Internal Reporting Is Not Required
Internal reporting procedures have been an important part of corporate compliance programs at virtually all regulated companies for many years, and took on an even more prominent role after the enactment of Sarbanes Oxley. With the advent of Dodd-Frank – and its enhanced penalties and larger bounties – the need for strong internal reporting and investigatory systems has become even more acute. Indeed, most companies have enhanced these processes in the past year in the hope that they will learn of a problem before a whistleblower reports it to the authorities. The final Dodd-Frank regulations, however, seem to send a mixed message to companies and whistleblowers regarding internal reporting programs. Although the Final Rules do not require an employee to report an alleged securities violation to the employer first, they do contain some provisions that the SEC states will “expand upon the incentives for whistleblowers to report internally.”
The decision not to require employees to report alleged violations internally prior to complaining to the SEC was the subject of much criticism by business and securities groups. The Association of Corporate Counsel harshly criticized this “no internal exhaustion” rule, stating that “[t]he SEC’s bounty rule is a Pandora’s box that, when opened, is likely to create new and even unanticipated harms once the floodgates are open, and we question whether the SEC even has the capacity to handle a torrent of new reports,” adding that “the final SEC rules undermine internal compliance program[s] by preventing companies from addressing festering allegations of misconduct.” Press Release, Association of Corporate Counsel Frustrated by Today’s SEC Ruling on Whistleblowing Bounty Provisions of Dodd-Frank Law (May 25, 2011), http://www.acc.com.
The SEC explains its rationale for not mandating internal reporting is to induce prompt reporting of possible securities violations and enhance its enforcement capabilities:
[T]he broad objective of the whistleblower program is to enhance the Commission’s law enforcement operations by increasing the financial incentives for reporting and lowering the costs and barriers to potential whistleblowers, so that they are more inclined to provide the Commission with timely, useful information that the Commission might not otherwise have received.
Final Rules at 105.
Noting that internal reporting will not always advance its goals, the SEC states that “providing information to persons conducting an internal investigation, or simply being contacted by them, may not, without more, achieve the statutory purpose of getting high-quality, original information about securities violations directly into the hands of Commission staff.” Id. at 34. In this regard, the SEC also points out that not all internal reporting systems are created equal, stating “while many employers have compliance processes that are well-documented, thorough, and robust, and offer whistleblowers appropriate assurances of confidentiality, others do not.” Id. at 91. It is concerned that a company notified of a violation prior to an SEC investigation might destroy documents or attempt to tamper with witnesses. Id. at 104. Thus, the SEC concludes, there are cases where internal disclosures “could be inconsistent with effective investigation or the protection of whistleblowers.” Id.
The SEC also emphasizes its belief that mandatory internal reporting might discourage some potential whistleblowers from reporting at all. The SEC explained that it believes that there are a significant number of whistleblowers who would respond to the financial incentive offered by the whistleblower program by reporting only to the Commission, but who would not come forward either to the Commission or to the entity if the financial incentive were coupled with a mandatory internal reporting requirement. Id. at 103.
In addition, the SEC believes that, because of the greater potential for financial reward, the cases most likely to go to the SEC without internal reporting are those “involving clear fraud or other instances of serious securities law violations by senior management.” Id. at 232, n. 456. The SEC’s view is that the benefit to the public of bringing such cases directly to it is so great that it justifies bypassing the internal compliance system.
According to The Chief Officer of the Office of the Whistleblower, Sean McKessy, employers’ fears that employees would skip over internal reporting, in hopes of gathering a bounty, have not come to fruition. McKessy reported that the overwhelming number of persons who made complaints to his office had previously reported their complaints to the employer.
Hat tip: An outstanding article that covers the law and final regulations in comprehensive fashion is Dodd-Frank and the SEC Final Rule: From Protected Employee To Bounty Hunter, ST001 ALI-ABA 1487 (July 28-30, 2011), which was written by Littler Mendelson, P.C. lawyers John S. Adler, Edward T. Ellis, Barbara E. Hoey, Gregory C. Keating, Kevin M. Kraham, Amy E. Mendenhall, Kenneth R. O’Brian, and Carole F. Wilder. This post is partially derived from that article.