With a deadline looming for SEC regulatory guidance on whistleblowing, it’s timely to compare the two preeminent pieces of legislation which mandate ethics reporting for corporate America. The Dodd-Frank Act, just like its 2002 precursor, the Sarbanes-Oxley Act (SOX), aims to increase corporate transparency and financial accountability. SOX covers all publicly traded US companies. Dodd-Frank targets the financial services industry. Both transform the ways that companies do business.
SOX mandated the internal hotline, but Section 922 of the Dodd-Frank Act would seem to favor moth-balling rather than strengthening internal reporting programs by creating a bounty scheme for whistleblowers who bypass them and go directly to the SEC. Proposed rules under Section 922 issued last November did little to redress the balance in favor of internal reporting. The final guidance is due later this month. But at least for now, companies should take a close look at their current ethics & compliance programs.
Maybe we should take a lesson from our British friends, who just put out the playbook for the UK Bribery Act. One of the premises of that legislation is the idea that companies with “adequate procedures” in place to prevent bribery may avoid liability for the misconduct of their employees and agents. In the case of Dodd-Frank’s whistleblower bounty program, perhaps we should look at our own “adequate procedures” for ensuring corporate compliance. Is it time to renew education and awareness efforts, including the promotion of an internal hotline? Are investigation and case management processes sufficient to ensure that all reports are swiftly, thoroughly and objectively handled? Are managers trained on the critical importance of avoiding even the appearance of retaliation against would-be whistleblowers?
(For more information, read “Dodd-Frank and SOX: A Whistleblower Comparison.”)