What Churches Need to Know About Fraud and Whistleblower Protection

Recent scandals in the for-profit and nonprofit worlds have highlighted the importance of integrity within churches. Fraud prevention has been addressed in legislation and accounting standards.

This new level of fraud awareness applies to churches and nonprofit ministries just as much as it does to for-profit organizations; therefore, it is important that churches establish a means for employees to report concerns about misconduct, dishonesty or fraud. Such a reporting structure should be recorded and communicated to employees in a written policy on suspected misconduct, dishonesty and fraud.

Whistleblower protection. One of the two provisions of the Sarbanes-Oxley Act of 2002 that applies to churches is the legal protection of whistleblowers (the other provision relates to document destruction). The act makes it illegal for a corporate entity to punish whistleblowers who risk their careers by reporting suspected illegal activities in an organization. No form of punishment, including firing, demotion, suspension, harassment, failure to consider the employee for promotion or any other kind of discrimination, is allowed.

Punishing a whistleblower in any way is a criminal offense. Even when an employee’s claims are unfounded, the church may not reprimand him. To receive whistleblower protection, an employee does not have to demonstrate misconduct; a reasonable belief or suspicion that violation of a federal law exists is sufficient.

As a result of this legislation, it is important that churches develop procedures for receiving and handling complaints. Churches need to create and implement a formal process to receive and investigate complaints and prevent retaliation. As a part of this process, a confidential and anonymous mechanism should be established to receive employee complaints. These needs for whistleblower protection can be incorporated into a general policy on misconduct, dishonesty and fraud.

Important policy components. Typically, the audit committee has ultimate responsibility for the processes that define the confidential communication system relating to significant employee concerns. Fraud prevention and whistleblower policies should do the following:

1. Provide confidentiality and anonymity to the submitter. Both the perception and the reality of safety are necessary to encourage individuals to speak up about sensitive topics.

2. Enable anyone who may have information about wrongdoing to make a report. This includes employees, vendors and suppliers, internal and external auditors, consultants, advisors and board members.

3. Facilitate the reporting of all varieties of wrongdoing. Many federal and state laws prohibit retaliation for reporting illegal acts. Examples that may apply to your church include:
a. Title VII, which protects employees who report, oppose or participate in the investigation of unlawful discriminatory practices
b. Age Discrimination in Employment Act (ADEA) and state equivalents
c. Americans with Disabilities Act (ADA) and state equivalents
d. Fair Labor Standards Act (FLSA)
e. Employee Retirement Income Security Act (ERISA)
f. False Claims Act
g. State workers’ compensation laws
h. State child labor laws

4. Give submitters choice and convenience. A phone call to truly skilled listeners elicits the most complete set of facts about a case. However, the preferences driven by age and background may dictate allowing people to use the Internet or write a letter. Make the service available at all times and support foreign languages if some employees are non-native English speakers.

5. Focus on obtaining a full set of facts from the submitter. More information is better than less. Experienced and well-trained listeners are better equipped to obtain the information necessary to begin solving problems before they become emergencies.

6. Adhere to a compliance approach, with checks and balances built into the case review and closure steps. The process must include systematic follow-up and tracking capabilities. Instill a culture of accountability that precludes the potential for management to sweep problems under the rug.

7. Put the information into the hands of people who can and will act on it. Invest the time up front to determine specific roles and responsibilities. Establish rules for action and oversight. Retain each and every report, even those that appear to lack substance, so that no bits and pieces are lost.

8. Have options for investigation and resolution. If you use a third-party hotline, the provider must not be the same firm as the one doing the investigating. It is an inherent conflict of interest to listen objectively and at the same time seek additional revenue from investigation activity. Investigation is not the role of audit committee members; use staff personnel who are unrelated to the submitter who are experienced in conducting investigations.

9. Freely publicize the existence of the confidential reporting service. Communicate the safety and availability of the process, and give permission to use it. The whistleblower policy should be included in the church’s employee handbook and policy manual, discussed in the church’s newsletters, presented in training of new employees and periodically (at least annually) be communicated to all current employees.

10. Protect the whistleblower. Churches should take every step possible to protect the confidentiality of the whistleblower. Churches must ensure that no director, officer or employee who in good faith reports a violation will suffer harassment, retaliation or adverse employment consequence.

Used with permission from the ECFA Knowledge Center. ECFA.org