CFA Institute Magazine 01 December 2017 Volume 28 Issue 4
What to Do If You Suspect Unethical Activity Is Happening at Work
In this article, multiple industry experts, including former SEC chair Harvey Pitt, share their advice about the best course of action when ethical challenges put your career and professional standards on the line.
• If you see, experience, or suspect an ethics breach at your employer, gather and document your facts and questions, check the issue escalation policy, and then talk privately to your immediate supervisor and the chief compliance officer.
• Question what you’ve seen, but don’t be accusatory or self-righteous.
• If you’ve reported your suspicions but the activities are unsuitably excused away or continue, it may be time to leave the firm.
We all expect our workplace’s corporate culture to champion honesty and behaviors that are ethical and free from immoral, unethical, or even illegal activity. Although you personally espouse the highest standards of ethical conduct, you might one day find yourself working at a company whose ethical compass seems broken or whose new initiative pushes the limits on regulatory standards or runs utterly contrary to your strong work ethic.
What do you do if you personally view, experience, or even strongly suspect that your company has undertaken an activity or endorses behavior that is counter to the moral high ground, breaks a regulation (or two), or could even be illegal?
We asked multiple industry compliance experts and lawyers for their suggestions as to what the best course of action should be if you experience an ethical quagmire at work that you have not been involved in.
One thing is clear: There are often gray areas to consider and navigate through, and handling such sticky situations with a professional demeanor and without overreaction is critical.
“Determining where to draw the line and evaluating when to tattle can be a lifelong moral dilemma,” concedes Janaya P. Moscony, CFA, president of SEC Compliance Consultants of Philadelphia, Pennsylvania. In general, saying something when you see something tends to be a good idea. “However,” says Moscony, “the risk comes in when you don’t have all of the facts and you could harm yourself or another person.” She suggests gathering as much information as possible as a key first step and cautions that if you don’t have all of the facts, it’s wise not to jump to conclusions.
Sizing It Up
Where you are seeing or sensing a breach, you likely need to make some early determinations.
“The most important thing is to be able to first determine what is an ethical issue versus something that you just do not like,” says Maureen O’Brien, owner and managing member of DynaMo Consulting, a regulatory compliance consulting firm in Hudson, New York. “You need to document the who, what, when, and where details whenever possible.”
Approaches taken can then vary based on the individual circumstance and type of infraction, as well as the severity of the situation or breach, according to experts. That includes whether clients or investors have been harmed by the suspected misconduct, which must be taken seriously. However, taking concise notes can prove critical.
“There is a potentially different approach that should be followed with suspicions of ethical or compliance breaches,” says Harvey Pitt, founder and CEO of Kalorama Partners and Kalorama Legal Systems of Washington, DC, and former chairman of the US Securities and Exchange Commission from 2001 through 2003. “The first two questions that the employee must answer are how well grounded are the suspicions and how serious is the potential breach? If the suspicions are not well grounded and/or the potential breach is not significant, that employee should make a written note to him/herself regarding the concerns and indicate that he or she will keep their eyes open to determine whether there is a basis for the problem and whether the potential problem seems significant.”
If you are working for a regulated entity, such as an investment management firm, there should be written policies, stipulations, and procedures to follow if you suspect an illegal or ethical breach has occurred. These are found in a firm’s compliance manual, which should be available to refer to.
But tread cautiously. “Don’t just assume, as it may or may not be an issue,” counsels Todd Cipperman, attorney and founding principal of Cipperman Compliance Services in Wayne, Pennsylvania. “Consider what to do before you light the place on fire. There may be lots of facts that, as an employee, you don’t know about.”
If you suspect some type of a breach has taken place, there are a number of decisions to be made, including whether to report up the chain of command, seek the ear of a chief compliance officer, or go directly to a top executive.
“When an employee is confronted with a suspected breach, they will need to decide whether to alert their manager, compliance officer, and/or external regulator,” says Francine E. Love, founder and principal attorney with the Love Law Firm in Uniondale, New York. “Obviously, investment management firms prefer that the reporting is first internal to allow the firm the opportunity to review, remediate, and potentially self-report if necessary. It is easier for an employee to choose to report to a manager or compliance officer if there is a culture of compliance at the firm.”
Should you report your suspicion to your direct supervisor or take it to the chief compliance officer? Our experts had mixed suggestions.
“You can start by reporting the next level up, unless you believe that your superior is implicated,” says Ronald M. Feiman, attorney and partner with the New York–based law firm Kramer Levin Naftalis & Frankel. “It’s always OK to go to the firm’s chief compliance officer or a compliance staff member with whom you have a relationship. They can investigate and report on the issue without bringing you into the mix and will usually mask the names of sources.” Just remember that at small shops, executives may wear many hats, so the chief financial officer could also be the chief legal officer and will be closer to the top. But small firms often lack additional staff. Feiman recommends that for suspected violations of securities law, you contact the chief compliance officer or the CEO directly.
