Are You Ready for the Dodd-Frank Act and Its Whistleblower Provisions?
Community Guest Blog post by By Cindy Knezevich
On July 21, 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act, or Dodd-Frank, was signed into law by President Obama, and on May 25, 2011, the SEC established rules to govern these procedures moving forward. The Act brought sweeping changes to the financial industry in response to the recent economic meltdown. There are a few things everyone should understand about the Dodd-Frank Act and, specifically, Section 922, which is now commonly referred to by some as the “whistleblower provision.”
Although Dodd-Frank takes aim at the financial services industry, its whistleblower provisions apply to all public companies, including private subsidiaries and affiliates while financial information is included in consolidated financial statements of a publicly traded entity.
Dodd-Frank’s whistleblower provisions are arguably one of the most significant components of the Dodd-Frank Act. The 2002 Sarbanes-Oxley Act (SOX) required public companies to establish a confidential channel for whistleblowers to report financial misconduct to the SEC and prohibit retaliation. Dodd-Frank builds on that, and in Section 922, also sets up a “bounty program,” allowing whistleblowers who report original information to the SEC about securities violations to obtain between 10 and 30 percent of any monetary sanctions awarded in excess of $1 million recovered against the company.
However, as Eleanor Bloxham recently wrote in CNNMoney, “The bounties provide too much of an incentive. Instead of using corporate whistleblower programs, they’ll go to the SEC. Employees should be forced to use internal channels first.” Responding to these concerns, the SEC proposed a new whistleblower regulation which will offer individuals even greater sums if they report malfeasance through internal corporate channels first and lesser sums if they do not. This could serve to dissuade, rather than persuade, a would-be whistleblower from coming forward, unless, of course, they know that their company’s corporate governance policy is sound and trustworthy.
What are the best practices companies should follow regarding their whistleblower programs? Every company is a little different, with varying values and degrees of risk tolerance, but here are the essential best practices companies should follow to sustain their ethical business culture:
1. Develop a strong code of conduct and clearly define pertinent policies· Regularly review and update codes and policies
· Create codes and policies which are written in plain language (not legalese) and inspire appropriate behavior, not just list out the undesired behavior
2. Renew education, awareness and certification efforts around ethics and compliance issues· Provide clear communication on with employees and other key stakeholders
· Actively promote your internal hotline program
· Utilize training that is engaging, interactive and adheres to instructional design best practices
· Ensure employees know what to do if they detect a violation (how to report it, who to report it to, etc.)
· Train managers on the critical importance of avoiding even the appearance of retaliation against would-be whistleblowers
3. Enable multiple mechanisms for identifying violations· Use proactive methods, i.e. risk assessments, audits, surveys
· Use reactive methods, i.e. managers’ intake forms, anonymous whistleblower hotline (web and phone)
4. Implement consistent, objective case management procedures for investigation and resolution· Expedite the process to meet new timelines for reporting
· Leverage a centralized repository for ALL issues
· Set predetermined investigative processes
· Include a tracking and analysis methodology
5. Develop corrective and preventative action (CAPA) and remediation on processes· Understand the root cause – don’t just deal with the issue, fi x the problem
· Review and update processes and policy as needed
6. Enable reporting and analysis to get the most from your ethics and compliance data· Eliminate silos of information
· Develop an integrated view into your culture and compliance
By following these best practices, companies can sustain their ethical culture and more quickly identify areas of concern before the issues flare out of corporate control—and therefore escalated to the levels denoted under Dodd-Frank.
Cindy Knezevich is the Vice President of Marketing Operations at The Network, Inc., a leading provider of governance, risk and compliance (GRC) solutions to nearly half the Fortune 500. Cindy can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
