sec compliance best practices - wsgr

I N S I D E T H E M I N D S

SEC Compliance Best Practices

Leading Lawyers on Managing Risks, Building and Maintaining Compliance Programs, and

Understanding New Legislation

2011 EDITION

©2011 Thomson Reuters/Aspatore All rights reserved. Printed in the United States of America.

No part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, except as permitted under Sections 107 or 108 of the U.S. Copyright Act, without prior written permission of the publisher. This book is printed on acid free paper.

Material in this book is for educational purposes only. This book is sold with the understanding that neither any of the authors nor the publisher is engaged in rendering legal, accounting, investment, or any other professional service. Neither the publisher nor the authors assume any liability for any errors or omissions or for how this book or its contents are used or interpreted or for any consequences resulting directly or indirectly from the use of this book. For legal advice or any other, please consult your personal lawyer or the appropriate professional.

The views expressed by the individuals in this book (or the individuals on the cover) do not necessarily reflect the views shared by the companies they are employed by (or the companies mentioned in this book). The employment status and affiliations of authors with the companies referenced are subject to change. Aspatore books may be purchased for educational, business, or sales promotional use. For information, please email [email protected]. For corrections, updates, comments or any other inquiries please email [email protected]. First Printing, 2011 10 9 8 7 6 5 4 3 2 1

If you are interested in purchasing the book this chapter was originally included in, please visit www.west.thomson.com.

mailto:[email protected]�

mailto:[email protected]�

Navigating the Thorny Path of Corporate Compliance in the Wake of Dodd-Frank

Elizabeth C. Peterson Partner

Wilson Sonsini Goodrich & Rosati

Inside the Minds – Published by Aspatore Books

Introduction On July 21, 2010, President Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203, 124 Stat. 1376) into law, introducing the most wide-ranging set of reforms to the US financial regulatory system in decades. The act arose out of the rubble of the global financial crisis that began in 2007, following the collapse of a number of the country’s largest financial institutions, federal bank bailouts, and dramatic stock market declines. The Dodd-Frank Act includes significant financial reforms with regard to the following: the existing regulatory structure (including the creation of two new executive agencies attached to the Treasury Department, tasked with researching the economy and monitoring systematic risk); the regulation of significant financial institutions; requirements for bank capitalization; credit rating agencies; resolution of failing financial institutions; consumer regulations; and the authority of the Securities and Exchange Commission (SEC). Perhaps two of the most significant areas of new regulation heralded by the act’s passage come in the area of corporate governance, in the form of new requirements regarding executive compensation as well as the implementation of a new statutory whistleblower regime. Background The Dodd-Frank Act was a direct response to the financial crisis that began in 2007 because of a fundamental liquidity shortfall in the US banking system, the effects of which continue to be felt today. Considered by many to be the worst financial crisis since the Great Depression of the 1930s, it contributed to a decline in consumer wealth estimated in the hundreds of billions of US dollars, as well as the failure of many key businesses, financial institution failures, and a significant decline in economic activity. The crisis began in 2006 with the collapse of the housing market in the United States, following an extended period of rapid, significant, and unsustainable growth in property values. As property values rapidly declined, the value of mortgage-backed securities plummeted, damaging financial institutions throughout the world. Global economies slowed, credit markets tightened, and international trade declined.


Varied causes have been posited for the crisis, and indeed, blame cannot be assigned to any one institution or practice. Nonetheless, many have argued that, at its core, the market’s failure to accurately assess the high level of risk involved with (and corresponding failure to appropriately price) mortgage-related financial products triggered the economic crash. As a result, much has been made of the US government’s purported failure to modify its regulatory scheme to address the reality of the current financial markets. Following the initial financial meltdown, the government took unprecedented steps to restart economic activity, including institutional bailouts and significant efforts at financial stimulus. With the benefit of twenty-twenty hindsight, it became apparent that at least some of the wide-reaching effects of the financial crisis could have been avoided. By way of example and relevant to certain provisions included in the Dodd-Frank Act, there was the revelation of Bernard Madoff’s estimated $65 billion Ponzi scheme. Along with the discovery of the vast scope of Madoff’s fraud came the disclosure that Harry M. Markopolos (an independent forensic accountant and financial fraud investigator) had detected Madoff’s scheme and had been providing the SEC with tips about the scheme for over nine years. When Madoff was finally arrested and the truth came to light, Markopolos was openly critical of the SEC for what he believed to be its fundamental failure to conduct an adequate investigation into the larger financial institutions under their ambit, as well as to respond to his repeated tips regarding Madoff. It is as a consequence of all of these events that Representative Barney Frank and Senator Chris Dodd proposed their sweeping reform. It is no surprise, then, that the express aim of the act is to “promote the financial stability of the United States by improving accountability and transparency in the financial system, to end ‘too big to fail,’ to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes.” 124 Stat. 1376. The act calls for myriad rule-makings and studies, and is in the midst of what will prove to be a heated period of public comment. Without question, the full impact of the legislation will not be known for years. Certain aspects of the new rules regarding corporate governance, however, advance governmental regulation far beyond existing rules, and are likely to have predictable and dramatic effects in the area of corporate compliance.


