X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

This is the third article in a series presenting post Dodd-Frank Act best practices for in-house counsel and compliance professionals. Two and a half years after its passage and more than a year after key rules went into effect, the Dodd-Frank Act’s whistleblower program has generated some 3,000-plus tips, complaints, and referrals, and yielded its first announced SEC enforcement action in 2012. Though the full scope of the program continues to unfold, the fact that more than 3,000 individuals believe they have stories to tell sends a clear signal that regulated entities had better be ready to react if and when a whistleblower investigation arises.

With the U.S. Securities and Exchange Commission now paying whistleblowers—even anonymous whistleblowers—a bounty for information that leads to a successful enforcement action with sanctions of $1 billion or more, it’s more important than ever that companies establish and support a culture of speaking up. In this new regulatory environment, the role of criticism, especially self-criticism, has been fundamentally transformed. To stay ahead of regulators, a company must be more self-critical, and more active in internal investigations and reporting, than ever before.

That’s because the SEC’s Dodd-Frank whistleblower rules give potential whistleblowers an incentive to self-report to their employers before they turn to the regulators. This is good news. Generally speaking, the sooner a company learns it has a problem, the better its chances are of fixing the problem on its own.

However, creating a true culture of speaking up is no simple task. Enticing potential whistleblowers to report alleged wrongdoing internally requires an extraordinary level of trust on the part of whistleblowers—trust that their stories will be properly addressed, without retribution. Building that type of trust requires leadership, honesty, keeping faith with employees, and any number of other virtues that are difficult to build into a flow chart.

In other words, simply establishing an in-house reporting hotline will not suffice.

While there’s no single best way to prepare for this level of self-criticism at a company, several steps should be considered. Start by identifying which internal organization will oversee the program. Placing it under the auspices of the legal or compliance departments is a natural first step, although an internal audit or an internal fraud investigative unit may also be an option. Since legal and compliance professionals are often the first persons contacted when an employee has a story to tell, few would argue that the best place to report a legal problem is to the law department, or a compliance problem to the compliance department.

In addition, because of existing training operations, these departments are already well suited to oversee an outreach initiative. That could go a long way towards enticing a potential whistleblower to pick up the phone.

Next, the company must decide exactly who will listen when an employee has a painful story to tell. Someone within the organization—perhaps the general counsel, the chief compliance officer, or a corporate ethicist—must be designated to lead the program. In general, the higher the individual’s profile as a trustworthy point of contact, the better. The ideal candidate will have authority, independence, and a reporting link directly to the top of the organization.

Once the individual is identified, steps must be taken to spread the word about his or her availability, including the terms of access and—just as importantly—why he or she should be trusted. It should be emphasized at the outset that conversations will be kept confidential to the fullest extent permitted by law and that the person’s accessibility is part of an overall organizational philosophy, such as a particular approach to quality assurance.

In this case, telling potential whistleblowers “my door is always open” is not enough. To resolve issues internally, a company must protect the people who bring problems to its attention. As a legal matter, antiretaliation provisions have been a recurring element in all SEC self-reporting initiatives. They appeared in the Sarbanes-Oxley Act as well as the SEC’s compliance and whistleblower rules. Careful consideration, therefore, must be given to these requirements and the protection of sources, because the first employee who reports an issue and is burned will likely be the last.

Finally, once an allegation has been made, internal processes must be in place to investigate. The commitment to learn the truth should be made formally and explicitly at the outset of a crisis. The right tone can be set by a senior executive who says: “I want to know what happened here, and I want to know it as soon as possible.” Such a mandate will animate the entire response.

When the SEC issued its 2001 Cooperation Release—the first and still the most important statement of its expectations regarding self-reporting—the agency set out the following considerations, which can serve as something of a checklist when considering how to respond to an internal whistleblower:

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.