Ethical Issues to Consider When Using ChatGPT
Causes of the Decline in Moral Values

Organizational Implications of Whistleblowing

Protections and Retaliation

What makes one person speak out and blow the whistle on wrongdoing while another remains silent? Is it a “moral sense,” as Thomas Jefferson wrote, that instinctively motivates a person’s thoughts and actions? Is it motivated by avoiding harm to others? Is the act of blowing the whistle morally permissible? Is it morally obligatory? How does the organization culture influence whistleblowing? These are some of the ethical issues addressed in this blog.

I have previously blogged about the morality of whistleblowing. Today's blog examines the organization culture that can encourage or discourage would-be whistleblowers to come forward and report wrongdoing. It is written from an academic's perspective. So, the old adage applies: You can take the academic out of the classroom but you can't take the classroom out of the academic.

Organization Culture

Organization culture pertains to the values, processes, internal reporting mechanisms, and decision-making that provides the internal ethical environment. Simply stated, organizational culture is “the way things are done around here.”

Organizational support for whistleblowing occurs when the organization provides an effective vehicle to blow the whistle, specific measures exist to protect the whistleblower’s identity, and internal reporting requirements are clearly defined. Hoffman and Schwartz believe that one is not obligated to blow the whistle internally unless an anti-retaliation policy against whistleblowing that is enforced exists. They would leave it up to the employee to make that decision.[1]

Whistleblowing always involves an actual or at least declared intention to prevent something bad that would otherwise occur. It always involves information that would not ordinarily be revealed. Most ethicists agree whistleblowing is an ethical action. The “standard theory” on whistleblowing of Davis holds that whistleblowing is morally required when it is required at all: people have a moral obligation to prevent serious harm to others if they can do so with little costs to themselves.[2]

Davis believes that what seems to make whistleblowing morally problematic is its organizational context. “The whistle-blower cannot blow the whistle on just any information received as a member of an organization. Instead, to be a whistle-blower is to reveal information with which one is entrusted." Whistleblowing


De George identifies five criteria when whistleblowing is morally permitted:

“(1) the firm’s actions will do serious and considerable harm to others; (2) the whistleblowing act is justifiable once the employee reports it to her immediate supervisor and makes her moral concerns known; (3) absent any action by the supervisor, the employee should take the matter all the way up to the board, if necessary; (4) documented evidence must exist that would convince a reasonable and impartial observer that one’s view of the situation is correct and that serious harm may occur; and (5) the employee must reasonably believe that going public will create the necessary change to protect the public and is worth the risk to oneself” (De George 2010).

De George’s criteria provide a foundation for moral action when contemplating whether to blow the whistle. He rejects the position that external whistleblowing is always morally justifiable and rejects the position that external whistleblowing is never morally justifiable. The critical factor for De George is whether the agent’s motivation for action is a moral one (i.e., to expose unnecessary harm, and illegal or immoral actions), not one motivated by revenge.

In their analysis of De George’s criteria for whistleblowing, Hoffman and Schwartz merge the second and third criterion and label them “Internal Reporting Principle.” The Internal Reporting Principle requires reporting up the chain of command all the way to the board of directors, if necessary. Hoffman. They agree that internal whistleblowing, whenever possible, should be a requirement before external whistleblowing takes place and the internal reporting criterion would be met if the whistleblowing takes place anonymously.

Whistleblowing through an internal tip was found to be the most common way for occupational fraud to be initially detected. A 2022 Report to the Nations by the Association of Certified Fraud Examiners (ACFE) provides useful information about the methods most frequently used to detect occupational fraud.  Notably, 70 percent of the methods used pertain to the internal control environment as follows: (1) tip (42%); internal audit (16%); and (3) management review (12%).[3]

Frequency of Methods Used to Initially Detect Occupational Fraud






Internal audit


Management review


Document examination


By accident


Account reconciliation


Automated transaction/data monitoring


External audit




Notification by law enforcement






It is worth noting that 70 percent of victim organizations in the study had hotlines, an effective method of encouraging using a tip to report financial wrongdoing. Organizations with hotlines detected fraud in 12 months compared to those without a hotline (18 months). The percentage of cases detected by tip were 47 percent for organizations with hotlines compared to 31 percent of organizations without hotlines. Hotlines can be compromised when organizations enforce confidentiality agreements like the one in the case study.