Beware the Bounty Hunter—Enhanced Whistleblower Rewards and Protections Section 922 of the Dodd-Frank Act creates Section 21F of the Securities and Exchange Act of 1934 (15 U.S.C. § 78(a) et seq.), which establishes a new “whistleblower bounty program” that provides substantial rewards and protections for whistleblowers who report violations of securities and other laws. Pursuant to this program, a whistleblower who provides the SEC with “original information” that leads to a successful enforcement action by the SEC of any law under its jurisdiction must be paid a bounty in an amount between 10 and 30 percent of any monetary sanctions (including penalties, disgorgements, interest, or other monies) the SEC collects in excess of $1 million. 124 Stat. at 1841-42.1 Such original information must come from the whistleblower’s independent knowledge or analysis, must not have been disclosed to the SEC by another source, and may not be exclusively derived from allegations made in a court or administrative hearing, in a governmental hearing, audit, report, or investigation, or in the news media, unless the whistleblower is the source of such allegations. Whistleblowers may maintain their anonymity if they are represented by counsel, although their identity must be disclosed prior to the payment of the bounty. 124 Stat. at 1740. The SEC is vested with discretion to determine the amount of the bounty awarded based upon the level and significance of the assistance provided by the whistleblower, as well as the SEC’s “programmatic interest…in deterring violations of the [securities laws] by making awards to whistleblowers….” Id. at 1741. While a number of whistleblower bounty programs already exist under different federal statutes, the expansive sway, enhanced rewards, and augmented protections of the Dodd-Frank Act program portend increased claims pursuant to its whistleblower program. Since 1989, the SEC has had a bounty program limited to information provided by a whistleblower that 1 Pursuant to the SEC’s proposed rules related to the whistleblower program, a whistleblower may also receive a bounty based on amounts collected in a related action brought, for example, by the U.S. Department of Justice, that is based upon the same original information the whistleblower provided to the SEC. Proposed Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934, Release No. 34-63237, 75 Fed. Reg. 70488 (“Proposed Rules”) at 125-27 (Nov. 3, 2010).


results in a civil penalty against individuals involved in insider trading. Whistleblowers were entitled to receive a bounty of 10 percent of the civil penalty. Id. But a general lack of public awareness of this bounty program resulted in only five claimants receiving bounties under this program, totaling a paltry $159,537. Importantly, a number of aspects of the Dodd-Frank whistleblower regime signal that a dramatic increase in the number of whistleblower claims is likely. Additional Claims Subject to Whistleblower Bounties and Protection Prior whistleblower regimes only awarded bounties and protected against retaliation for limited, specific types of claims. As noted above, the pre-existing SEC bounty program is limited to insider trading claims. The False Claims Act provides bounties to qui tam relators only in connection with claims of fraud committed against the government in connection with federal contracts. Under the Tax Relief and Health Care Act, bounties may be provided to whistleblowers disclosing underpayment of taxes. By contrast, under the Dodd-Frank Act, whistleblowers are paid a bounty for providing information that leads to a successful enforcement action under any law, rule, or regulation subject to the SEC’s jurisdiction. 124 Stat. at 1740. This vastly expands the field of violations (and, accordingly, the cast of potential wrongdoers) for which a whistleblower may reap a substantial reward. Moreover, included within this array of violations are those that have the potential of wreaking substantial havoc on a company’s bottom line, such as allegations of revenue recognition issues, improper accounting practices, and violations of the Foreign Corrupt Practices Act (FCPA). A Wide Net of Companies Subject to Whistleblower Claims By virtue of vastly expanding the universe of violations for which a whistleblower may be rewarded, the Dodd-Frank Act also enhances the scope of companies against whom a whistleblower may offer information. Whereas the False Claims Act affects only those organizations with federal contracting operations, Dodd-Frank whistleblowers may be rewarded for providing information on any entity subject to the SEC’s oversight.


In addition, provisions of the act expand the SEC’s jurisdiction of the anti-fraud provisions of the federal securities laws to any “conduct occurring outside the United States that has a foreseeable substantial effect within the United States,” in addition to any “conduct within the United States that constitutes significant steps in furtherance of the violation, even if the securities transaction occurs outside the United States and involves only foreign issuers.” 124 Stat. at 1864-65. A whistleblower could, therefore, be eligible for a bounty for providing information about foreign issuers, foreign investors, and other entities that operate outside of the United States. Id. It remains to be seen how the extended extraterritorial jurisdiction will be interpreted, but this augmented scope of the SEC’s jurisdiction means a new class of entities doing business abroad will now be subject to SEC enforcement actions. By extension, such entities may now suffer the consequences of whistleblower-initiated investigations and litigation as well as whistleblower retaliation litigation. A Substantial Class of Whistleblower Candidates With the exception of certain law enforcement and government personnel, those who acquire information through an audit required under the securities laws, and those who are convicted of a criminal violation related to the action for which they would otherwise receive a bounty, the Dodd-Frank Act does not restrict the types of persons who can receive a bounty.2 As a result, the universe of people who could potentially bring a whistleblower claim is nearly limitless—no longer may a company only fear disclosure from within. Under Dodd-Frank, whistleblowers will include not only the usual cast of characters (i.e., current and former employees, consultants, and agents), but also business partners, customers, reporters, or even competitors. 2 The SEC’s proposed rules issued on November 3, 2010, provide that the SEC will not consider information to be “original information” derived from “independent analysis” if provided by company personnel with legal, compliance, audit, supervisory, or governance responsibilities and the information was provided to such company personnel “with the reasonable expectation that [such personnel] would take steps to cause the entity to respond appropriately to the violation” unless the company fails to disclose the relevant information to the SEC within a reasonable time, or if the company otherwise proceeds in bad faith. Proposed Rules at 129. Likewise, information obtained pursuant to a communication protected by the attorney-client privilege or otherwise as a result of legal representation of a client will not be considered “original information” derived from “independent analysis.” Id.


Indeed, the definition of original information under the act was explicitly drafted to include “analysis.” 124 Stat. at 1740. Under this new statute, a third-party forensic accountant who is completely removed from the company can perform his or her own investigation and be rewarded should his or her efforts facilitate a successful enforcement action. This aspect of the Dodd-Frank Act is undeniably spawned by the unsuccessful efforts of Harry M. Markopolos to alert the SEC to Bernard Madoff’s ponzi scheme (who, under Dodd-Frank, would have potentially received a tremendous bounty). This expanded definition of who may be a whistleblower creates a structure whereby private watchdogs—including those solicited by plaintiffs’ lawyers—can take it upon themselves to monitor and analyze a company’s practices. It should also be noted that the class of potential whistleblowers is not bound by US borders. 124 Stat. at 1864. Indeed, companies should anticipate that any employee of a company’s foreign subsidiary or foreign affiliate, or foreign competitors, might emerge as whistleblowers.3 While the aim of the new whistleblower program may be to encourage anyone with genuine information about corporate malfeasance to report such information to the SEC, the potential for abuse, particularly given the expansive class of individuals who may serve as whistleblowers, is palpable. By way of example, companies often find that anonymous complaints made on internal corporate hotlines are, at core, the product of baseless rumors perpetrated by competitors within an industry or region. Little stands in the way of competitors making reports to the SEC that are similarly based upon unfounded allegations and rumor. While such unsubstantiated tips are unlikely to serve as the basis for a successful enforcement action, any resulting inquiry or investigation by the SEC or other government agencies alone will cost a company substantial time and resources.

3 The Proposed Rules specifically exclude from eligibility for a bounty “a member, officer, or employee of a foreign government, any political subdivision, department, agency, or instrumentality of a foreign government, or any other foreign financial regulatory authority.” Id. at 136. Thus, such a foreign official who is offered or receives a bribe cannot report it and receive a bounty.


