client login    languages

Sneak Peek into the SEC’s Whistleblower Office

Request A Demo of Our Ethics And Compliance Solution

Sneak Peek into the SEC’s Whistleblower Office

The SEC Whistleblower Office is now officially one year old, and next month its chief, Sean McKessy, is slated to go before the US Congress to report on the program’s status. At the recent American Corporate Counsel’s annual meeting in Orlando, I was privileged to get a sneak preview of that report. The Office has been very busy and it looks like it’s only going to get busier.

McKessy says that the SEC Whistleblower Office is planning on adding four more employees to the ten lawyers who currently triage and evaluate whistleblower tips before forwarding them to the SEC’s enforcement arm for possible action. They’ll need the extra staff if whistleblower tips continue to roll in at the present rate of about eight a day, or a total of 2,870 in the twelve months between August 12, 2011 and August 12, 2012. In fiscal 2011, which roughly corresponds to the same period, the SEC brought 735 enforcement actions and issued 299 notices of enforcement actions.

Tips have been received from all 50 U.S. states, with New York, California and Florida being the most productive. Tips have come in from all over the world as well, especially China, the UK and India. Whistleblowers emerged from all ranks within the company being reported on, and from non-employees: ex-spouses of employees have proved a particularly fruitful source. The two leading types of securities fraud being reported are corporate disclosure failures and manipulation of public offerings.

This news comes on the heels of the first actual payment to a whistleblower under the SEC’s program. This seems very small in comparison to the millions of dollars paid out in a single qui tam suit, or the parameters of the program itself which promised 10% to 30% of awards collected over $1 million. The key word here is “collected”: in this case, the award against the entity was well over $1 million, but the SEC has only been able to collect a little of this so far.

McKessy tried to convince a skeptical audience of corporate lawyers that the bounty program does not undermine corporate compliance programs, which encourage employees to report misconduct internally. He pointed out that the amount of the award may be enhanced if the whistleblower has already reported internally, and will be reduced if the whistleblower has demonstrated “interference with the in-house compliance program.” (By not reporting internally? Mr. McKessy didn’t say.)

The 120-day rule is also supposed to support internal reporting methods: the whistleblower’s place in line is protected for 120 days after reporting internally, so if another tipster beats him to the SEC within that period, the internal whistleblower will still be eligible for the government payout. What this rule actually does is place extreme time pressure on the company to thoroughly investigate all internal reports, and if necessary, take remedial action and self-report to the SEC. The company can then hope for some credit from the SEC for its compliance efforts. In this regard, companies can take some heart from the recent decision in US v. Peterson, a Foreign Corrupt Practices Act case where Morgan Stanley was let off the hook completely because of its strong compliance program. Peterson was judged just a “rogue employee” who conspired to circumvent Morgan Stanley’s excellent and effective policies.

Another point McKessy made is that the SEC has the power to bring an action for whistleblower retaliation, independent of the individual whistleblower’s right to sue under the Sarbanes-Oxley or Dodd Frank Acts. The fact that the whistleblower does not ultimately receive an award from the SEC is not relevant to the retaliation claim.

The take-away from this insight into the workings of the Whistleblower Office? Establishing and maintaining a robust corporate compliance program is more important than ever. Communicating clearly and repeatedly about how to report and what to report is key. And make sure your anti-retaliation policy is understood throughout the entire organization.

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification