The US Securities and Exchange Commission (SEC), which has been working on a whistleblower bounty program since the Dodd-Frank Act mandated one last July, recently adopted final rules designed to incentivize employees to report original information about a violation of the federal securities laws by rewarding them with between 10 and 30 percent of any judgment or combination of related judgments exceeding $1 million. This new regime, which offers potentially huge awards for reporting alleged violations of the securities laws to the SEC without a requirement of first resorting to existing corporate compliance programs, threatens to undermine the role and effectiveness of corporate compliance procedures that companies have put in place after Sarbanes-Oxley (for more information, see “SEC Solicits Comments on Effect of Whistleblower Bounty Program on Existing Corporate Compliance Programs”).
Responding to the many comments and critics of the proposed whistleblower regime following enactment of Dodd-Frank, the Commission’s rules include several provisions designed to encourage whistleblowers to utilize their companies’ internal compliance and reporting systems. First, if the employee reports original information to the company’s internal compliance program, and the company passes the information to the SEC, the whistleblower will get credit—“and potentially a greater award”—for any additional information generated by the company in its investigation. Second, a whistleblower is permitted 120 days from the time of first reporting internally to report directly to the SEC and still be treated as if he or she had reported to the SEC on the earlier date. Finally, a whistleblower’s voluntary participation in a company’s internal compliance procedures “is a factor that can increase the amount of an award.” Conversely, interference with internal compliance procedures may decrease the award.
Even so, corporate compliance directors have good reason to worry that these new rules do not do enough to incentivize whistleblowers to report information internally. Critics raise a number of problems, including: the length of the 120-day “look back period,” as four months leaves companies inadequate time to conduct the sort of far-reaching and complicated investigations often needed to assess and resolve allegations; the vagueness of the SEC’s promise that first complying with internal procedures will be a “factor” that “can” increase a tipster’s reward; and the massive scale of the incentives offered tipsters—up to 30 percent of any resulting judgment or penalty—may cause a wave of frivolous “tips.” There is also concern that a wave of frivolous “tips” and continued lack of clarity about the definition of a “possible violation” could overwhelm the resources of corporate compliance programs and the SEC, alike.
To what extent these changes may affect, or even undermine, corporate compliance programs is yet to be seen. But companies are advised to consider taking the following steps to better position themselves when the new whistleblower rules go into effect:
- Focus on ways to encourage internal reporting. Companies should ensure that effective reporting systems are in place and should emphasize with employees that those who submit information will be protected from retaliation. To make internal reporting easier, consider creating or renovating toll-free hotlines, anonymous email systems, or other means of reporting that make the process easy and secure. The fewer the hurdles, the more likely tipsters are to report internally.
- Pay close attention to the feedback provided under internal reporting systems to employees who have made complaints, both in terms of timeliness and responsiveness. The higher the satisfaction level with the results of an internal report, the less likely an employee is to seek assistance from the SEC or a plaintiff’s lawyer.
- Emphasize a culture of compliance and set the tone from the top.
- Educate employees on the importance of internal reporting. Employees at all levels should be reminded of the importance of, and resources available for, internal reporting of securities laws violations. Possibilities might include periodic newsletters, presentations, and attention paid to the benefits that have resulted from internal reporting.
- Consider surveying employees on perceptions of effectiveness and usability of internal reporting systems.
- Review and enhance internal investigation capabilities. An efficient and proven ability to respond to, and investigate, alleged violations will promote a culture in which employees believe that their concerns will be addressed. And the added incentives for whistleblowers will increase the number of reports, putting extra pressure on internal compliance programs to respond quickly to employee complaints. Streamlined procedures will be vital.
- Review form release agreements, exit interview forms and arbitration agreements for employees to ensure compliance with the limitations on confidentiality provisions and effective approaches to the restrictions on waiver and arbitration for Dodd-Frank whistleblower claims.
- Be sure whistleblower protections in existing documents, such as the company’s code of conduct, are written in a sufficiently broad manner to cover the new protections.
- Determine whether any additional internal control over financial reporting or disclosure controls procedures should be in place that could identify potential issues for correction before they give rise to a whistleblower report, internal or otherwise.
For more information about the topics raised in this Legal Update, please contact Jay Tharp at +1 312 701 7146, Joseph De Simone at +1 212 506 2559, Marcia E. Goodman at +1 312 701 7953, or Aaron Chait at +1 312 701 7163.