Significant Bounties—The Undeniable Lure of the FCPA The greatest driver for an increase in whistleblower claims will be the increased financial incentives embodied in the Dodd-Frank Act. Although the specific amount of the bounty is left to the discretion of the SEC, the rules require it to be somewhere between 10 and 30 percent of all monetary sanctions. 124 Stat. at 1741. A significant monetary sanction will mean a significant financial windfall for a whistleblower. It follows, then, that the area of federal securities law most likely to be affected by the Dodd-Frank whistleblower program is the SEC’s enforcement of FCPA violations. The FCPA anti-bribery provisions make it unlawful for any issuer, domestic concern, or person acting in the United States to offer anything of value to members of a foreign government, international organization, or political party for the purpose of (1) influencing duties, (2) inducing them to influence a foreign government or agency’s decision, (3) obtaining or retaining business, or (4) directing business to anyone. 15 U.S.C. §§ 78dd-1, et seq. Importantly, the fines and penalties for violations of the FCPA are often higher than those of other securities laws for one simple reason: they are driven by the profits a company reaps by virtue of the wrongful conduct. Moreover, the SEC has publicly articulated its continued focus on investigating and taking action on FCPA violations, and has retained additional personnel and opened additional branch offices dedicated to FCPA investigations. This preoccupation with bribery abroad is not going away anytime soon. Neither are the astronomical monetary penalties that are often the endgame of the SEC’s oversight. A review of recent FCPA sanctions provides ample motivation for any would-be whistleblower. Indeed, the new incentives created by the Dodd-Frank Act come on the heels of greatly increased FCPA enforcement efforts by the SEC and criminal prosecutions by the Department of Justice. These recent efforts have exposed a continually increasing universe of conduct that will trigger an investigation. Further, cases brought by the SEC and Department of Justice have resulted in some incredibly large monetary settlements. For example, on June 28, 2010, the SEC announced a settlement with Technip for FCPA violations, for which Technip will pay $98 million to resolve the SEC’s charges. Technip was also required to pay a $240 million penalty in a separate criminal proceeding initiated by the


DOJ. SEC v. Technip, No. 4:10-cv-02289, complaint filed (S.D. Tex. June 28, 2010); SEC Charges Technip with Foreign Bribery, Litigation Release No. 21578 (June 28, 2010). In February 2009, Technip’s joint venture partner (KBR Inc.) and its former parent (Halliburton Company) settled civil FCPA charges with the SEC agreeing to be jointly liable to pay $177 million in disgorgement. SEC Charges KRB and Halliburton for FCPA Violations, Litigation Release No. 20897A (Feb. 11, 2009). Other recent settlements include a $91.4 million disgorgement by Daimler A.G. on April 1, 2010, and a $40.2 million global settlement entered into by Innospec Inc. to resolve charges of FCPA violations. SEC v. Daimler AG, No. 1:10-cv-00473, complaint filed (D.D.C. March 22, 2010); SEC Charges Daimler AG with Global Bribery, Press Release No. 2010-51 (April 1, 2010); SEC v. Innospec Inc., No. 1:10-cv-00448, complaint filed (D.D.C. March 17, 2010); SEC Files Settled Foreign Corrupt Practices Act Charges Against Innospec, Litigation Release No. 21454 (March 18, 2010). Furthermore, who can forget Siemens’s 2008 settlement, pursuant to which it paid $350 million in disgorgement of profits under its agreement with the SEC and a criminal fine of $450 million in its settlement with the Department of Justice. SEC v. Siemens Aktiengesellschaft, No. 1:08-cv-02167, complaint filed (D.D.C. Dec. 12, 2008); SEC Files Settled Foreign Corrupt Practices Act Charges Against Siemens AG, Litigation Release No. 20829 (Dec. 15, 2008). These and a multitude of other highly publicized settlements will undoubtedly draw the attention of whistleblowers seeking to enjoy a financial windfall. Increased Impact of Retaliation Claims The Dodd-Frank whistleblower program also carries with it significantly expanded protections against retaliation by employers. Under the new rules, no employer may discriminate against a whistleblower who provides information pursuant to any law under the SEC’s jurisdiction. 124 Stat. at 1744. In 2002, the Sarbanes-Oxley Act (Pub. L. 107-204, 116 Stat. 745) was enacted, and for the first time provided protections against retaliation for whistleblowers. These protections, however, applied only to retaliation claims made against public companies with securities registered under Section 12 of the Securities and Exchange Act of 1934. Dodd-Frank, however, has no such restrictions—the retaliation protections apply to public and private companies alike. Moreover, under Dodd-Frank, whistleblowers may now receive retaliation protection not only for


