Compliance & Ethics Professional Vol. 7 / No. 6 12 / 2010 A - - PDF document

▶

Sep 08, 2023 387 likes •460 views

Compliance & Ethics Professional Vol. 7 / No. 6 12 / 2010 A PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICS TOP STORIES INSIDE 4 Integrity earns trust 6 Travelers be aware: Common threats and tips to keep you secure 10

SLIDE 1

Compliance & Ethics

Vol. 7 / No. 6

12 / 2010

A PUBLICATION OF THE SOCIETY OF CORPORATE COMPLIANCE AND ETHICS

Professional

Compliance in the Dodd-Frank Era: The case for engaging employees

By Patricia J. Villareal; Henry Klehm, III; and Richard C. Rosalez

SLIDE 3

www.corporatecompliance.org

DECEMBER 2010 COMPLIANCE & ETHICS PROFESSIONAL 33

CONTINUED ON PAGE 34

authority, and direct access” to the board.

3. Qualifjed compliance offjcers

Tie compliance program must include measures to exclude individuals of questionable integrity from doing business for – or sometimes with – the

company. Tiis requirement is practi-

cally implemented through employee, agent, and business partner screening to avoid individuals and entities with prior problems.

4. Training

Tie company must train employees, and periodically communicate the components of its compliance and ethics program to all levels of the company. A corporation can make a much stronger case for having an efgective compliance program if employees, offjcers, agents, and partners are regularly trained on compliance standards.

5. Evaluation and reporting

systems Tie Guidelines call upon companies to evaluate the efgectiveness of their programs, and to maintain and publicize a reporting system for violations, a.k.a., a hotline for reporting issues and complaints. Tie compliance offjcer should periodically report on the program’s efgectiveness to senior management and the board, and at times, use independent professionals to audit and test compliance processes and identify opportunities for improvement. In this day and age, hotlines are the preferred method of reporting conduct or seeking compliance and ethics advice. Tie hotline should allow for anonymity so that employees can use the system without fear

f retaliation, regardless of whether

that fear is real or not. Corporations should feature hotline information prominently in company literature, websites, and the work place. Infor- mation about the hotline should emphasize the availability of anonymity and the prohibition of retaliation.

6. Enforcement

Tie sixth basic requirement is that the program be promoted and enforced consistently throughout the corporation. Tiis must include appropriate discipline for engaging in

r failing to prevent or detect crimi-

nal conduct. It is essential to enforce disciplinary standards uniformly, regardless of the revenue generat- ing contribution of the ofgending

employee. Some programs also

provide incentives for ethical and compliant behavior.

7. Remediation

When problems are found, the

rganization must take reasonable

steps to respond appropriately to the conduct and to prevent further similar conduct, including modify- ing the company’s compliance and ethics program. Recent amendments to Guidelines application notes state that a reasonable response may include remediation of any harm resulting from the misconduct, as well as self-reporting and cooperation with authorities. Ongoing assessment and improvement Tie Guidelines also include fjnal instructions that companies must periodically assess the risk of criminal conduct and take appropriate steps to design, implement, or modify each

f the seven basic elements.5 Compa-

nies should regularly examine how they can make their program more efgetive and implement the necessary modifjcations. The whistleblower provisions Tie Dodd-Frank Act’s most sig- nifjcant compliance-related reform is the adoption of new whistleblower provisions.6 The provisions were expressly designed to “motivate those with inside knowledge to come for- ward and assist the Government to identify and prosecute persons who have violated the securities laws and recover money for victims of fjnancial fraud.”7 Under the new provisions, the SEC must now pay bounties to whistleblowers for “original information” relating to possible violations of the federal securities laws that lead to a successful federal injunctive action or administrative proceeding brought by the SEC. Tie awards can range from 10% to 30% of all fjnes and penalties over one million dollars recovered in the enforcement action.8 Tie whistleblower’s information must be “original,” meaning information that (a) “is derived from the independent knowledge or analysis of a whistleblower,” (b) “is not known to the SEC from any other source,” and (c) “is not exclusively derived from an allegation made in a judi- cial or administrative hearing, in a governmental report, hearing, audit

r investigation, or from the news

media.” Individuals convicted of a criminal violation resulting from the conduct underlying the report to the SEC cannot qualify as whistleblowers – but nearly everyone else

can. Individuals who are involved

in the conduct can report it and

SLIDE 4

34 COMPLIANCE & ETHICS PROFESSIONAL DECEMBER 2010

www.corporatecompliance.org

Compliance in the Dodd-Frank Era: The case for engaging employees

CONTINUED FROM PAGE 33

collect an award if their reprimand falls short of a criminal conviction, undoubtedly a very strong motivator to resolve matters short of pleading