“Employees should always report breaches they have seen or experienced directly to the chief compliance officer, whether or not they report those breaches to their direct supervisor,” says Pitt. “The reason for this is that direct supervisors may either try to talk the employee out of what they have seen or may prove less than diligent in pursuing reports of actual breaches. Moreover, retribution can occur more readily if the direct supervisor is informed exclusively.” Employees should always inform their chief compliance officer, and if choosing to also report this to their direct supervisor, they should be sure that the supervisor knows that the issue has been elevated to the compliance person/staff. The exception to this rule is if you suspect your direct supervisor is involved in the breach, in which case you should reach out solely to the compliance officer.
Even if you suspect that the top executive may in some way be implicated, it’s highly unusual to find that the chief compliance officer is also compromised, so reaching out to him or her is wise, according to Cipperman. He suggests that you put your concerns in writing—email is great—and that you very carefully word your communication to express your concerns and say that you saw something that may need to be looked at. Refrain from including direct accusations. “It’s best to report in a non-threatening way,” he says.
Pitt agrees that written communications are a best practice for compliance matters. Even if you talk to your direct supervisor for guidance before making a formal report on the matter to compliance, “contemporaneous written records should be maintained [by the employee], including any follow-up.” Then, if you are formally reporting, be sure that all communications are “in writing or are at least confirmed in writing, and [they] should be labeled confidential. Oral communications without contemporaneous written confirmation or follow-up will leave the employee without the ability to demonstrate the initiation of a report or the concerns before any retributive actions were taken,” if such occurs, Pitt says.
Watch your tone, and choose your words thoughtfully. When you do report a possible breach or violation, you need to report it “dispassionately,” says O’Brien. “Do not go [into a reporting meeting] angry at someone or self-righteous. Be factual and be calm so that your concerns are listened to and taken seriously.”
Consider using a non-threatening approach to voice your concerns. “You can always approach a situation with a ‘what if’ scenario and not use the names” of people who may be involved, explains Moscony.
Employees are most effective when they begin with an open stance and inquire about what they are seeing under the presumption that there may very well be a reasonable explanation for what appears to be misconduct, suggests Ann Skeet, director of Leadership Ethics at the Markkula Center for Applied Ethics at Santa Clara University. “Sometimes, employees closer to the action can identify conflicts of interest and issues that superiors may not see or recognize.” If reassurances can’t be convincingly provided, she recommends that employees refer back to the company’s mission statement or expressed set of values and inquire as to how the practice they’ve identified supports a specific value, such as transparency.
If you are reporting your suspicion to a compliance officer and also your manager, be certain to tell your manager that you are elevating or have already reported the matter to compliance on your own but want to make them aware of this, advises John Robbins, CFA, former chief compliance officer, Wealth and Institutional Services, at M&T Bank of Wilmington, Delaware. “You need to sound the alarm and to inform both.”
Also, be aware that compliance may have already heard about an issue you are bringing to them. “A compliance officer may say, ‘Thanks, we’re aware of it and we’ve already spoken to management,’” says Robbins. Employees need to be reasonably knowledgeable and sensitive and understand the distinction between minor infractions and more serious issues, such as illegal trading. If in doubt, “an employee can ask to refer back to a compliance manual and specifically refer to the company’s escalation policy,” says Robbins. One difficulty can be properly distinguishing one individual’s behavior from the company’s overall behavior.
“A company should encourage employees to report such concerns,” says Michael Volkov, CEO of the Volkov Law Group in Virginia. “The more avenues open for such reporting, the better.”
Should I Stay or Should I Go?
If you have reported what you believe to be a significant breach or problematic activity, you must then decide whether to stay or leave the company. This is particularly important if management or the company fails to address significant identified infractions, elects to ignore or dismiss them, or excuses them away by responding “Everyone is doing this.” If a regulator should instigate an investigation, an employee can become embroiled in the matter and be seen as culpable.
“If you are in a supervisory or compliance position and you know something is a serious violation but your company refuses to do anything to stop it, I believe you have an obligation to ‘report and run,’” says O’Brien. This is especially true if you are responsible for handling the issue but are denied company resources to do so or if you are not sufficiently empowered to do your job. “Then it’s time to go,” she says.
“As hard as it is to say goodbye to steady employment,” adds O’Brien, “it is not good for you to stick around on a job where the environment is hostile to compliance and ethics.”
“Supervisors, principals, and chief compliance officers all have personal liability,” notes Moscony. “You can’t just continue to work where there are significant [unresolved] issues.” In addition, if regulators suspect fraud, they could loop you in if they believe you didn’t do anything to stop the activity.
Most concur that quitting is often a last resort but may be the right course of action. “I suggest that if you think the firm is not prepared to do the right thing, then you should be prepared to abandon ship,” says Feiman.
“It is always difficult to advise an employee to terminate his/her employment,” says Pitt. “Employees should not remain at a firm where they are being utilized or would become caught up in the facilitation of whatever improper breaches have occurred and are ongoing.”
There is always the option of elevating your concerns externally by contacting the appropriate regulator, such as the SEC, FINRA, or CFTC. However, there can be severe and longer-term career consequences to this approach that you must first carefully consider. Reporting problems to a regulator is an option that can be utilized “where there is fear of reprisal or the problems perceived appear systemic rather than one-off ethical/compliance breaches,” notes Pitt.
Nearly all the experts we spoke to suggested that if you do properly report a suspected problem internally and are subsequently fired—especially if you believe your employer is retaliating against you—your best action is to hire an employment lawyer. “They can help you determine if your termination was actionable enough to bring a case or claim,” says Feiman.
Assuming you have chosen to leave your employer or are still employed but very actively looking for a new gig, how can you assess the ethical culture at a prospective new employer?
When a prospective employer asks you why you’ve left the previous firm or are seeking to move, Feiman recommends being honest and testing the new waters. “Mention that you are seeking a new perch because you were not comfortable with the thoroughness of compliance at your previous/current firm, and then gauge the reaction,” he says. Is that met with shock and dismay or with open arms and approval? As you get closer to getting an offer, it’s OK to ask to speak to the new firm’s chief compliance officer. That conversation can provide insight into how the firm views ethics.
Don’t be afraid to ask pointed questions. “If you are taking on a personal liability with a potential new employer, you need to interview them as much as they need to interview you,” Moscony says. “Ask to talk to other employees, and ask to review regulatory correspondence,” which could show issues discovered during regulators’ compliance inspections or sanctions levied. Furthermore, if a company offers you a job, be certain the employment contract you sign doesn’t prohibit you from reporting a matter to the presiding regulator, she adds.
It’s often difficult to truly assess a firm’s moral compass until you are working at the firm, Pitt acknowledges. But during a discussion with a potential employer’s chief compliance officer, remember to carefully assess not only answers to your questions but also his or her body language, which can provide definite clues. Pitt and other compliance professionals consulted for this article also recommend checking public regulatory enforcement violation records, which can show patterns of company violations. “The number, frequency, and seriousness of past transgressions are a [good] guide,” Pitt says.
Remember to ask hiring managers about the firm’s ethical culture, issue resolution practices, and what happens when problems arise, notes Robbins. Ask how the firm addressed the financial crisis of 2008–2009, and use the interview to probe. If those questions are held against you, that is a huge red flag.
Robbins also recommends tapping social media resources, such as LinkedIn, to connect with current and former employees and ask about a firm’s ethical culture and reputation. He suggests you do your own research and look at a firm’s Form ADV (available at www.adviserinfo.sec.gov) to determine whether there’s been a great deal of senior leadership turnover at a firm or whether company leaders have been there for 30 years and may be stuck in their ways. Either can be a red flag.
Further, cautions O’Brien, if at an interview you hear such answers as “we don’t mind getting into gray areas” or “there needs to be more flexibility in obeying the rules we don’t think apply to us” or “our compliance staff is good because they are more business friendly than other shops,” those clues may indicate a potential cultural problem.
Conventional wisdom dictates that a truly ethical and compliance-sensitive corporate culture most often starts at the top, with a company’s top executive. Experts suggest sniffing out the reputation of a top executive.
“It’s a truism that the ‘tone at the top’ is the single most important factor in creating an ethical culture in an investment management firm,” notes Love. “The senior executive and rest of the leadership team must consistently and convincingly insist on a culture of compliance.” Also keep in mind that complexity is not a friend to compliance. The more complicated a business is, the more likely ethical lapses will occur. “A company operating in multiple lines of business, across multiple jurisdictions, will have a more difficult time establishing and maintaining an ethical culture than a single-line business in only a few locations,” she adds.
“No single person creates culture, but a founder or CEO can certainly influence culture,” says Skeet. These top executives can help mold a positive and purposeful ethical culture. “If leadership in a company is committed to designing systems that promote ethical behavior, that’s a positive sign, as is any additional bandwidth they might have to contribute to industry-wide standards.” Moreover, she notes that smart leaders will invest the time to clarify culture when things go wrong.
Skeet suggests watching for four ethical red flags: (1) Employees make disparaging remarks about colleagues in the interview process. (2) The company emphasizes perks and compensation. (3) An emphasis is placed on secrecy, as opposed to confidentiality. (4) References are made to poor or conflicting communication practices.
“If you work for an organization that does not match with your culture, it can be soul crushing,” concedes Cipperman.
About the Author
Lori Pizzani is an independent business and financial journalist based in Brewster, New York.