This morning, ACC registered what may be some of the most important comments the SEC considers this year. On behalf of 270 companies, we asked the Commission to think long and hard about rules they’ve proposed that will determine whether corporate compliance and reporting programs flourish or perish pursuant to whistleblower policies mandated by Dodd-Frank’s sweeping reforms.
What’s at stake? If you’re a company that relies on your employees to assure that work is done legally and responsibly, the answer is pretty much everything. And, pretty much every kind of company – industry, geography, size, etc. – is represented in the “sign-on” group for our comment letter. The in-house community is fully engaged in this debate because in-house lawyers see these proposals as undercutting the efforts they’ve made to build and continually improve upon corporate compliance programs for the last several decades.
You can read our comment letter for the full backdrop on the law and the proposed regs that we’re so concerned about. In a nutshell, Dodd-Frank includes a provision (Section 922) that mandates that the SEC put together a more aggressive whistleblower incentive program, modeled on the one currently in place for employees of government contractors under the False Claims Act for qui tam claims. The SEC is required under Dodd-Frank to promulgate rules that will define the procedures to administer the whistleblower system that the Act creates, and they proposed the rules they’d like to adopt in November.
So, why do we see these rules as such a significant challenge? Not because companies are against the idea of whistleblowers. Rather, they’re concerned because the SEC proposals essentially kick the legs out from under the carefully constructed compliance and reporting systems emanating from federal and state mandates, the U.S. Sentencing Guidelines, and growing public expectations of corporate self-policing. The SEC’s proposed rules suggest that employees who uncover problems in their companies don’t need to tell the company about the problem or help fix it – instead, if they can build a file that demonstrates fraudulent activities by some rogue employees at the company, they can turn that into the SEC instead and share in a significant portion of any fines collected – potentially millions of dollars. Basically, regulators have moved from an interest in protecting whistleblowers and facilitating their reports toward a system that establishes huge potential rewards for bounty hunters who don’t have interest or investment in making sure their company is doing the right thing, but rather are rewarded only when the company can be shown to do the wrong thing.
Here are my questions:
- If employees aren’t obligated to tell their employers about bad hats in the company, how does the company find out about problems and either avoid them or police them/correct them?
- If employees are able to collect bounties against their employers even if they are also involved in perpetrating the fraud they’re reporting, exactly what incentive do they have to help the company obey the law?
- Stepping back a bit, haven’t we spent the last few decades diligently directing companies to invest their futures in figuring out how to create and enforce the most robust compliance programs? Aren’t those programs fundamentally connected to an expectation that employees will actually be the ones who make it possible for the company to comply? Otherwise, how is a company expected to learn of and correct wrongdoing within its ranks if its employees aren’t working to promote that interest internally?
Let’s be clear: in-house counsel are committed to compliance and reporting systems and are not the enemy of whistleblowers. In fact, in many ways, they helped create the opportunity for whistleblower protections long before legislation was in place. Another key point — it is in-house counsel who facilitate and promote the reporting of problems within companies in general. But these proposed rules aren’t about protecting whistleblowers or encouraging robust reporting — they’re about incenting bounty hunters. And if we look at the ramifications of such a new direction, we must then logically question whether the rules improve or frustrate the purposes of the Dodd-Frank Act.
If you value an effective process by which problems are discovered, vetted and resolved before anyone is hurt, there many reasons why you might want the company in the game at the outset to help. Does anyone at the SEC have a plan for how they’re going to receive, process, review and investigate what may be thousands, if not hundreds of thousands, of complaints from eager applicants for bounty funds? The SEC is already quite concerned about how it will write the 90+ regs that Dodd-Frank alone requires it to complete within the coming months, while fulfilling its already overflowing workload (see Wall Street Journal, “Regulator Is Slowed By Budget Impasse” by Jean Eaglesham and Victoria McGrane, December 15, 2010).
It seems pretty clear the SEC isn’t well-equipped or appropriately staffed to sift through and investigate the merits of thousands of complaints. So after a complaint is filed, and there is a wait for a few months for someone to be able to review it, what will the SEC then need to do? Send it back to the company for investigation. What’s been happening in the meantime? Potentially more fraud.
What about the majority of reports lodged on whistleblower systems in companies currently that will now be filed with the SEC? I suppose they’ll all warrant a full SEC investigation, even though empirical evidence suggests that most complaints are actually HR disputes and the like? Basically, this reg would frustrate the efficient and speedy redress of any legitimate concerns that the SEC may receive. It would also potentially allow more problems to fester than would be the case if the company was informed at the outset and able to examine and address a problem raised by an employee.
What do you think?