statements that were protected under Sarbanes-Oxley, but also the Securities Exchange Act of 1934 and 18 U.S.C. § 1513(e) (which prohibits retaliation against individuals providing information to a law enforcement officer about the possible commission of a federal offense).4 124 Stat. at 1744. The net effect is that any retaliation claim that could previously have been brought under various prior regimes may now be brought under the Dodd-Frank Act, and may receive the benefit of its lengthy statute of limitations and back pay awards. Whistleblowers may bring a retaliation claim in district court, and if they are successful, they may be (i) reinstated in their former job with the same seniority status they would have had but for the discrimination, (ii) awarded two-times back pay, with interest, and (iii) awarded litigation costs and attorneys’ fees. 124 Stat. at 1744. Several aspects of the protections for whistleblowers embodied in the Dodd-Frank Act will likely result in an increase in the number of retaliation claims, as well as an increase in the costs companies are forced to incur in defending against them. Expanded Statute of Limitations The 2002 Sarbanes-Oxley Act provided the first statutory protection against retaliation for whistleblowers, but only for those who report violations by public companies of SEC rules or regulations or federal fraud laws. Individuals who prevailed on a claim for retaliation were entitled to reinstatement with seniority, back pay with interest, and fees and costs. These protections, however, are subject to a ninety-day statute of limitations. Since the passage of the 2002 act, approximately 600 to 700 retaliation claims have been made, but only a handful have ever been decided on the merits in favor of the whistleblower. Under Dodd-Frank, the statute of limitations for bringing a retaliation claim is extended dramatically from ninety days to somewhere between six and ten years (depending on when the alleged retaliatory conduct is discovered). More specifically, whistleblower employees may bring retaliation claims not 4 Whistleblowers are also protected from retaliation for providing information to agencies such as the Commodities Futures Trading Commission and the Bureau of Consumer Financial Protection.


more than six years after the retaliation, or three years after the employee knew or should have known about the retaliation, but in no event later than ten years after the retaliation occurred. 124 Stat. at 1846. The potential drawbacks of the extended statute of limitations are twofold. First, successfully defending against the retaliation claim is impaired. The whistleblowers bringing these claims are likely no longer employed by the company. In addition, other employees with knowledge of the alleged retaliation may no longer be employees or may have diminished recollection of the events at issue. Finally, the company may no longer have the relevant documents or employment records. These issues will make accurate or efficient resolution of the retaliation claim more difficult. The preliminary burden for a retaliation claim, of course, falls on the claimant to show that the employer was aware that the employee engaged in protected activity and that the employment-related retaliation was at least in part motivated by that activity. See, e.g., United States ex rel. Rosales v. San Francisco Housing Authority, 173 F. Supp. 2d 987 (N.D. Cal. 2001) (explaining the burden for retaliation claims regarding protected activity under the False Claims Act). For a plaintiff who is able to make such a prima facie case, however, the burden then shifts to the company to affirmatively prove that same decision would have been made even if the employee had not engaged in protected activity. If substantial time has passed, faded memories and incomplete records could make it extremely difficult for a company to meet this burden. With a lack of definitive evidence, cases would be more likely to survive past the motion to dismiss and motion for summary judgment stages, thereby forcing the company to incur greater costs. Second, the increased statute of limitations in conjunction with statutory awards of back pay create a risk that if a whistleblower succeeds on a claim, the financial penalties involved would be greatly exaggerated. Unlike Sarbanes-Oxley, which carried with it a ninety-day statute of limitations, a former employee under the Dodd-Frank Act may bring a claim up to ten years following his or her departure from the company, and if successful is entitled to two-times back pay plus interest. 124 Stat. at 1744, 1846. This could result in awards reaching into the millions of dollars for back pay alone. These enhanced whistleblower protections serve to highlight the importance that companies take appropriate measures to minimize retaliation claims.


