Did you have some cake? Break out the balloons? While it’s hard to believe, it is true. Our little Dodd-Frank, signed into law by President Obama in 2010, is already four years old and about ready for pre-school. Although we in the ethics and compliance industry tend to focus pretty heavily on the whistleblower program that Dodd-Frank established, the law has also regulated conflict minerals, changed the definition of executive pay and implemented the Volcker Rule, which prohibited banks and their affiliates from trading securities for their own account, although… well let’s just say that is in a bit of …flux, I guess..?
It’s an understatement to say the law’s rollout hasn’t been smooth. According to Davis Polk, as of July 18, 2014, 45.4% of rule deadlines have been missed, and 24.1% of rulemaking requirements haven’t even been proposed yet.
But the whistleblower program has been moving and it’s made a bit of noise. As a GRC software and business ethics training provider who also supplies whistleblower hotline services, we certainly appreciate the intention of the program and creating incentives that reward whistleblowers and prohibit retaliation. We believe very strongly that organizations should have controls in place that allow them to effectively and efficiently detect misconduct before it becomes systemic, as well as best practice investigation processes so that any incidents can be quickly remediated.
Let’s take a look at some of the milestones that have happened under the whistleblower program so far and how business ethics training and awareness programs have had to adapt as a result.
The Whistleblower Hotlines Start Ringing as the Bounty Program Begins
President Obama signed Dodd-Frank into law on July 21, 2010 and the whistleblower bounty program officially started. This meant that whistleblowers who provided the SEC with information that led to an enforcement action with a recovery greater than $1M could collect 10-30% of any recovered sanctions. It also meant that those whistleblowers were protected from retaliation.
How should businesses have reacted to this news? Certainly, if they didn’t already have a whistleblower hotline, or another acceptable means to anonymously capture employee allegations of misconduct, in place – and I can’t imagine that most businesses didn’t have one already – they needed to get one, and fast. Further, they needed to ensure that their business ethics training and awareness programs were updated to reflect the provisions in this new law. Smart businesses would have reminded employees about their anti-retaliation policies and made sure that their Code of Ethics training included a section on ethics reporting; this is a module that trains employees on their responsibilities to report to the company any suspected or witnessed misconduct and the means available for reporting it.
The Rules are Adopted and the Whistleblower Site Goes Live
In May 2011, the final whistleblower program rules were adopted by the SEC. Much to the chagrin of many in the business community who hoped the rules would force employees to report to internal compliance programs before going to the SEC, the rules only incentivized employees to do that by stating that the SEC would consider whether they reported internally first when considering the size of the reward. On August 12, 2011, the whistleblower program and www.sec.gov/whistleblower officially launched. The site gave public and official information including how to submit a tip, award eligibility requirements, how to apply for an award and FAQs.
Many internal compliance programs were on high alert after the rules were adopted. Having an open, ethical culture became an even bigger factor than it already was because employees were now being given a huge financial incentive to report to the government. To counteract that, it became even more critical for companies to have a culture that valued openness and respect, that encouraged employees to speak up and that did not tolerate even a hint of retaliation. Utilizing business ethics training and awareness programs, Codes of Conduct, employee policies and “tone from the top” messages are all still great vehicles for permeating those messages throughout the company.
The First Reward
On August 21, 2012 the SEC handed out the first reward under the Dodd-Frank whistleblower program. Ok, it was a bit anticlimactic, being only $50,000. An anonymous whistleblower who gave the SEC a tip on a multimillion-dollar securities fraud scheme earned the reward, which, according to SEC officials was about 30% of what they collected from fraudsters. The same whistleblower was given an additional $150,000 on April 4, 2014.
The Big Reward
This was the dramatic reward everyone was waiting for. On October 1, 2013, The SEC announced that rewarded a whistleblower a jaw-dropping $14 million, which meant that the monetary sanctions against the company in question totaled at least $46.7 million. A huge reward like this really got people talking and showed that the program had some teeth.
I imagine at this point compliance officers were … concerned. Either because they feel as though they’ve put in tremendously hard work creating compliance programs, only to have the SEC incentivize their employees to go get big jackpot payments elsewhere, or, because there could be a $47 million fine-worthy crime happening somewhere in their companies that they don’t know about and won’t know about because of the aforementioned jackpot incentives. Darned if you do, darned if you don’t.
So, our little Dodd-Frank has made some progress in terms of the whistleblower program (again, I’m not touching the rest of the law); the SEC has handed out 5 more awards since the biggie in October and while none of them were huge like that one, they’ve all been in the six-figure range.
The SEC is now receiving about 6,000 tips annually. There is no doubt the program will continue, at least for the foreseeable future, so we’ll have to check in next year and see what happens when Dodd-Frank is ready for kindergarten.