IMAGE BY RICHARD DRURY/GETTY IMAGES" />IMAGE BY RICHARD DRURY/GETTY IMAGES" />
The “Responding to Noncompliance With Laws and Regulations” (NOCLAR) interpretations included in the AICPA Code of Professional Conduct answer questions members in business may have about reporting fraud.
The regulatory weaknesses that led to fraud events in the early 2000s at Enron, Halliburton, and WorldCom have in some cases been remedied. But with a new era come new ways for businesses and individuals to break laws and bypass regulations: Tricky property or business schemes, buried deep in the books — or off them — and away from the oversight of regulators. Ever more creative ways to move and hide money. Crypto schemes that outrun the government’s ability to catch up.
Often, insiders working behind the scenes discover something amiss, which can put members in business in potentially perilous situations.
What do you do if you discover your employer is laundering money? What if something feels off, but you’re not quite sure how off? And when you do find proof of wrongdoing, what do you do with it? Reporting a powerful person can have consequences for the whistleblower.
However, CPAs do not want to become implicated because they overlooked something or did not act when they should have.
THE WHEN, WHERE, AND HOW OF WHISTLEBLOWING
The AICPA Professional Ethics Executive Committee’s recent “Responding to Noncompliance With Laws and Regulations” (NOCLAR) interpretations (ET §§1.180.010 and 2.180.010) within the AICPA Code of Professional Conduct provide answers. The NOCLAR interpretations, which became effective on June 30, 2023, include requirements and considerations that members should review when deciding whether to blow the whistle. But many may wonder where and how to do so to best protect themselves and maximize the odds that regulators will seriously consider their concerns.
This article focuses on explaining the rules for members in business, rather than members in public practice, which involves somewhat different considerations.
What obligations do members in business have regarding noncompliance and fraud?
Before members can consider reporting potential violations to an appropriate authority, they must first investigate and escalate the problem internally. For in-house auditors, internal investigation and escalation are typical. The vast majority of our whistleblower clients try hard to resolve problems internally before they consider blowing the whistle.
The NOCLAR interpretation also encourages members to document everything: the suspected noncompliance, your judgment in evaluating it, what steps you took to raise the issue, and the response received. Documentation is a best practice for protecting yourself and proving the wrongdoing. Government regulators are more likely to act on a whistleblower submission that contains credible, well-organized, and substantiated allegations.
When management fails to respond, members should determine what further action is necessary. Under the recent guidance, they may be permitted to disclose NOCLAR issues to an appropriate external authority when necessary to protect the public interest. Members may also be permitted to disclose the matter under guidance provided by the “Confidential Information Obtained From Employment or Volunteer Activities” interpretation (ET §2.400.070) of the “Acts Discreditable Rule” (ET §2.400.001). Under that interpretation, disclosure is allowed when “required by law” to “inform the appropriate public authorities of violations of law that have been discovered,” and also when there is “a professional responsibility or right to disclose information … [to] comply with professional standards and other ethics requirements …” Members in business should consider their obligations under both interpretations when deciding whether to report their employer to government authorities. Also, members may wish to consult with their legal counsel prior to disclosing, or determining whether to disclose, confidential employer information.
With these principles in mind, let’s say you are a member in business providing accounting services for your employer, a national, publicly traded retail store. You aren’t specifically in a compliance or investigative role, but you notice that the revenue reported out of the Midwest region is inexplicably high when compared with past periods of performance and other regions.
After some pointed questions, a junior colleague explains that they were pressured by a hard-charging regional manager to recognize revenue early and beat expectations. You escalate these findings to your supervisor, the CFO, who later tells you the company concluded the Midwest region’s revenue recognition was defensible. Also, the company really can’t afford to not recognize that revenue this year. The CFO thanks you for bringing this to their attention, then politely asks you to leave the matter alone.
But in your view, the error not only remains clear but is also material to the company’s overall performance. Indeed, the CFO’s comments lead you to believe that the company is deliberately turning a blind eye to avoid reporting disappointing revenues. You believe strongly that further action is needed to protect the public interest and to fulfill your legal obligations or comply with ethical standards.
At this point, the NOCLAR interpretation permits you to take further action, which may include:
Should you blow the whistle on your employer?
Whistleblowing can involve dangers, especially if you find yourself with information related to powerful individuals or entities. Often, whistleblowers face retaliation or ostracism in the workplace.
The NOCLAR interpretations recognize these risks and encourage members to weigh the following factors when deciding whether to step forward:
MANY LAWS EXIST TO PROTECT AND INCENTIVIZE WHISTLEBLOWERS
Many robust and credible laws protect whistleblowers when they step forward. They may even provide financial incentives for coming forward, but navigating the labyrinth of whistleblower laws in the United States can be daunting.
There are dozens, if not hundreds, of state and federal laws that protect and incentivize whistleblowing. Each comes with its own set of rules and applies to a unique set of legal violations. Members should strongly consider consulting with an attorney to determine which whistleblower laws may apply to their circumstances.
