Published in Corporate Boardmember(12/13/10) by Luis Ramos, The Network, Inc.
Eight years ago, the Sarbanes-Oxley Act (SOX) became the most significant legislation ever in terms of regulations and ethics. Today we find ourselves climbing slowly out of the worst recession in 80 years, and a majority of everyday people hold the corporate boardroom – specifically, the greed found in those boardrooms – directly responsible.
One of provisions of the Dodd-Frank Act is in Section 922 – the “whistleblower provision” – and arguably one of the most significant components of the Act. SOX required public companies to establish a confidential channel for Dodd-Frank whistleblowers to report financial misconduct to the SEC and prohibit retaliation. Dodd-Frank builds on that, and in Section 922, also sets up a “bounty program,” allowing whistleblowers who report “original” information to the SEC about securities violations to obtain between 10 and 30 percent of any monetary sanctions awarded in excess of $1 million recovered against the company.
Some deem Dodd-Frank and Section 922 as a necessary evil (and some say just plain evil), but either way it will have a significant impact on public companies. As the SEC comes fully online with various enforcement components, it will become increasingly crucial to have an effective, credible and comprehensive whistleblower program and case management reporting structure in place, and well integrated, across the corporate structure.
The SEC and the Commodity Futures Trading Commission (CFTC) have issued statements regarding just how Section 922 will be enforced. Specifically, before approaching the SEC, the whistleblower should address the matter internally to their company, through whatever ethics reporting structure is in place. This could serve to dissuade, rather than persuade, a would-be whistleblower from coming forward, unless of course they know that their company’s corporate governance policy is sound and trustworthy.
A corporate whistleblower program provides the organization with the ability to quickly respond to issues. By doing this, concerns about fraud and financial misconduct are reported, so corrective action can be taken before a securities law violation occurs and the SEC becomes involved, thereby protecting the company’s interests.
So just what are the best practices companies should follow to sustain an ethical business culture? Every company is a little different, with varying values and degrees of risk tolerance, but here are the essentials:
- A credible and anonymous whistleblower hotline, via experienced third-party outsourcing.
- Consistent, objective case management for investigation and resolution as well as tracking and analysis.
- Clear communication and training with employees and other key stakeholders so they know what to report, how to report, and who to report it to, and also understand the chain-of-custody of their information.
Tied directly into an ethics reporting system, case management resources consolidate, protect and manage information regarding the compliance matter. This same system is then called upon to track and augment, at a fundamental level, the business process in question. However, and all too often, a company’s risk management and policy compliance efforts are hampered by multiple silos of disparate information, spread across various departments including human resources, legal, loss prevention, compliance, finance, etc.
Companies must leverage risk metrics to more quickly identify areas of concern and potential mitigation before the issues flare out of corporate control — and therefore escalated to the levels denoted under Dodd-Frank. Using risk assessment metrics as well as compliance reports, companies can improve their compliance programs and risk mitigation strategies and overall improve the efficiencies in their business processes that identify, manage and act upon risk.
Dodd-Frank and Section 922 will drastically change the landscape of risk management. Today’s companies – if they are to be around and solvent for very long – must enact compliance, hotline, corporate ethics and whistleblower policies that protect company interests and the whistleblower alike. Risk must be proactively managed, in a holistic fashion. Whistleblower programs must ensure all would-be participants that their information will remain privileged and their actions deemed valuable in the larger perspective to the entire organization. It is not only the program itself, but more importantly, how it is managed and refined, that will prove most beneficial to strategic corporate decision-making.
Contact us to see how The Network can help you maintain compliance with the Dodd-Frank Act.