Corporate compliance professionals can learn a lot from Tyler Shultz—and we should since Shultz and his niche group of peers are crucial to fending off corporate misconduct. Being a Theranos whistleblower is no small feat.
A Brief Reminder of the Theranos Story
Shultz was instrumental in blowing the whistle at Theranos, which will go down in history as one of the biggest Silicon Valley frauds ever. You may already know the tale: Theranos claimed that it would revolutionize the business of blood testing with a small, automated, wireless device that supposedly would test a pinprick’s worth of blood for all sorts of diseases. In truth, the company had no such technology.
Through most of the 2010s, that lie didn’t stop Elizabeth Holmes, the charismatic young founder and CEO of Theranos. She raised more than $700 million in venture capital, and at one point was meeting with senior Washington officials and appearing on business magazine covers everywhere.
Today, however, Theranos is kaput, and Holmes awaits trial on criminal fraud charges next year. In no small part, that is due to Shultz and several other gutsy Theranos employees who dared to speak up about what was really happening at the company.
Shultz worked at Theranos in 2013, when he was all of 23 years old. He became a source about the company’s misdeeds for the Wall Street Journal, which reported the Theranos fraud in a series of Pulitzer Prize-winning articles in 2015. That investigation ultimately led to federal charges against the company.
Not only did Tyler Shultz take professional risks in exposing Theranos’ failings. He also endured enormous personal pressure, because his grandfather—George Shultz, former secretary of state and a giant in U.S. politics in the 1970s and 80s—was on the board of Theranos. George Shultz was one of the people Holmes played for a fool, and Tyler Shultz had to defy him, too, while fending off Holmes and Theranos’ corporate lawyers at the same time
So how did Shultz persevere through such an ordeal? And what can corporate compliance officers learn from his experience?
My Interview with Theranos Whistleblower: Tyler Shultz
As luck would have it, last month I had the honor of interviewing Shultz on stage at the Association of Certified Fraud Examiners’ (ACFE) annual conference. Shultz was one of the keynote speakers, and in front of 3,500 people, he told his tale which you can watch a clip of here. Several points struck me.
Listen to Your Employees
First, Shultz wanted someone to listen to his concerns — that’s all. Tyler Shultz has said numerous times that he never considered himself a whistleblower; he just wanted to bring his concerns to someone who could find answers.
Compliance officers must always put that point the center of their internal reporting systems. Most employees aren’t looking for any fame, glory, or financial reward that might come from being a whistleblower. Instead, they’re simply driven by strong ethical impulses. They want to correct whatever is amiss and to see their company succeed.
In that case, companies must be able to catch a whistleblower when he or she takes that leap of faith. Whistleblower hotlines and case management systems are one example: those mechanisms should be able to protect an employee’s identity and to let the employee know that his or her allegation has been heard. Good training for managers is another example: they should know how to nurture and protect a speak-up culture, not stifle or ignore it.
Put the Right Controls in Place
Second, strong governance matters. Theranos failed because nobody at the firm exercised proper oversight over Holmes—a striking young woman who padded her board with elderly men who lacked experience in biomedical science.
Maybe those men lacked the scientific expertise to see the company’s shortcomings; maybe they lacked the wisdom to see through Holmes’ charm. The result was the same either way: a runaway CEO, carrying her company down the road to its demise.
Businesses need structures that work as checks against that type of threat. Above all, they need a strong board of directors, supported by an independent internal audit or compliance function (or both, ideally). They don’t necessarily need to be a rival power to the CEO, but they do need enough independent power to move against a CEO who abandons ethical conduct.
Ethics and Governance Isn't Always Easy
Startups and large enterprises alike struggle with ethics and governance. I asked Shultz whether Silicon Valley firms are particularly challenged with ethics, and he said they are. The challenge isn’t so much that startups are unethical. Rather, they focus so intently on growth that they don’t quite consider ethics as they grow. Then they find themselves beset with corporate conduct headaches and few tools to remedy the situation.
That mess is why compliance culture and compliance programs matter so much. The foundation is a leadership team that cares about ethical conduct, but the firm still needs to build at least some structures— Codes of Conduct, workplace policies, internal controls—to support that commitment to ethics.
Ideally, the executive team will listen to ethics considerations early and strive for ways to embed those concerns into operations even as startups move into high growth. As Shultz said earlier, he wanted to help Theranos, not to see it collapse. We may talk about helping whistleblowers when they take that leap of faith to report, but in practical terms, that means systems and training to help others help those whistleblowers.
That’s what companies need to do. As Shultz shows—whistleblowers themselves can be amazingly brave and committed. All a company needs to do is work with them, not against them.