On November 17, the U.S. Securities and Exchange Commission issued its 2014 Annual Report to Congress on the Dodd-Frank Whistleblower Program and it is clear that the program is going strong. Following are six key takeaways and trends ethics and compliance professionals should learn from the report.
1. Fiscal Year 2014 was momentous for the Office of the Whistleblower, both in terms of the number and dollar amount of whistleblower awards (and they are just getting going).
As the report states, the SEC issued whistleblower awards to more individuals in FY 2014 than in all previous years combined. Of the 14 awards since the inception of the program in 2011, nine were awarded in FY 2014. In FY 2014, the Office of the Whistleblower (the “Office”)received 3,620 whistleblower tips, a more than 20% increase in the number of whistleblower tips in just two years. The report does note that one whistleblower, however, accounted for 196 of the reports over the last several years—all of which were determined to be deliberately false or fictional and denied. That said, this was a year of banner headlines for the program with $30 million dollars awarded to someone located outside the United States and an award of over $300,000 given to a compliance or audit professional who raised issues internally to management first with no action taken.
2. Sean McKessy is running the whistleblower program like a business—not like a government bureaucracy.
Sean McKessy, Chief, Office of the Whistleblower, spent a lot of time in the competitive corporate world where he would have been held accountable for high performance standards and effectiveness metrics—including in his roles as a compliance officer. It is evident from his recent comments as a keynote speaker at the September 2014 annual conference of the Society for Corporate Compliance and Ethics (SCCE) and this report that he is running the Office of the Whistleblower in the same way.
At the SCCE, it was clear that Mr. McKessy enjoys the competitive nature of winning these cases and his annual report reflects the accountability standards and metrics he has put in place for the organization. For instance, the report notes that the Office “conducts analyses to determine whether all eligible cases are posted as NoCAs [Notice of Covered Actions, i.e. reports] to its website, the percentage of calls returned by [the Office] to messages left on the hotline within 24 business hours, and the average number of business days between the issuance of a Final Order of the Commission and written notification to the claimant.”
The report goes on to state that, “We intend to continue undertaking key performance measures in order to ensure the Office is prompt in responding to whistleblowers and other interested parties and to evaluate whether the program is operating effectively.”
Corporate executives and boards should take note that, in the case of this government agency, they should not be counting on the wheels of government turning slowly (note the annual report was issued less than 60 days after the end of the FY) nor should they assume they are dealing with “less business savvy” government personnel who they believe they can “out-lawyer.”
Corporate executives and boards should take note that, in the case of this government agency, they should not be counting on the wheels of government turning slowly...nor should they assume they are dealing with “less business savvy” government personnel who they believe they can “out-lawyer.”
Compliance officers should also take heed and ensure that they also can track and measure the progress, timeliness, quality, and outcomes of their internal cases. And, as the SEC does, the organization should maintain an ongoing channel of communication with employee and consultant reporters throughout the process—even with those who are anonymous.
In addition, as we found and reported in our 2014 NAVEX Global Hotline Benchmarking Report (representing data from thousands of internal hotline reporting systems), the median numbers of days to close a case has recently jumped from 30 to 36 days, which is a red flag warning that delays in investigations could lead to more reports going to Mr. McKessy’s office.
3. We are missing opportunities—employees are reporting internally before going to the SEC.
The report states that to date, over 40% of the individuals who received awards were current or former company employees. An additional 20% of the award recipients were third parties—contractors, consultants, or were solicited to act as consultants for the company committing the securities violation. This seems low as most expected that reports of original information which would likely qualify for an award would primarily be coming from insiders with specific knowledge of wrongdoing.
What is not surprising is that, of the award recipients who were current or former employees, most had raised their concerns internally to their supervisors or compliance personnel before reporting their information to the SEC. In our culture assessment work, we often hear from employees that they would much rather raise the issue internally to their manager than have to take it outside. And, our 2014 benchmarking data showed that 40% of all reports received by our clients internally were substantiated either all or in part. The data from the SEC, backed up by our substantiation data, confirms that companies generally do get the opportunity to resolve issues internally—the question is whether they will take this opportunity or miss it.
4. Organizations need to pay more attention to issues of retaliation.
There isn’t an employee in your organization who doesn’t gauge the potential for retaliation when considering raising an issue that challenges leadership or questions decision-making—including employees at the executive levels. This is an issue that most organizations and compliance officers have not yet been able to manage well. Creating and sustaining a culture of integrity where employees are comfortable raising issues without fear of retaliation is Holy Grail of ethics and compliance programs—but it is not yet a true priority for many corporate executives.
The Whistleblower Office, however, is taking this issue head on as it identifies and monitors whistleblower complaints alleging retaliation by employers in response to the employee’s reporting of possible securities law violations either internally or to the SEC. In 2014, the Commission brought its first anti-retaliation case. The Office also monitors federal court cases involving the anti-retaliation provisions of the Dodd-Frank Act and the Sarbanes-Oxley Act and has proactively and successfully challenged narrow rulings of who is afforded protection.
Addressing fears of retaliation, and training managers and supervisors (through SOX compliance training or other approaches) on recognizing and avoiding retaliation, should be a top priority for any compliance program whether the SEC is focused on it or not. Creating a true speak-up culture and reducing fear of retribution will benefit organizations in many ways—including in the bottom line.
5. Don’t miss the paragraph on the Office’s focus on restrictive employment, confidentiality and severance agreements.
Both in his remarks at the SCCE and in this report, Mr. McKessy highlighted that the Office has been “working to identify employee confidentiality, severance, and other kinds of agreements that may interfere with an employee’s ability to report potential wrongdoing to the SEC.” The report references Rule 21F-17(a) under the Exchange Act that provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications.”
While it may only be a paragraph or so in the report, Mr. McKessy stated in his SCCE keynote remarks that the agency is “looking for the first big case here” and the report states that “we will continue to focus on agreements that attempt to silence employees from reporting securities violations to the Commission by threatening liability or other kinds of punishment.”
6. This is not just A U.S. issue—the U.K. isn’t paying whistleblower awards, but their residents are coming to the U.S. to collect
Finally, the report offers some interesting demographics on who is reporting and their geographic locations. The report notes that during FY 2014, the Commission received submissions from individuals in all fifty states, (as well as from the District of Columbia and the U.S. territory of Puerto Rico), as well as from individuals in 60 countries. While it is not surprising that a high number of reports came in from the state of New York, the highest number of reports in the U.S. actually came from California (556 reports).
It is remarkable that the highest numbers of international reports are coming from the U.K., Canada, Australia, China, and India with the most coming from the U.K. (70 reports). As discussed in a recent Ethics & Compliance Matters article by Andy Foose, after a lengthy study by a commission formed by the Bank of England and the U.K. Financial Conduct Authority (FCA), the commission rejected U.S.-style “bounties” for individuals who report financial crimes to government authorities. We will see if this decision is revisited based on this report.
These statistics show that global reach of the SEC is strong and their international outreach efforts are working. As noted earlier, the $300M award was given to someone outside the U.S. –the fourth whistleblower award given outside of the US. Organizations with global operations need to ensure that both their domestic and global internal communications and reporting system availability are as understood and effective as the SEC’s.
In Mr. McKessy’s SCCE remarks, he said that he hoped that he would only meet those in the audience socially. I think that would be a good plan as this Annual Report is likely an indication of much more to come.