A New Whistleblower Environment Emerges

Robert T. Biskup is Managing Director of Deloitte Risk & Financial Advisory, Deloitte Financial Advisory Services LLP. This post is based on his Deloitte memorandum.

As the COVID-19 pandemic continues, the whistleblower environment is changing in ways that should have the focused attention of compliance executives across industries. Three converging factors are at work here:

1) a significant increase in fraud and whistleblower activity; 2) disruptions stemming from remote work; and, 3) new Department of Justice (DOJ)/Security Exchange Commission (SEC) guidance on corporate compliance programs. This post offers insights on what’s driving the new environment and strategic actions you can take to adapt.

5 insights you should know

Economic uncertainty and COVID-19-related instability have real consequences. Rapid, unprecedented economic turmoil has created record unemployment and layoffs. Organizations are under significant cost-reduction pressure. According to a recent ACFE survey, 79 percent of member companies have observed an increase in fraud, and 90 percent expect further fraud increases in the next 12 months. [1]

Medical and safety concerns and remote work can turn into compliance issues. Work-from-home arrangements have introduced a new range of compliance risks. Workplace health and safety conditions, along with cyber security and data protection and confidentiality concerns, are contributing
to the increase in whistleblower activity.

Federal and state stimulus programs and regulations can increase compliance complexity. New government-backed liquidity programs, regulations, and rules are being issued in compressed timeframes, with often unclear or deferred guidance on implementation and compliance expectations. Even the most well-intentioned companies may face compliance challenges. Government channels and mechanisms for reporting alleged misconduct and waste are proliferating quickly

Public and enforcement focus on alleged corporate misconduct is increasing. COVID-19 is at the top of the regulators’ agendas. The DOJ has urged individuals to report COVID-19-related fraud schemes. State attorneys general are focusing on investigating and punishing COVID-19-related misconduct.

New DOJ/SEC guidance clarifies and amplifies compliance responsibilities of corporations. Expectations of compliance programs are increasingly sophisticated and granular. Greater emphasis is being placed on effectiveness testing for whistleblower reporting mechanisms. Of paramount importance is a company’s response to potential misconduct and application of lessons learned into its compliance program.

5 actions to take now

Pivot to a dynamic risk assessment. Adopting a culture of risk assessments that are frequently refreshed and updated can potentially limit compliance blindsides and help you anticipate what may be around the corner. Address the likelihood of reduced budgets across the three lines of defense. Focus on highest risk areas of compliance in order to be consistent with regulatory guidance.

Extend the eyes, ears, and reach of compliance. Consider your needs for whistleblower program surge capacity from an operational perspective. Explore the idea of augmenting in-house investigations with external on-call investigation support designed for rapid deployment, technology-enabled delivery, and predictable costs. Increase your emphasis on investigation metrics, aging, and audit trails.

Heighten your vigilance around financial fraud and invest in compliance relating to government economic stimulus. Increase your focus on familiar risk areas—they are still the most likely sources of misconduct. Scour your organization for any form of government monetary connectivity and implement reliable controls, IT systems, and monitoring.

Refine your company’s whistleblower action plan and adopt leading practices. Communicate clearly that the action plan is mission-critical. Assess the risk of complaints early and promptly allocate resources. Refine your investigation and response protocols. Reinforce document retention procedures. Revisit anti-retaliation policies and training. Know when and how to report to regulators.

Amplify the frequency and content of your compliance communications with the C-suite and board. Guide management in proactively embedding new operational business processes, controls and systems to address risk areas. Serve as a critical communication bridge for regular information updates to the board. Address new training challenges.


1“Fraud in the Wake of Covid-19 Benchmarking Report,” Association of Certified Fraud Examiners, December 2020, https://www.acfe.com/covidreport.aspx(go back)

Both comments and trackbacks are currently closed.