Recent SEC awards signal need for management at all levels to act swiftly on reports of alleged misconduct
The SEC announced on April 22 that it had paid about $1.5 million to a whistleblower who had acted ‘to prevent imminent misconduct from causing substantial financial harm to the company or investors.’ That motivation was key, as the whistleblower was a compliance professional.
Compliance professionals, whether employees or consultants, generally are ineligible for a whistleblower bounty. ‘What’s unique about compliance and legal people is that they’re more likely to learn about problems than anyone else because of their role in investigating these issues,’ says Edward Ellis, co-chair of Littler Mendelson’s whistleblowing and retaliation practice group. ‘They have a special relationship with the company.’ Indeed, they may even be company counsel, who get their information through the attorney-client privilege. And yet they’re in a position to make some money on such knowledge, he adds.
The SEC press release reads in part, ‘This compliance officer reported misconduct after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.”
Although the statement includes no facts about the company, the whistleblower or the type of misconduct that was reported, Ellis notes that this case appears to involve information regarding someone who ‘was about to commit a crime.’ In such a situation, ‘I don’t think a company can expect its compliance people to do anything different.’ It’s worth noting that a second person attempted to tell the SEC about the same situation, but the SEC rejected that person’s claim.
In Ellis’s experience, ‘disproportionately, a number of whistleblower cases of all kinds—bounties or no—are filed by compliance officers.’ That includes cases under Sarbanes-Oxley, Dodd-Frank and the False Claims Act, he says. The SEC announced that two of the 16 bounties it has paid since 2011 have been earned by compliance professionals.
The previous award, announced in August, 2014, went to a compliance professional who was not acting to stop an imminent crime; that person avoided the ban on compliance professionals getting bounties by reporting the wrongdoing internally, including to a supervisor, and waiting. If a company does not act on such reports within 120 days, the compliance professional is free to go to the SEC, which is what happened in that case, the SEC explained.
Ellis highlights that exception to the ban on compliance professionals collecting from the SEC as the place a company can be proactive to protect itself. Although 120 days is a short time frame, ‘companies have more control because there’s a time limit. Companies have to be able to move quickly to investigate and deal with it within 120 days,’ he says.
Ellis is not confident that all companies have such rapid-response systems in place yet. ‘I think the business community is starting to adjust to the SEC bounty program, but in truth there haven’t been that many awards yet, and so I don’t think companies have been paying enough attention,’ he says. Companies are starting to take note, however, and are starting ‘to focus more on trying to catch and prevent wrongdoing inside large companies.’
