail to promote any employee who reports improper activity – even if the report turns out to be unfounded. The only requirement is that the employee had a reasonable belief or suspicion that wrongdoing had occurred at the time they made their complaint.
California Law: Stronger Than Sarbanes-Oxley
The pre-2014 version of California Labor Code section 1102.5 had already “prohibited employers from retaliating against employees who reported reasonably-believed violations of state or federal laws, rules, or regulations to a government or law enforcement agency.
The amended statute includes an important extra dimension: It extends whistleblower “protection to employees who report suspected illegal behavior: (1) internally to ‘a person with authority over the employee’ or to another employee with the authority to ‘investigate discover, or correct’ the reported violation; or (2) externally to any ‘public body conducting an investigation, hearing, or inquiry.’ Additionally, [it] declares unlawful any employer’s rule, regulation, or policy that prevents the disclosure of reasonably-believed violations of local (in addition to state and federal) laws, rules, or regulations.” (emph. in orig.)
This change is significant because it expands the time-frame and circumstances of the whistleblowing process, from “reasonably-believed violations” to possible wrongful behavior that is merely suspected.
The amended section 1102.5 also “imposes liability where any person acting on the employer’s behalf retaliates against an employee who engages in protected whistleblowing activity. In addition, employers and persons acting on their behalf may not retaliate against an employee for disclosing such information or because the employer believes the employee has disclosed or may disclose the information externally or internally.” (emph. in orig.) This new liability for “anticipatory retaliation” is a highly significant expansion; it extends protection to when an employer, or any person acting on its behalf, takes “… adverse action against an employee based on the mere belief that the employee has disclosed or might disclose information about a reasonably-believed violation of federal, state, or local law.”
Under section 1102.8, a California employer must post a notice at the workplace – (“shall prominently display in lettering larger than size 14 point type”) – a list of employees’ rights and responsibilities under the whistleblower laws, including the
telephone number of the whistleblower hotline.
A violation of any part of revised Labor Code section 1102.5 is a serious matter for employers; there are possible civil penalties of up to $10,000 per violation.
What Does This Mean for Nonprofits?
The corporate scandals that prompted the passage of the federal Sarbanes-Oxley Act involved publicly traded, for-profit corporations. Nevertheless, the inclusion of the two criminal statutes that apply to nonprofits was a huge wake-up call to the philanthropic community.
Since then, philanthropy leaders and respected watchdog groups have repeatedly emphasized the importance of responsible corporate governance and oversight. Government officials have jumped on the bandwagon, too. A key example is the 2008 overhaul by the IRS of the Form 990. There are tough questions on that annual information return, including about an organization’s whistleblower policy and procedures. An organization “must develop, adopt, and disclose a formal process to deal with complaints and prevent retaliation.” It must “take any employee complaints seriously, investigate the situation, and fix any problems or justify why corrections are not necessary.”
California organizations that don’t already have a written whistleblower policy in effect should not rely on sample, online, whistleblower templates – even from respected sources. These examples likely reflect only the federal statute, which is narrower and less stringent than either the former California whistleblower law or the amended version, effective in 2014.
If an organization already had a whistleblower policy in place when the California Legislature amended and expanded Labor Code section 1102.5, it should review and revise that document to reflect these substantial changes.
Adoption of an explicit whistleblower policy and procedure document is only part of the picture.
First, the organization should carefully review the adequacy of its internal controls – so that opportunities for fraud and misdeeds are lessened or eliminated:
Nonprofits must start by protecting themselves. They must eliminate careless and irresponsible accounting practices. A nonprofit organization would benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated.
Second, in order to comply with both the letter and spirit of anti-retaliation, whistleblower-protection laws, an organization should take steps to mold a new corporate culture: one in which whistleblowers are viewed not as troublemakers or malcontents, but as vital to the honest and efficient operation of the group and achievement of its mission.
– Linda J. Rosenthal, J.D., FPLG Information & Research Director