Direct Access to District Courts Under the prior Sarbanes-Oxley regime, a whistleblower who wished to bring a retaliation claim was required to do so by first filing a claim with the Occupational Safety and Health Administration in the US Department of Labor. An administrative law judge would then review the claims. Only if an appeal of the administrative law judge’s decision was filed (or if the administrative law judge was unable to reach a decision within 180 days) was the employee entitled to bring the case in federal district court. This administrative procedure afforded companies a quick and economical way to resolve retaliation claims. The Dodd-Frank Act does not completely abolish the Sarbanes-Oxley administrative adjudication process, but provides for a separate parallel enforcement mechanism. Whereas the Occupational Safety and Health Administration previously served as a gatekeeper for retaliation claims, the Dodd-Frank Act permits a whistleblower employee to bring the claim directly in federal district court in the first instance. 124 Stat. at 1744. The financial implications of this process for companies on the receiving end of retaliation claims cannot be underestimated. First, the permissive civil litigation rules in federal district court allow for extensive discovery, which can represent an oppressive burden and require a significant expenditure of time and money. In addition to increased litigation costs, the public nature of federal civil litigation also creates an increased risk of public disclosure of confidential information and the possibility of spin-off shareholder actions. Again, to avoid costly, damaging litigation, companies should implement proper policies and procedures that will protect against improper employment practices and ensure that employment decisions are properly documented. Increased Scrutiny of Executive Compensation Corporate compliance initiatives will also be affected by Sections 953 and 954 of the Dodd-Frank Act, which create a new disclosure requirement and a corresponding ability to retroactively claw back executive compensation following the issuance of an accounting restatement. Specifically, Section 953 directs the SEC to adopt rules that require companies to provide in any proxy statement for an annual meeting a disclosure that shows the


relationship between incentive-based executive compensation actually paid by the company (including the specific proportion thereof) and the company’s financial performance. In essence, the rules require a company to disclose exactly how much of every executive’s compensation is tied to the company’s financial performance. 124 Stat. at 1903-04. Section 953 works in conjunction with Section 954, which directs the SEC to require national securities exchanges to institute listing standards whereby companies must develop and implement policies to “claw back” the incentive-based executive compensation corresponding to the company’s financial performance, in the event of a financial restatement.5 124 Stat. at 1904. Pursuant to the claw-back provisions, whenever a company issues an accounting restatement, it must review any incentive compensation awarded to executives for the three years preceding the restatement, and assess how much incentive compensation would have been awarded had the company accurately stated its financial results. Any incentive compensation actually awarded in excess of what would have been awarded under the accurate, restated numbers must be returned to the company by the executive. Id. These provisions go far beyond similar provisions in Sarbanes-Oxley, which only required a company to claw back compensation from the chief executive officer and chief financial officer, and only if the accounting restatement was the result of misconduct. The true impact these policies will have remains to be seen, however, because the extent to which executive compensation is subject to claw-back is directly tied to the specific manner in which a company chooses to allocate executive incentive-based compensation. In this regard, Sections 953 and 954 have permitted companies to retain some level of control, affording them the opportunity to structure executive compensation to minimize the amount that is directly tied to financial performance. 124 Stat. at 1903-04. In doing so, companies can theoretically minimize the amount of executive compensation that might be subject to claw-back following a future potential restatement. 5 Section 954 does not actually impose direct regulation of companies, but is couched in the form of a listing requirement. Accordingly, companies that refuse to implement claw-back procedures cannot be listed on any national securities exchanges.


The Impact of Dodd-Frank on Corporate Compliance Programs The Sarbanes-Oxley Act (passed in reaction to an earlier series of corporate scandals by companies such as Enron and WorldCom) required the audit committees of public companies to create a process for “confidential, anonymous submissions by employees of the issuer of concerns regarding questionable accounting or auditing matters.” 15 U.S.C. § 78j-1(m)(4) (2010). In the eight years since, public companies have implemented hotlines, advertised the hotlines to employees worldwide as a secure means by which employees may anonymously report potential violations, and audit committees have reviewed and investigated these claims. Still, how can companies expect to compete against the potential riches a whistleblower can reap by reporting information to the SEC in the first instance? The large financial incentives created by Dodd-Frank will encourage employees to bypass internal reporting procedures. Further, the anti-retaliation provisions of Dodd-Frank will prevent a company from penalizing in any way individuals who opt to bypass internal reporting programs. As a result, Dodd-Frank will have the unintentional effect of undermining one of the fundamental purposes of a key facet of Sarbanes-Oxley (i.e., creating an effective mechanism for detecting and remediating corporate misconduct that could harm investors). As a consequence (irrespective of whether there is any validity to the whistleblower’s allegations), the events that will follow, including inquiries, investigations, and potential enforcement proceedings, will impose substantial burdens, both in time and resources, on a company and its board, officers, and employees. The SEC has stated that “encouraging whistleblowers to report securities violations to their corporate compliance programs is consistent with the Commission’s investor protection mission.” Proposed Rules at 51-52. Yet the SEC’s proposed rules do not effectively promote internal reporting. The proposed rules do not require a whistleblower to first report internally. The SEC has said only that it may give credit to a whistleblower who first reports through established internal reporting mechanisms and has sought comment as to whether the SEC should increase bounty awards for such whistleblowers. Id. at 52. Neither the Dodd-Frank Act nor the Proposed


