SEC Awards $300,000 to an Audit & Compliance Professional for Whistleblowing: Key Implications & Lessons Learned

Last week, the SEC announced its first whistleblower award to an audit and compliance professional. The $300,000 award announcement noted that the recipient had “reported concerns to appropriate personnel within the company, including a supervisor,” but after 120 days, went to the SEC when they believed the company failed to take action.

I took away several potential implications and lessons stakeholders might learn from this announcement:

For Compliance Officers and Senior Executive Teams

  • No report or case should go 120 days without action. Never mind the potential for an SEC whistleblower—all organizations should have processes and systems in place to ensure that cases or reports open beyond 30 days are flagged, reviewed, and escalated to ensure appropriate and timely action is being taken.
  • Ensure there are sufficient and properly trained resources available to conduct investigations. The 2014 NAVEX Global Hotline Benchmarking Report found that case closure time overall is getting longer (now a median of 36 days, up from 30 days) and therefore is adding risk that reporters will get frustrated and take their concern outside the organization.
  • Keep the lines of communication open with the reporter during the course of an investigation. Even if the investigation isn’t complete, communicate throughout the process to let the reporter know that you are working on it, and when you will be able to let them know the matter has been addressed.
  • Train supervisors on their responsibilities. While there are few specifics provided in the SEC release, it does note that the issue was reported to a supervisor. Most organizations request that employees with concerns take the issue to a supervisor first and the hotline last, but few organizations properly train all supervisors on their responsibilities to appropriately respond and escalate issues to the right people.
  • Review and update, if necessary, your company’s code of conduct and communications related to the procedures for reporting misconduct. Ensure that all employees know the resources available to them. Send periodic reminders and include this information in training sessions.
  • We talk a lot about what impact organizational culture has on compliance. Think about the message that is sent to the workforce when an audit or compliance professional feels there is no choice but to go outside.
  • Consider: Should audit/compliance professionals have a greater responsibility than a line worker in reporting an issue? Although anyone can be a whistleblower with or without a reward, the question I was left with as a CCO and compliance professional was,“Should there have been a special duty on the part of the reporter who was in the audit or compliance department to follow-up on the concern?” While the facts are not available, I wonder if the whistleblower followed up after the initial report.

For Boards of Directors:

  • We don’t know whether the issue in this case was raised to the board, but boards should ensure that appropriate formal escalation policies and requirements for defined serious allegations (such as those involving senior executives and other serious financial/reputational risks) are in place. Escalation of these allegations to the board should occur within 24-48 hours of receipt and should not wait for the completion of an investigation before escalating.
  • Consider whether or not matters open longer than 60 days should be reviewed at board meetings.

For the SEC:

  • This case took an interesting turn with the unfortunate error on the part of the SEC when they released the reference number of the case tied to the award. This mistake possibly identified the whistleblower to the company and increased the potential for an eventual retaliation claim. I wonder if the SEC will be implementing special review measures to ensure this individual does not experience retaliation due to their mistake.

This event is a stark reminder to all organizations that, to ensure a strong culture of compliance, every issue raised—no matter who raises it—must be taken seriously and addressed quickly.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Green IT: What You Need to Know

Unexpected “Scientific Evidence” on the Value of Ethics & Compliance Training and Awareness

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Does Your Company’s “Inadequate Compliance Program” Violate Securities Laws?

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.


Subscribe Now!
Definitive Guide to Compliance Program Assessment
Download Guide