Published in the Project Post-Gazette, January 2014
by Cheryl A. Wilson, PMP, PMI-RMP, CCEP
Under the Dodd-Frank Act passed a little over three years ago, there are new whistle-blower protections offering cash for employee tips leading to enforcement actions. This new whistle blower protections section will change the way current C&E concerns are raised within organizations. The internal reporting of wrong doing will be replaced with an incentive reporting structure for employees to go outside the organization to report organizational wrongdoing. The concern is this provision affects all companies subject to federal securities laws, not just companies in the financial services industry.
To both ensure cooperation by financial insiders and to fight corruption in the financial industry, the Security Exchange Commission (SEC) implemented rules (August 12, 2011) to the Dodd-Frank Act that contained a whistle blowing provision, wherein persons with original information about securities law violations can report this information straight to the government and bypass their organization’s internal reporting structure for a financial reward from the government. This award will be paid out when the violation leads to successful enforcement actions resulting in more than $1 million in penalties. The awards, ranging between 10 and 30 percent of collected penalties, will be paid from an Investor Protection Fund. The same protection against retaliation by the employers exists for the whistle-blower.
All publicly-held companies now face new risks that their employees will bypass their own internal compliance programs and go directly to the SEC in hope of winning huge Dodd-Frank awards (or, in some cases, seeking protection under Dodd-Frank’s anti-retaliation provisions from discharge for their own work-related problems). Currently, most organization have established their own internal C&E program for the training of employees to call the organization’s internal help/hot line to report suspected wrong doing for possible remediation within the organization. This gives the organization a chance to remediate any reported issues within the organization’s internal investigation process if possible and avoid the burden defending against claims taken to the SEC and investigated outside the organization.
Interesting to note, in the case Morrison v. National Australia Bank, a compliance officer for the Chinese subsidiary of Siemens, alleged that Mr. Liu reported his suspicions to the Siemens’ CFO for HealthCare in China for Foreign Corrupt Practices Act violations involving a kickback scheme involving the sale to public hospitals of medical imaging equipment for which he was later discharged from his position. Mr. Liu filed a complaint under Dodd-Frank and the lawyers made a motion to dismiss the case because he initially reported the concerns internally and not to the SEC. Another fact was that Dodd-Frank’s retaliation provision does not extend abroad. It was argued that if whistle-blowers report first to their internal compliance program, and not to the SEC, they cannot sue under the Dodd-Frank anti-retaliation provisions.
On the same note, the SEC and the Commodity Futures Trading Commission (CFTC) have issued statements regarding just how Section 922 of the Dodd-Frank Act will be enforced. Specifically, before approaching the SEC, the whistle-blower should address the matter internally to their company, through whatever ethics reporting structure is in place. This could serve to dissuade, rather than persuade, a would-be whistle-blower from coming forward, unless of course they know that their company’s corporate governance policy is sound and trustworthy.
The SEC reported that in Fiscal Year 2012, it fielded over 3,000 whistle-blower allegations. In order to prepare for this additional risk of investigations starting outside of the organization, organizations from the Board level down through senior management need to assess their internal compliance and training programs, communications practices and ensure employees are encouraged to look at internal reporting options for ways to report compliance and security concerns alongside the Dodd-Frank whistle-blower reporting provision.
15 U.S.C. § 78u-6(h)(l)(a). The Dodd-Frank Act defines “whistleblower” as “any individual who provides . . . information relating to a violation of the securities laws to the [SEC], in a manner established, by rule or regulation, by the [SEC].” 15 U.S.C. § 78u-6(a)(6).
Also in the first year the Securities and Exchange Commission’s Dodd-Frank whistle-blower program, the agency received 324 tips from whistle-blowers working outside of the United States – almost 11 percent of all the whistle-blower reports received by the SEC. The problem with overseas claims, the civil law should not be presumed to apply to overseas.
The PPG has detailed steps to assist organizations in setting up a proactive C&E program:
- Continue to provide clear communication and training to employees and other key stakeholders about their responsibility in reporting suspected wrongdoing and explain how the reporting process works so they know what to report, how to report, and who to report to.
- Ensure there is a clear understanding of the “No retaliation policy” to those that make a report.
- Ensure the number to the anonymous whistleblower hotline is posted and well communicated
- Assure your employees that all reported potential concerns will be investigated
- Use an outsourced experienced agency for your investigations to ensure there is consistent, objective case management for investigation and resolution
- Proactively train managers on their role in encouraging a culture without fear of retaliation and ensure there is communication expressed to those that retaliate. Adopt a policy that violators of this policy will result in dismissal. Add language to your C&E policy to include no toleration of “whistle-blower retaliation using social media.”
- Create a centralized system to record, and track all whistle-blower reports that will provide metrics and analysis.
The Equal Employment Opportunity Commission (EEOC) has reported that retaliation claims have doubled between 2007 and 2012.
There is no reason that an organization should manage their C&E program in a reactive mode as opposed to proactive. Dodd-Frank’s Section 922 will drastically change the way organizations manage their C&E management environment. Risk must be proactively managed as an enterprise process. Past PPG Compliance Central articles have discussed how to set up C&E programs based on the US Sentencing Guidelines. It is now imperative that organizations ensure implementation of solid C&E programs.