Rules provide guidance as to how such credit would be “calculated,” let alone any measures that would ensure such credit is consistently awarded. Companies would be well advised to scrutinize their internal controls and compliance programs. An effective compliance program can, of course, go a long way to reducing the occurrence of wrongdoing in the first place, as well as ensure that potential violations or problematic conduct are detected and addressed by compliance personnel. Part of any effective compliance program is routine training of employees on relevant policies, but also on the laws and regulations that affect employees in their particular positions. Such training must be straightforward, accessible, and targeted toward the real-world situations employees face. High-level discussions of compliance initiatives will do little to convince sales personnel in countries deluged with corruption that they must conduct themselves against the grain of longstanding business practices. But proper training of personnel will both inhibit employee misconduct and minimize mistaken or unfounded reporting (either internally or pursuant to the SEC whistleblower program). Importantly, in light of the Dodd-Frank Act’s enhancement of the extraterritorial reach of the SEC’s anti-fraud provisions, there are many private companies and companies operating internationally that will now be subject to this particular type of risk. Given that, for many of these companies, this will be the first time they are subject to a whistleblower statutory scheme, it is imperative that such companies implement compliance programs and, as part of such programs, educate and train employees regarding the scope of applicable laws. What can a company do to encourage its employees to report violations internally rather than directly to the SEC? First, companies should examine the efficacy of their current reporting mechanisms and consider means of improving them. Providing alternative reporting conduits (i.e., a telephone hotline as well as an e-mail hotline), improving response time to hotline reports, ensuring that hotlines are accessible in all necessary languages, and making hotlines available on a twenty-four hours a day, seven days a week basis are all measures that can boost employees’ use of internal reporting mechanisms. Second, it is critical that internal reporting mechanisms be well publicized throughout a company’s operations. That reporting suspected misconduct is both important to the well-being of the corporation and all


employees, and can be done easily and anonymously, should be communicated in training, in company-wide communications from senior management, on posters placed in copy rooms, break rooms, and elevators, and on the company’s intranet and website. Third, the company must both communicate and demonstrate that the confidentiality of employees using the hotline will be protected, as will the reporting employee’s position within the company. Fourth, employees must perceive that reports on the hotline are resolved in a timely, effective manner with appropriate and swift disciplinary action taken where appropriate. While employees may be told that this is how hotline reports will be handled, if compliance personnel do not deliver on such promises, word will get out and employees will be reluctant to make use of the company hotline. Alternatively, if compliance personnel consistently demonstrate efficient and proper management of the company hotline, that too will find its way to the company grapevine and prompt personnel to make reports internally. Finally, companies should consider ways to obtain employees’ buy-in to promoting and facilitating ethical behavior throughout the organization. Such measures may include incorporating ethics and compliance initiatives as part of employees’ annual rating or evaluation criteria, providing rewards (monetary or otherwise) for conduct that fosters ethics and compliance objectives (including valid reports to the corporate hotline), and training, through practical example, as to the value of ethical practices to the individual employees as well as the organization as a whole. Dodd-Frank is sure to be a game-changer for corporate ethics and compliance initiatives. As currently drafted, the whistleblower program may serve to undermine the compliance policies and procedures companies have implemented at great expense. If the program prompts the barrage of whistleblower claims that is anticipated, companies will be forced to expend significant resources on the inquiries and investigations that will follow such claims—resources that could otherwise be used to enhance compliance programs and detect and remediate corporate wrongdoing. Time will tell whether the SEC will implement the new whistleblower program with the extraordinary scope and vigor it has promised. In the meantime, to best weather the coming storm, companies should take stock of their existing internal controls and reporting mechanisms, and implement measures that will improve their efficacy.


