FEDERAL CRIMINAL LAWYERS

What Should I NOT Do When I Notice Compliance Problems?

You just discovered something wrong at your company. Maybe it’s fraud. Maybe it’s regulatory violations. Maybe it’s something that could send people to prison. And now you’re sitting there at 2am wondering what the hell to do about it – because every option seems like it ends badly for you.

Welcome to Spodek Law Group. Our goal is to give you the real information about compliance situations – not the sanitized version that protects companies more then employees. What you’re about to read is what we wish someone had told our clients before they made decisions that changed everything.

Heres the uncomfortable truth that nobody in your HR department will ever say out loud: the instincts that feel right in this moment – report to your supervisor, document everything, tell a trusted colleague – those instincts can destroy your career and your legal protection faster then the fraud you discovered. We put this information on our website because most people have no idea how this actualy works.

The First Instinct That Ruins Everything

The first thought most people have is to report internally. Go to HR. Use the ethics hotline. Tell a supervisor. That feels like the responsible thing to do – actualy it’s what companies train employees to do. It’s also the move that strips away almost all legal protection under federal whistleblower statutes.

Heres the thing. In 2018, the Supreme Court decided a case called Digital Realty Trust v. Somers that changed everything for employees who discover wrongdoing. The Court ruled that the Dodd-Frank Act’s anti-retaliation protections – the strongest protections available to whistleblowers – only apply if you report to the SEC in writing. Report internally first without also reporting to the SEC? You’re an at-will employee who can be fired for any reason, or no reason at all.

Most employees beleive that reporting to their company’s compliance department gives them whistleblower protection. It dosent. The protections you think exist basicly vanish the moment you choose internal-only reporting. This isnt a technicality – it’s the law as the Supreme Court has interpreted it, and it applies to every single whistleblower case going forward.

Todd Spodek has handled hundreds of cases were employees discovered wrongdoing and made decisions in the first 48 hours that determined everything that followed. The pattern is always the same: person discovers fraud, person reports to HR thinking they’re protected, person gets fired six weeks later for “performance issues” that suddenly appeared out of nowhere, person learns they have no Dodd-Frank claim becuase they never reported to the SEC. We’ve watched this happen dozens of times. The shock on people’s faces when they learn the truth is always the same.

The Sarbanes-Oxley Act does provide some protection for internal reporters – but it’s dramaticly weaker. SOX gives you 180 days to file a complaint with OSHA, and you have to go through an administrative process before you can get to federal court. Dodd-Frank gives you six years and direct access to court. Thats the differance between real protection and performative protection.

Look, there are warning signs when a company already knows someone is asking questions. Sudden “reorganization” discussions about a department. IT showing up for “routine maintenance” on computers. Colleagues acting weird. New oversight on projects that never had oversight before. Unexpected one-on-one meetings with management. Getting left out of meetings normally attended. If these signs are appearing, the clock isnt just ticking – it may already have run out.

Your “Evidence Gathering” Will Get You Fired

Every instinct tells you to preserve evidence. Forward those emails to your personal account. Take photos of documents. Download files to a thumb drive. After all, you need proof of what you’re seeing, right?

This is were people hand employers exactly what they need: a legitimate, completely unrelated reason to fire the person who discovered the fraud.

Most employment contracts include confidentiality agreements. Most company policies prohibit removing proprietary information from company systems. When emails get forwarded – even emails that prove fraud – company policy is being violated. And now the employer can terminate someone for a policy violation that has nothing to do with whistleblowing. The violation becomes the reason. The whistleblowing becomes irrelevant.

Let that sink in. Fraud gets discovered. Evidence preservation is attempted. Termination follows for a confidentiality breach. And when a retaliation claim is made, the former employer points to the policy violation and says “we didnt fire her for reporting fraud – we fired her for stealing company information.” That documented policy violation becomes the shield that protects the company from any retaliation claim. The original wrongdoing disappears behind procedure.

Courts have seen this pattern over and over. In the Bramshill case, a compliance consultant forwarded proprietary documents to a personal email account, including the company’s client lists and internal files. The company sued under the Defend Trade Secrets Act. Whatever legitimate concerns the employee had became irrelevant – the focus shifted entireley to the policy violation. In case after case, employees who forwarded work emails to personal accounts found retaliation claims undermined becuase employers could point to a legitimate, non-retaliatory reason for termination. The whistleblowing becomes a footnote. The policy violation becomes the headline.

OK so what do you do instead? You document metadata. You write down dates, times, who sent what to whom, subject lines – information that identifies documents without actualy containing them. You create a personal timeline of what you observed and when. You do NOT remove a single document from company systems. This is extremly important and we cant stress it enough.

An employment lawyer can subpoena those documents later through the legal discovery process. The documents are not going anywhere – they’re preserved on company servers. But being in a position to bring a claim is essential – which will not happen if employers were given a gift-wrapped termination excuse through forwarded emails. The evidence preservation instinct kills cases constantly.

The Company Lawyer Is Not Your Lawyer

After you report internally, the company will probably launch an investigation. A lawyer will show up – maybe internal counsel, maybe an outside firm brought in specificly for this situation. They’ll want to interview you. They might seem sympathetic. They’ll probly thank you for coming forward and tell you the company takes these matters seriousely.

And somewhere in that conversation, they’ll give you whats called an Upjohn warning. Named after a Supreme Court case from 1981, this warning tells you something that sounds minor but changes everything: the attorney-client privilege for this conversation belongs to the company, not to you.

What does that actualy mean in practice? It means everything said to that lawyer can be shared with anyone the company wants to share it with. The company can waive privilege and hand those statements to prosecutors. The company can use what was said to build a termination file. The company can quote those words in a defense against any claim brought later. The conversation that felt like cooperation becomes the evidence that destroys the case. This happens constantly.

Heres the kicker. Someone sits in that interview thinking cooperation is happening, thinking everything is going well, thinking the lawyer is going to help figure out what went wrong. But the lawyer’s client is the corporation – not the employee. The job is to protect the company, and sometimes protecting the company means identifying who else knew about the problem and building a record that those people failed to act appropriatley. The interview isnt collaboration. It’s information extraction.

Someone thinks they’re the whistleblower. To the company’s lawyer, that person might also be a potential defendant, a potential termination, a potential liability to be managed. Clients come to Spodek Law Group after making exactly this mistake – sitting through hour-long interviews, answering every question completly, thinking cooperation was happening, only to discover that the words spoken became the basis for a termination memo. The statements made trying to be helpfull got twisted into evidence of “performance issues” and “attitude problems.”

If you get an Upjohn warning, you have the right to say: “I’d like to consult with my own attorney before continuing this interview.” Excercise that right. It’s not uncooperative. It’s not suspicious. It’s smart.

Why Anonymous Hotlines Arent Anonymous

Most companies have an ethics hotline. The training probably said it’s anonymous. Employees are encouraged to use it to report concerns without fear of retaliation. The HR training made it sound like a safe way to raise issues.

The hotline isnt anonymous in any way that matters.

Think about it. When you call that hotline, you describe specific conduct. You mention specific departments, specific projects, specific timeframes. You describe what you personaly observed. Even if you dont give your name, how many people in the company have the specific knowledge you’re describing? Often the answer is: one person. You.

Companies can trace “anonymous” reports through writing style, level of detail, departmental knowledge, and simple process of elimination. A manager gets a summary of the complaint and immediately recognizes the project described. HR looks at who was in the meetings referenced. IT can see who accessed the files mentioned. The company’s investigator starts mapping who knew what – and the circle narrows to you faster then you think.

And once identity leaks – wheather through carelessness, deduction, or deliberate disclosure – the retaliation begins. Research shows that 54% of employees wont report compliance problems becuase they fear retaliation. Those employees understand something that the glossy compliance training dosent admit: the system isnt designed to protect you. It’s designed to protect the company.

Thats the reality. The “anonymous” hotline exists so the company can say it has a reporting mechanism. It exists to help the company identify problems – and sometimes, to help them identify the people raising those problems. The hotline protects the company from liability. It dosent protect you from termination.

The One Person You Told Just Sank Your Case

You discovered something serious. You needed to talk to someone. The weight of what you know feels unbearable. You told one trusted colleague – maybe a friend, maybe someone who also saw something suspicious. Just one person. What could it hurt?

Potentialy everything basicly.

First, that person might tell someone else. Now identity as the source spreads through the organization. Even if a colleague didnt mean to betray anyone, casual conversation happens. “Did you hear what Sarah found in the accounting files?” becomes “Sarah thinks theres fraud” becomes “Sarah is causing problems.” Information travels. Nobody can control it once it leaves. One trusted conversation becomes five overheard snippets becomes company-wide knowledge within a week.

Second, telling someone creates a witness who can testify about “attitude” and “behavior” in the weeks before termination. Defense lawyers love these witnesses. “Did Sarah seem angry about the company?” “Did she express frustration with management?” “Did she talk about wanting to ‘expose’ anyone?” “Did she complain about her boss?” Suddenly legitimate whistleblowing concerns get reframed as personal vendetta by a disgruntled employee with an axe to grind. The person confided in becomes a weapon used against the case.

Third, and this is critical for False Claims Act cases: you may have just triggered the public disclosure bar. Qui tam cases under the False Claims Act have to be filed under seal – meaning complete confidentiality. The government investigates without the defendant knowing. But if information about the fraud becomes public before you file, or if someone else files first based on information that spread from your disclosure, you can lose your entire right to recovery.

Read that again. Every person you tell is a potential leak. Every leak is a potential bar to your claim. The $10 million whistleblower award you might have received becomes $0 becuase you told your work friend over lunch. Thats not an exaggeration – that’s what the law says.

This is why Spodek Law Group exists – to help you navigate these decisions before you make them, not after.

The Timeline Math Most People Get Wrong

A clock is running on every compliance situation, and most people dont understand how it works or even that it exists.

Under Dodd-Frank, if you report to the SEC in writing, you have six years to bring a retaliation claim. You can file directly in federal court without going through any administrative process. You can get double back pay, reinstatement, and attorney’s fees. The protections are substantial and the statute of limitations is genereous.

Under Sarbanes-Oxley, if you only reported internally, you have 180 days to file a complaint with OSHA. Not 180 days from when you got fired – 180 days from when the adverse action occured. You then go through an administrative process that can take months or years before you can get to federal court. The protections are weaker. The burden of proof is harder. The timeline is unforgiving.

One hundred eighty days versus six years. Direct court access versus administrative hurdles. This is not a minor differance – it’s the differance between a viable claim and a case that dies on procedural grounds becuase someone didnt know the rules. Ignorance of these timelines has killed more whistleblower cases then any other single factor.

And heres what makes this worse: most people dont learn about the Digital Realty distinction until after internal reporting has already happened. People spend weeks or months going through the company’s internal process, thinking a record is being built and the right thing is being done. Then termination happens. Then a lawyer gets consulted. Then the reality hits that the 180-day SOX clock has been running the entire time – and it might already have expired. By the time people learn the rules, the rules have already eliminated the case.

As Todd tells every client who walks through our door: the sequence matters more then the speed. Report to the SEC in writing first. Then cooperate with your company’s internal process. That sequence preserves both protections. The reverse sequence leaves you exposed and potentially without recourse.

What You Should Actually Do

By now you understand what NOT to do. But you’re still sitting there with knowledge of wrongdoing, and you still need to make a decision. Heres the counter-intuitive sequence that actualy protects you:

Step 1: Call a whistleblower attorney before you do anything else. Not after you report internally. Not after you forward emails. Not after you tell a colleague. Before. The first 48 hours are when most people make the mistakes that determine everything. A single phone call can prevent catastrophic errors.

Step 2: Document your observations without removing anything. Write down what you saw, when you saw it, and who else was present. Identify documents by metadata – date, sender, recipient, subject line – without actualy taking copies. Keep these notes outside company systems, on your personal device at home.

Step 3: Report to the SEC in writing before or simultaneously with any internal report. This preserves Dodd-Frank protection regardless of what happens internally. An attorney can help file a proper tip that establishes priority date and maximizes protection.

Step 4: If you choose to also report internally, do so after SEC reporting is complete. And when the company’s lawyers come to interview you, remember: they dont represent you. Request time to consult your own attorney before answering questions. This is your right.

Step 5: Say nothing to colleagues. Not one word. Not to closest work friends. Not to people who “already know.” Confidentiality is not optional – it’s protective. Every disclosure weakens the legal position. The urge to talk will be overwhelming. Resist it completely.

Spodek Law Group has handled cases exactly like yours, where the differance between protection and termination came down to knowing this sequence. The fraud you discovered is serious. Your response to it needs to be strategic and careful.

The company has lawyers. The company has HR professionals trained to manage exactly this situation. The company has a compliance department whose job is to protect the organization. You need someone whose job is to protect you – not the corporation.

Call us at 212-300-5196. The consultation is free. The mistake of waiting isnt.