The results of the ACFE study support the internal reporting requirements in that 30 percent of respondents indicated that they initially report to their direct supervisor while 15 percent report to an executive, 12% to internal audit, and 12 percent to the fraud investigation team. The whistleblower

Sarbanes-Oxley Act 

The Sarbanes-Oxley Act (SOX) contains protections for accountants and other finance employees of public companies who serve as the front-line protectors of financial integrity and reporting. Section 806 creates a new civil action for employees of publicly traded companies who face retaliation for providing information about, or participating in investigations relating to, what they believed to be violations of securities laws on part of their employers[4]

There are three elements to a SOX claim: (1) the employee is engaged in protected activity; (2) the employer took adverse employment action against the employee; and (3) the adverse employment action against the employee was caused at least in part by the protected activity.

Employees engage in protected activities when they complain – internally or to regulators – that the company has violated a federal rule or law related to fraud on shareholders including the Securities and Exchange Act of 1934. An employee is protected only for raising possible violations of federal laws, so if an employee complains about violations of state regulations, without reference to possible federal law violations, SOX will not protect the employee.

Despite this narrow definition, SOX insulates an employee from retaliation for a wide range of protected conduct, from simply performing auditing duties to contacting the news media about possible shareholder fraud that has a negative impact on shareholders and investors. While employees must reasonably believe that the employer is engaged in fraud or a violation of securities laws, they do not have to be right in that belief. So long as the employee’s belief is reasonable, the employer cannot retaliate against the employee for speaking out.

Dodd-Frank Financial Reform Act

Dodd-Frank changes the regulatory landscape for internal accountants, external auditors, auditing firms and other financial professionals by protecting whistleblowers that “voluntarily” provide the SEC with “original information” about a violation of federal securities laws that leads to a successful enforcement proceeding.[5]

Voluntarily means the whistleblower has provided information to the Securities and Exchange Commission (SEC), a self-regulatory organization, or the Public Company Accounting Oversight Board (PCAOB) that oversees the audits of public companies in the U.S. Original information must be based upon the whistleblower’s independent knowledge or independent analysis, not already known to the SEC and not derived exclusively from an allegation made in a judicial or administrative hearing or a governmental report, hearing, audit or investigation.

Dodd-Frank prohibits employers from retaliating against employees for disclosing information as required or protected under SOX, the Securities Exchange Act of 1934, and any other law, rule, or regulation subject to the jurisdiction of the SEC. Dodd-Frank also requires the SEC to implement a new whistleblower program that pays to whistleblowers awards of between 10% and 30% of the amounts the SEC recovers in a legal action in excess of $1 million based on the whistleblower’s report. Some have characterized the reward as incentivizing whistleblowing and providing a bounty hunter’s payment for disclosing the relevant information to the SEC.


The essence of protection under SOX and Dodd-Frank is confidentiality. Keeping the identity of a whistleblower secret is essential to protect against reprisals from co-workers, employers and supervisors, and create a climate that encourages future whistleblowers. Employers are prohibited from retaliating against whistleblowers for providing information to the SEC.

On May 5, 2023, the SEC announced the largest-ever award, nearly $279 million, to a whistleblower whose information and assistance led to the successful enforcement of SEC and related actions. This is the highest award in the SEC’s whistleblower program’s history, more than doubling the $114 million whistleblower award the SEC issued in October 2020.

"The size of today’s award – the highest in our program’s history – not only incentivizes whistleblowers to come forward with accurate information about potential securities law violations, but also reflects the tremendous success of our whistleblower program," said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. "This success directly benefits investors, as whistleblower tips have contributed to enforcement actions resulting in orders requiring bad actors to disgorge more than $4 billion in ill-gotten gains and interest. As this award shows, there is a significant incentive for whistleblowers to come forward with accurate information about potential securities law violations."

The bottom line is unless the organization supports whistleblowers and encourages their coming forward when financial wrongdoing occurs, it is unlikely that most would-be whistleblowers will act in accordance with moral values. Even though they may feel morally obligated to blow the whistle, they may be reluctant to do so because of fear of retaliation. That is why organizations should create an ethical culture to support whistleblowers.

Blog posted by Steven Mintz, PhD on June 15, 2023. Find out more about his professional activities on his website (  Follow him on Facebook at: and on Twitter at:


[1] Journal of Business Ethics

Vol. 127, No. 4, Festschrift on Richard T. De George (April 2015), pp. 771-781.

[2] Business & Professional Ethics Journal

Vol. 15, No. 1 (Spring 1996),


[4] (18 U.S. Code § 1514A).

[5] (H.R. 4173 2010).