Key Takeaways

• Pursuant to the Dodd-Frank whistleblower program, a whistleblower who provides the SEC with “original information” that leads to a successful enforcement action by the SEC of any law under its jurisdiction must be paid a bounty in an amount between 10 and 30 percent of any monetary sanctions (including penalties, disgorgements, interest, or other monies) the SEC collects in excess of $1 million. 124 Stat. at 1841-42.

• The expansive sway, enhanced rewards, and augmented protections of the Dodd-Frank Act portend increased claims pursuant to its whistleblower program.

• The Dodd-Frank Act places few restrictions on the types of persons who can receive a bounty. Thus, no longer may a company only fear disclosure from within. Under Dodd-Frank, whistleblowers will include not only the usual cast of characters (i.e., current and former employees, consultants, and agents), but also business partners, customers, reporters, or even competitors.

• A whistleblower could be eligible for a bounty for providing information about foreign issuers, foreign investors, and other entities that operate outside of the United States. It remains to be seen how the SEC’s extended extraterritorial jurisdiction will be interpreted, but its breadth suggests a cautious approach.

• A significant monetary sanction will mean a significant financial windfall for a whistleblower. A review of recent FCPA sanctions provides ample motivation for any would-be whistleblower.

• The Sarbanes-Oxley Act protections against retaliation for whistleblowers applied only to retaliation claims made against public companies with securities registered under Section 12 of the Securities and Exchange Act of 1934. Dodd-Frank, however, has no such restrictions—the retaliation protections apply to public and private companies alike.

• Whistleblowers may bring a retaliation claim in district court, and if they are successful, they may be (i) reinstated in their former job with the same seniority status they would have had but for the discrimination, (ii) awarded two-times back pay, with interest, and (ii) awarded litigation costs and attorneys’ fees.


• Under Dodd-Frank, the statute of limitations for bringing a retaliation claim is extended dramatically from ninety days to somewhere between six and ten years (depending on when the alleged retaliatory conduct is discovered).

• The increased statute of limitations, in conjunction with statutory awards of back pay, create a risk that if a whistleblower succeeds on a claim, the financial penalties involved would be greatly exaggerated.

Elizabeth C. Peterson is a partner in the Palo Alto office of Wilson Sonsini Goodrich & Rosati. Her practice focuses on white collar criminal defense, corporate compliance, internal investigations, and securities litigation. She has extensive trial and courtroom experience, having served as an assistant US attorney. In this role, she obtained experience in multiple areas of criminal law, including money laundering; bank, mail, and wire fraud; narcotics and violent crimes; terrorism-related offenses; and international criminal offenses. Acknowledgement: I would like to acknowledge and express profound thanks to Benjamin M. Crosson for his superb, skilled assistance in crafting this chapter.

www.Aspatore.com Aspatore Books, a Thomson Reuters business, exclusively publishes C-Level executives (CEO, CFO, CTO, CMO, Partner) from the world's most respected companies and law firms. C-Level Business Intelligence™, as conceptualized and developed by Aspatore Books, provides professionals of all levels with proven business intelligence from industry insiders—direct and unfiltered insight from those who know it best—as opposed to third-party accounts offered by unknown authors and analysts. Aspatore Books is committed to publishing an innovative line of business and legal books, those which lay forth principles and offer insights that when employed, can have a direct financial impact on the reader's business objectives, whatever they may be. In essence, Aspatore publishes critical tools for all business professionals.

Inside the Minds The Inside the Minds series provides readers of all levels with proven legal and business intelligence from C-Level executives and lawyers (CEO, CFO, CTO, CMO, Partner) from the world's most respected companies and law firms. Each chapter is comparable to a white paper or essay and is a future-oriented look at where an industry, profession, or topic is heading and the most important issues for future success. Each author has been selected based upon their experience and C-Level standing within the professional community. Inside the Minds was conceived in order to give readers actual insights into the leading minds of top lawyers and business executives worldwide, presenting an unprecedented look at various industries and professions.

http://www.insidetheminds.com/�

sec compliance best practices - wsgr

Documents