It’s tough to get employees to speak up when they see signs of wrongdoing. Just ask some of the companies that have been charged with FCPA violations over the past few years. In many cases, employees knew what was happening, but didn’t have the confidence, courage or incentive to come forward. And who can blame them? The repercussions can be devastating for whistleblowers.

But it’s in a company’s best interest to encourage employees to report wrongdoing internally, so it's important to work towards a culture in which employees feel comfortable about speaking up. There are several ways to do that, but one of the most important is to set an example by learning to manage whistleblower complaint investigation well when someone does work up the courage to come forward.

Act Quickly: Complaint Investigation

"The first step a company should take is to make contact with the whistleblower, when the whistleblower is known," says Lisa Noller, a litigation partner with Foley & Lardner LLP. The best practice is for the employer to contact a known whistleblower complainant within 24 hours. This should be a listening session – offering the employee an opportunity to explain his concerns and identify how he believes they may best be addressed.”

Noller says that the first contact with the whistleblower can be from a compliance officer, legal department representative, the person's manager, a human resources employee or whoever the company determines is the best person for the circumstances. But no matter who it is, she advises, they should make contact quickly and avoid judging the information provided.

To Investigate or Not to Investigate?

"Depending on the information the whistleblower provides, the company needs to evaluate whether it needs to investigate the whistleblower’s concerns," says Noller. "Sometimes the issue is more of an HR issue than a legal violation. The former can be referred to HR or another department to follow up," she says.

In other instances, when what the whistleblower is raising is a potential violation of the law or another serious matter that could lead to civil or criminal liability for the entity, the company should consider whether it needs to conduct a complaint investigation into the allegations, using inside counsel or outside counsel, depending on the nature of the allegations, says Noller. "The company needs to follow up on all credible allegations and should meet with the whistleblower as often as is necessary to gather additional facts.  Just as important, the company should let the whistleblower know that his or her concerns are being listened to and remediated and that the company has taken them seriously," she says.

Assessing Risk

At some point the company may decide that they need to self-disclose to the government, either because of regulatory requirements or because it’s going to minimize the risk in not disclosing," says Noller. The company may also decide to take other action, such as conducting more interviews or requesting documents. This will be determined by the nature and scope of the whistleblower's allegations.

I don’t think that every whistleblower allegation demands a full-blown internal investigation by outside counsel. But the company should investigate on the front end and determine the scope of the risk. If it’s significant, if officers are implicated or the investigation should be privileged, then companies should give serious thought to hiring outside counsel to run the investigation," says Noller.

If there’s significant risk, she advises the company to consider involving outside counsel and conducting an investigation. If not, a company can decide to handle the complaint internally, as the context dictates.