guilty. Whistleblowers can be any

individual or group of individuals who provide information regard- ing a securities violation. Notably, this means whistleblowers could be employees or third parties, including agents, consultants, partners, clients, suppliers, or competitors. Auditors, individuals who work for regulators, and anyone who knowingly provides false information is ineligible to receive a whistleblower award. With staggering fjnancial settle- ments extracted from companies for securities violations, and the Foreign Corrupt Practices Act violations top- ping the list in recent years, potential whistleblowers are likely to weigh reporting possible misconduct in accordance with the company’s compliance program against the potential fjnancial rewards that may result by taking the information to the SEC. Hmm, what’s the better deal? Call the hotline and hope for action, or call the SEC and cut a “get out of jail free” card? Companies should worry that the new whistleblower bounties will create a “race to the regulators.” Tie law will drive employees to provide information to the SEC – rather than the company – because the bounty is only available for “original information.” If the company learns of the information via a hotline report, the SEC’s policies for rewarding self-reporting will provide strong incentives to alert the SEC of the possible problem. But, self-reporting carries its own risk, particularly if the company has limited time to develop the facts, understand the full extent

f any problems, and weigh the never

easy decision to self-report. Many companies will face the dilemma of self-reporting with incomplete information versus losing the benefjts of self-reporting if a whistleblower beats the company to the SEC’s doorstep. At the same time, it seems likely that the SEC may face a fmood of less-than-reliable complaints from whistleblowers who wish to cash in with incomplete or inaccurate facts,

r where the reported conduct is in

fact legal, proper, or simply a human resources management matter. Worse yet, the prospect of a bounty may encourage employees to persist in concealing misconduct in hopes of reporting it at just the right moment —when faced with an adverse employment action. Finally, will it be long before an employee chooses to by-pass a company hotline while “investigating” the matter to build a record for a report to the SEC? Tie potential payofgs are strong and, not surprisingly, plaintifgs law fjrms are actively seeking whistleblowers. Although the SEC has yet to promulgate rules governing awards, some parts of the process are clear. Whistleblowers may identify them- selves or report anonymously to the SEC. Named whistleblowers may have counsel, and anonymous whistleblowers must be represented by counsel. Tie Act also protects whistleblowers from retaliation. Employers may not retaliate against employees for whistleblowing or assisting in an SEC investigation or

ther related action.

Tie anti-retaliation provisions of the Dodd-Frank Act apply without regard to the validity or reasonable- ness of the complaint. Tiis is greater protection than ofgered under Sar- banes-Oxley, where protection was

nly afgorded when there was a “reason-

able belief” that a violation occurred.9 Tie lack of the “reasonable belief” standard appears to protect anyone who submits a report to the SEC, no matter how baseless it may be. And, at least one more theoreti- cal compliance dilemma is posed by the retaliation protections. Public companies are required to estab- lish and publish codes of conduct and ethics.10 Tiose codes typically require employees to follow company policies, and some impose the obliga- tion of promptly reporting suspected misconduct to the CCO or the hot-

line. In other contexts, not following

company policies may be grounds for

termination. Under the whistleblower

provisions, however, an employee who fails to report misconduct through the company’s compliance program when

bliged to do so, and instead reports

to the SEC, cannot be disciplined. Any retaliation will cost the company

dearly. Tie Dodd-Frank Act provides

the aggrieved whistleblower with the right to reinstatement, double back pay, and litigation costs, including attorneys fees.11 Companies will need to address the issue of failing to report misconduct in compliance training materials, employee codes, hand- books, and employment contracts. The case for engaging employees In light of these risks and changes, compliance offjcers and

SLIDE 5

www.corporatecompliance.org

DECEMBER 2010 COMPLIANCE & ETHICS PROFESSIONAL 35

CONTINUED ON PAGE 36

management must consider how they can maximize the efgectiveness

f their programs.

Like all good compliance programs, it starts at the top. As part

f instilling an appropriate culture
f compliance, senior management

should visibly encourage employees to use the company’s resources before turning to the government. At every turn, management must drive supervisors to create an open environment for raising problems –whether it is quality on the produc- tion line, employee safety, or fjnancial

reporting. Only through constant

reiteration of the message will management commitment be successfully communicated. But, it has to be more than just

communication. Management will

have to create carrots and sticks. Supervisors who do a fjrst-rate job of engaging employees and getting concerns surfaced should be rewarded and acknowledged. Likewise, those who do not measure up and discour- age candor will need to learn new skills or sufger the consequences. Management’s actions in this regard will signifjcantly impact employee perception about the company’s commitment to “doing the right thing.” Employee perceptions are also impacted by management’s actions

n day-to-day matters. If manage-

ment takes aggressive positions on accounting policies or the interpre- tation of laws or regulations, how can it expect its employees to cred- ibly believe it will react appropriately to employee concerns on the same subjects? When a corporation delib- erately moves into a gray compliance area, human nature tells us that some employees will go along with suspect

