The Securities and Exchange Commission’s new whistle-blower programme could cause headaches for GCs
Both the Sarbanes-Oxley Act 2002 in the US and the UK Corporate Governance Code (formerly the Combined Code) require listed companies to conduct a review of the effectiveness of their risk management and internal control systems covering all material controls, including financial, operational and compliance controls.