As a starting point, you should be familiar with these major whistleblower programs that will apply to many noncompliance issues accountants face:
The SEC and CFTC programs: Investment and commodities frauds
In the wake of the 2007–2008 financial crisis, Congress established twin whistleblower programs at the SEC and the Commodity Futures Trading Commission (CFTC) to bolster the government’s protection of investors. Under these programs, whistleblowers can submit confidential tips concerning any form of misconduct regulated by the SEC or CFTC, including misrepresentations, misappropriation of funds, market manipulation, and insider trading. The SEC also enforces the Foreign Corrupt Practices Act’s anti-bribery law for publicly traded companies.
These programs are particularly notable for their strong track record of protecting whistleblowers’ identities. Whistleblowers can even submit their information anonymously with the assistance of an attorney. Moreover, any whistleblower who suffers retaliation can take his or her employer to federal court to seek reinstatement, back pay, and other damages.
The SEC and CFTC programs also provide financial incentives. If a whistleblower’s information leads to a successful enforcement action, they can receive between 10% and 30% of the monetary sanctions collected by the government. Over the last decade, whistleblower tips under these programs have resulted in over $9.3 billion in monetary sanctions, with more than $1.9 billion in awards to over 350 whistleblowers.
The False Claims Act: Fraud on government contracts and programs
Whistleblowers can also report fraud in government contracts and programs under the False Claims Act (FCA). In addition, many states have their own FCAs that cover fraud against state contracts and programs.
Unlike the SEC and CFTC programs, a whistleblower in an FCA matter files a lawsuit in court. The U.S. Department of Justice then investigates the allegations and determines whether to take over the lawsuit. Even if the government chooses not to pursue the matter, the whistleblower can continue the case on the government’s behalf.
Like programs created under the Dodd-Frank Act, the FCA also prohibits retaliation against whistleblowers who report potential fraud on the government and gives them the right to bring a federal lawsuit if their employers do so.
If a whistleblower’s FCA case is successful, the whistleblower typically receives a reward of 15% to 30% of the government’s recovery. The federal government has recovered more than $50 billion from whistleblower-initiated FCA cases since 1986, when Congress strengthened the FCA. Whistleblowers have received more than $8.6 billion in rewards over that period.
The IRS program
Congress enacted the modern IRS whistleblower program in 2006. Like the SEC and CFTC programs, the IRS program involves confidential tips rather than filed lawsuits.
Whistleblowers can report all manner of tax schemes, including abuse of offshore tax shelters, transfer-pricing schemes, and failure to report income. The IRS program also accepts claims related to foreign bank account reporting (FBAR) violations.
In 2019, Congress added new anti-retaliation protections for whistleblowers as well, similar to those found in the FCA and the SEC and CFTC programs.
Whistleblowers can receive an award of 15% to 30% of any unpaid taxes and penalties recovered by the IRS using their information. Since 2007, more than 2,500 whistleblowers have helped the IRS collect more than $6.3 billion and have received over $1 billion in rewards for their efforts.
The FinCEN program: Anti-money laundering and sanctions violations
Treasury’s Financial Crimes Enforcement Network (FinCEN) is tasked with administering a whistleblower program established just over two years ago that is designed to root out money laundering and sanctions violations. This new program is closely modeled on the highly successful SEC and CFTC programs and includes anti-retaliation protections.
Whistleblowers can send confidential or anonymous tips to FinCEN about potential violations of the Bank Secrecy Act, including failure to have an effective overall anti-money laundering compliance program and failure to file suspicious activity reports. Following a 2022 amendment to the law, whistleblowers can now also submit tips regarding violations of U.S. sanctions laws.
As with the SEC and CFTC programs, whistleblowers can receive awards of 10% to 30% of the government’s recovery if their information leads to a successful case. Though still in its infancy, the FinCEN program has already received more than 100 tips.
WHISTLEBLOWING CAN BE STRESSFUL
It’s never easy to be a whistleblower. Even in the best cases, the experience can be stressful and destabilizing. The new NOCLAR interpretations provide a critical ethical framework for members facing this dilemma, but every would-be whistleblower faces unique circumstances and risks.
Members should thoroughly evaluate what protections and incentives apply to their situation and consider seeking legal counsel.
About the authors
Chris McLamb, J.D., and Eric Havian, J.D., are attorneys at the law firm Constantine Cannon. McLamb represents whistleblowers in the firm’s Washington, D.C., office. Havian, who is based in San Francisco, has taught fraud seminars at Stanford and Berkeley law schools and represented whistleblowers for nearly 30 years.
AICPA RESOURCES
Podcast episode
LEARNING RESOURCES
This course focuses on business and industry-specific ethics issues, with a special focus on recent cases and industry CPA responsibilities as defined in the AICPA Code of Professional Conduct.
For more information or to make a purchase, go to aicpa-cima.com/cpe-learning or call the Institute at 888-777-7077.
