CLOs know there's truth to the old saw, "Never let a crisis go to waste!" That's especially the case when it comes to board education. And—politics aside—the current CIA whistleblower controversy in Washington, D.C. offers just that—an opportunity to remind the board of its important oversight obligations with respect to the company's whistleblower process.

In many respects, the whistleblower can be the bete noir of a corporation (if not also for its CLO). Whistleblower complaints can conjure up costly concerns like embarrassing disclosure, reputational damage, internal and external investigations and endless litigation. Yet the role of the whistleblower as an essential component of a comprehensive corporate compliance program is secure, no matter the type of corporation nor its industry sector. That's something the board needs to keep in mind, and the recent headlines provide an excellent opening for the CLO to provide that reminder.

As most CLOs are well aware, "whistleblower" refers to an organizational constituent who seeks to bring to the attention of internal authorities the possible existence of fraud, malfeasance, waste, criminal activity or some other form of alleged misconduct that has the potential for harming the corporation or its customers. More recently, whistleblower processes have been expanded to address violations of workforce culture standards (e.g., #MeToo). Whistleblower complaints are typically brought to organizational attention through a formalized process, usually under the supervision of the corporate compliance function.

The prominent role of the corporate whistleblower dates back at least to the Enron era, when Sherron Watkins was celebrated by Time magazine as one of three "Persons of the Year 2002" for her role in warning Enron CEO Kenneth Lay about the massive inaccuracies in the company's financial statements. (Interestingly, the other two persons celebrated by Time were also whistleblowers—one at WorldCom and the other at the FBI.)

Indeed, the resulting Sarbanes Oxley Act specifically included a series of public-company oriented provisions relating to the process for handling whistleblower reports and anti-retaliation protection for the whistleblower. The Dodd-Frank law and related rulemaking from the Securities and Exchange Commission specifically address securities whistleblowers incentives and protections. Beyond that, law and regulation affecting specific industry sectors often have their own whistleblower/hotline reporting rules and requirements.

The presence and effectiveness of a corporate whistleblower protocol is ultimately the responsibility of the governing board under its corporate compliance oversight obligations, and through the code of conduct of the company and of its officers and directors. The CLO's interaction with the board on this matter is grounded in his role as both legal counsel to the board, and as the officer (together with the chief compliance officer) for the management of the legal compliance program.

In essence, the board's duty is to make sure that a protocol is in place and that it works. The significance of this duty is underscored by the current intense public and legislative dynamic involving the CIA whistleblower. The CLO can provide real value to the board, and its audit and compliance committee, by offering direction on how best to satisfy these important board oversight obligations.

That direction might be best grounded in a confirmation of the statutory/regulatory framework for the company's hotline reporting and whistleblower protection protocols. Are they the byproduct of industry-specific requirements or recommended principles of conduct (e.g., SEC rulemaking)? Or, are they more general in scope, i.e., reflective of Caremark-based case law, and regulatory guidance such as the Federal Sentencing Guidelines and the Department of Justice Criminal Division's guidelines for the evaluation of compliance programs? (Note that Congress has enacted a series of laws intended to protect whistleblowing by public officials and civil servants.)

Proper topics of high-level board (or committee) diligence could involve the presence of pro-active measures to create a workplace atmosphere without fear of retaliation; appropriate processes for the submission of complaints; processes to protect whistleblowers; the company protocol for investigating such complaints; the timeliness and thoroughness of investigations; and commitment to appropriate follow-up and (if necessary) discipline. Of course, additional oversight inquiry would depend on the answers to these and similar questions.

It may also be appropriate for the board/committee to inquire about trends in the frequency of hotline and whistleblowing activity, the scope and focus of such reporting, and what those trends might suggest about specific areas of corporate concern and the overall effectiveness of the company's hotline/whistleblowing system.

The current Washington controversy provides an interesting glimpse into the mechanics of a governmental whistleblower protocol and the emphasis on protecting the whistleblower from breach of confidentiality and from retaliation. The controversy also serves to demonstrate ethical and due process issues that can arise from such protocols. All food for thought and conversation by the governing board.

Headlines often provide CLOs with unique and timely opportunities to raise key legal issues with corporate leadership. The current, highly public controversy about the role and function of a government whistleblower provides such an opportunity, as it relates to an important board compliance oversight obligation. The board, and its key committees, will benefit from a CLO briefing on the relevance of this controversy to its own governance duties.

Michael W. Peregrine, a partner at the law firm of McDermott Will & Emery, advises corporations, officers, and directors on matters relating to corporate governance, fiduciary duties, and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients.