Compliance, ethics, legal and HR professionals in publicly traded companies and across the financial services industry have been patiently waiting (or should I say hoping) for good news from the SEC.
What were they hoping for? That the Commission wouldn’t undermine their internal compliance programs.
Unfortunately, this week, the SEC delivered bad news when it released the Final Rules implementing the Dodd-Frank Wall Street Reform and Consumer Protection Act.
This quote from SEC Chairman Mary L. Schapiro, sums up the agency’s position on specifically encouraging employees to report suspected problems externally to the SEC…
For an agency with limited resources like the SEC, it is critical to be able to leverage the resources of people who may have first-hand information about violations of the securities laws…While the SEC has a history of receiving a high volume of tips and complaints, the quality of the tips we have received has been better since Dodd-Frank became law. We expect this trend to continue, and these final rules map out simplified and transparent procedures for whistleblowers to provide us critical information.
In short, employees are not required to make an internal complaint before they can go to the SEC with their concerns about unlawful conduct or retaliation related to federal securities laws.
It’s Hard To Compete With Cash
What’s the big deal? Money.
Employees who file a report with the SEC get to participate in the widely debated bounty hunter system established by the Act. In cases exceeding $1 million in recovery, the SEC is authorized to pay 10-30% of the recovery to individuals who provided the Commission with original substantive information. (Before this new rule, the SEC’s reward program was limited to insider trading cases and the amount of an award was capped at 10% of the penalties collected in the action.)
Bottom line, employees are incented (by the possibility of a huge bounty) to take their concerns directly to the SEC.
The U.S. Chamber of Commerce, one of the major critics of the rule, considers it “flawed” and like most compliance, legal and HR professionals, believes that employees should report problems internally so that companies are given the opportunity to immediately correct problems. In a statement yesterday, the Chamber said:
In approving this new whistleblower rule, the SEC has chosen to put trial lawyer profits ahead of effective compliance and corporate governance. This rule will make it harder and slower to detect and stop corporate fraud – by undermining the strong compliance systems set up under Sarbanes Oxley to ensure companies take whistleblowers seriously. Armed with trial lawyers and new large financial incentives to bypass these programs, whistleblowers will go straight to the SEC with allegations of wrongdoing and keep companies in the dark. This leaves expensive, robust compliance programs collecting dust, while violations continue to fester, eroding shareholder value.
While the final Dodd-Frank rules clearly create an incentive toward external reporting, there are some components that arguably support internal reporting:
The rules would:
- Make a whistleblower eligible for an award if the whistleblower reports internally and the company informs the SEC about the violations.
- Treat an employee as a whistleblower, under the SEC program, as of the date that employee reports the information internally – as long as the employee provides the same information to the SEC within 120 days. Through this provision, employees would be able to report their information internally first while preserving their “place in line” for a possible award from the SEC.
- Provide that a whistleblower’s voluntary participation in an entity’s internal compliance and reporting systems is a factor that can increase the amount of an award, and that a whistleblower’s interference with internal compliance and reporting is a factor that can decrease the amount of an award.
Cold comfort if you ask me. Especially #2. Even if I report to my company first, I can jump out of my organization’s internal handling of the matter in less than 120 days, and bring in the SEC (having preserved my potential bounty).
Call to Action
Reality is, going to the SEC is a big step for an individual. And if we’ve learned one lesson from decades of workplace litigation it’s that employees make EXTERNAL reports when they feel:
- Unfairly treated
These are factors that your organization can and must control for if you want to protect your bottom line and the integrity of the compliance program you have worked so hard to establish.
The Importance of your Complaint Process
At the heart of an effective compliance program is the ability to make a report or complaint – and have that issue properly handled, without retaliation. If your complaint process isn’t working properly, you dramatically increase the risk that employees will take their beef to an agency like the SEC.
For your compliance program to be effective, employees must feel empowered to speak up. Empowerment thrives in a culture of trust, integrity, and transparency—a culture where employees feel an obligation to ferret out rogue employees who are putting the organization at risk. Employees must believe that their organization will stand behind them when they take that step and get involved, and that they won’t suffer retaliation.
The Importance of Training
I wish that that a high-accountability, ethics-based culture was easy to create, but the reality is that it takes work. The message must come from the top and filter down to every manager and employee.
And it must be constantly reinforced.
All of your employees must be periodically trained on your values and your Code of Conduct. This boils down to habitual, high-quality ethics training. The workforce should also receive specific training about how to make complaints and the zero-tolerance rule for retaliation.
In our ever intensifying regulatory environment, these are nothing less than business imperatives.