conduct. Others will not, and will

now have powerful incentives to go

utside the company and report their

concerns to the government. The company’s response to reported wrongdoing is also crucial. With the increased likelihood that individuals will report externally rather than to internal hotlines as a result of the whistleblower bounties, companies must be well equipped to conduct thorough investigations at a quicker pace, given the threat of the race to the SEC. Internal con- trols and hotline reporting should be tested regularly. If misconduct is discovered, regulators are certain to ask about the remediation that fol- lowed, including whether ofgenders were disciplined or terminated. Corporations may also consider creative ways to gather information and reward employees for follow- ing codes of conduct and reporting concerns internally. If a tip reported internally has merit, perhaps the employee should be entitled to a bonus or a bounty similar to what he/she would have been entitled to if they had reported it to the SEC. Tiis may seem perverse for companies as they spend substantial sums to inves- tigate either legitimate or frivolous claims of misconduct, but these costs are likely to pale in comparison to potential fjnes, penalties, and litigation costs that result when allegations are well-founded and reported to the authorities. Doing all this takes time and

efgort. When evaluating whether

compliance programs are efgectively “designed, implemented, reviewed, and revised,” or simply, whether they work, prosecutors consider whether the program has suffjcient stafg and resources given the company’s size and complexity.12 Preparing mes- sages, creating training, revising supervisor performance standards, and making sure it is all working are resource-intensive activities, and almost certainly will require more than just the efgort and resources of the Compliance department. Perhaps then, the pitfalls of the whistleblower provisions of the Dodd-Frank Act are best avoided with a broad-based employee engagement efgort that begins with the board and senior management. Tie efgort will take the combined efgorts

f the Compliance, Legal, Human

Resources, and Audit departments to succeed in the short term and be sustainable in the long term. Conclusion Tie Dodd-Frank Act’s whistleblower provisions were designed to alter how individuals and corporations respond to potential

misconduct. Tirough efgective com-

pliance programs, corporations can take steps to reduce the increased risk

f regulatory scrutiny that follows

from an increase in whistleblower

reports. A broad based and sustained

efgort to engage employees and foster transparency and open communica- tion is likely to be the best method to avoid having to run the race to the doorstep of the SEC. Even if that race is ultimately lost though, the company’s real efgort will enhance credibility when a problem arises. A more robust employee engagement efgort will bring more credibility to a

SLIDE 6

36 COMPLIANCE & ETHICS PROFESSIONAL DECEMBER 2010

www.corporatecompliance.org

company’s claims that its compliance and ethics program is efgective. 

Editor’s note: Patricia J. Villareal is a Partner in the Dallas law office of Jones Day, where she is global co-chair of the Securities Litigation and SEC Enforce- ment practice. Her practice focuses

n representing public companies

and their directors facing securities and corporate governance litigation, as well as advising boards and board committees in internal investigation and corporate governance matters. She may be contacted by e-mail at pjvillareal@jonesday.com. Henry Klehm, III is a Partner in the New York

ffice of Jones Day, where he chairs the

firm’s Corporate Compliance Initiative and is a member of the Securities Litigation and SEC Enforcement practice. His practice focuses on regulatory examinations, investigations, enforcement actions, and

ther proceedings with United States and

foreign regulators and on corporate governance matters. He is a former global head of compliance for an international investment bank and a Senior Associate Regional Director for the SEC. He may be contacted by e-mail at hklehm@ jonesday.com. Richard C. Rosalez is an Associate in the Dallas office of Jones Day, where he is a member of the Securities Litigation and SEC Enforcement practice. His practice focuses on representing and counseling public companies and their boards, board committees, officers, and other executives in investigations, enforcement actions, and litigation concerning securities and corporate governance matters. He may be contacted by e-mail at rcrosalez@ jonesday.com.

Notes: 1 United States Sentencing Commission, Guidelines Manual (Nov. 2010). 2 Securities and Exchange Commission, Division of Enforcement, Enforcement Manual, § 6.1.2 (2010); United States Attorney Manual, Principles of Federal Prosecution of Business Organizations, § 9-28.800 (2008). 3 United States Sentencing Commission, Guidelines Manual, § 8B2.1(a) (Nov. 2010). 4 Id. at § 8B2.1(b) through § 8B2.1(b)(7) 5 Id. at § 8B2.1(c). 6 H.R. 4173, 111th Cong. §§ 922(b) and 929A (2010). 7 S. Rep. No. 111-176, at 110 (2010). 8 H.R. 4173, 111th Cong. § 922(a) (2010). 9 The Sarbanes-Oxley Act of 2002 § 806. 10 17 C.F.R. §229.406 (2005); NYSE Listed Company Manual, § 303A.10; NASDAQ Rule 4350(n). 11 H.R. 4173, 111th Cong. § 922(a) (2010). 12 United States Attorney Manual, Principles

f Federal Prosecution of Business

Organizations, 9-28.800 comment. (2008).

Compliance in the Dodd-Frank Era: The case for engaging employees

CONTINUED FROM PAGE 35

Put Your Job Listing in front of

thousands of compliance professionals

When you have a compliance position to fjll, turn to the society of Corporate Compliance and Ethics to reach experienced compliance offjcers. Just fill out our simple online form, and we’ll post your listing to our website, add it to our Twitter feed, and include it in our Career Opportunities email newsletter.

ver 2,000 professionals visit our career
pportunities webpage every month
ver 5,000 people follow our twitter jobs feed,

@Jobs_Compliance

200 words • 90 days • ONLY $400

to Post A Job: www.corporatecompliance.org/jobs