One of the primary concerns expressed with respect to the proposed rules for the Securities and Exchange Commission’s new Whistleblower Program is that the monetary incentives being offered (between 10% and 30% of recovered amounts where sanctions are in excess of $1,000,000) will undermine the effectiveness of a company’s internal compliance programs.
In attempting to reconcile this concern with the program’s goal of incentivizing persons with information about potential securities law violations to come forward, the proposed rules prohibit an employee that is responsible for, or who gains information through, a company’s internal compliance programs from qualify as a whistleblower, unless the company fails to disclose the reported violations within a reasonable time or acts in bad faith. An employee that learns of a potential violation other than through a company’s internal compliance programs would, however, qualify as a whistleblower. Such an employee would have the option, but not the obligation, of first reporting a potential violation through their company’s internal compliance programs, and would still be able to preserve their right to receive an award under the Whistleblower Program by submitting the same information to the Commission within 90 days of the original report.
In its proposing release the Commission states that it will consider whether a potential violation was reported through internal compliance programs in determining the percentage of sanctions to award a whistleblower, and will consider higher percentages for those who first report violations internally but will not penalize those who do not do so for legitimate reasons. The Commission is of course seeking public comment (due by December 15) on all aspects of the potential interplay between its proposed rules and company compliance programs.
In the meantime, it’s definitely not too early to begin assessing the effectiveness of and revising your own internal compliance programs. Remember, regardless of when the new rules are implemented, any information submitted to the Commission after July 21, 2010 (the enactment date of Dodd-Frank) is eligible for an award under the Commission’s Whistleblower Program, and we’re already seeing the emergence of websites like SECWhistleBlowerProgram.org and WhistleBlowerLawyerBlog.com that encourage would-be whistleblowers to: Call Now for a Free Consultation!
In light of the proposed rules, here are four things you can do to strengthen your existing internal compliance programs:
1. Increase Awareness. Educate your employees. Provide training to help them recognize the red flags associated with potential securities law violations, such as financial statement manipulation or false regulatory reporting. Make sure your employees are fully acquainted with your internal procedures for reporting potential violations.
2. Make Internal Reporting Easy. According to the Association of Certified Fraud Examiner’s 2010 Report to the Nations, occupational fraud is more than twice as likely to be uncovered by a tip than by any other means:
It should be as simple as possible for your employees to report a potential securities law violation. Do you have a hotline or a helpline? Consider using a single, central helpline to address possible compliance issues, whether they be securities law violations or human resource issues, and encourage your employees to proactively seek guidance on all ethical, legal and regulatory issues. Ensure that your compliance programs are available during more than just regular business hours and offer multiple means of reporting; employees should be able to anonymously mail, email or submit tips via a web form.
3. Set the Ground Rules. You should have protocols in place to timely investigate and effectively deal with reports of potential securities law violations. Your compliance programs should delineate a clear line of reporting with assigned roles and responsibilities and your policies should be readily understandable and conspicuous, particularly your policies regarding non-retaliation and disciplinary measures for reports made in bad faith.
4. Consider Implementing Your Own Reward System. Reward systems are a polarizing issue. On the one hand there are those that believe employees, by virtue of their employment, are already obligated to report potential securities law violations and, as such, should not be rewarded for simply doing their job. On the other hand there are those that believe, whether as an incentive to report or as a reward for having reported, employees should receive recompense when they report potential securities law violations. How ever you may feel about the issue, Congress made its opinion known with the enactment of Dodd-Frank, and whether to compete or simply keep up, you should consider implementing your own reward system, monetary or otherwise, to encourage internal reporting of, and acknowledge those who do report, potential securities law violations.