This week, the U.S. Securities and Exchange Commission (SEC) captured headlines when it announced it is awarding a record $30 million to a whistleblower for reporting a major fraud. While I applaud the enforcement action, those of us in the risk and compliance profession are alarmed by how little we know about what must be an important case. It is all jaw-dropping announcement with no guidance or learnings for those organizations who want to get it right.
In its redacted report, the SEC bestowed this award on an anonymous whistleblower who reported an anonymous infraction at an anonymous company that is somehow subject to SEC requirements. As with past cases, the identity of the whistleblower and other facts are redacted. We know the whistleblower was living outside the U.S. and that, in the SEC’s opinion, he or she waited an unreasonable period of time to report the facts to the SEC causing continued harm to shareholders. We don’t know if the company had an internal reporting process in place or whether it was used. We don’t know if the company had any elements of an effective compliance program such as strong policies, role-relevant training, and auditing and monitoring for effectiveness and compliance. And, we don’t know the role of their external auditors.
All of this is relevant and critical information for in-house counsel and compliance and ethics professionals who are anxious for more specific guidance on what to include in their ethics and compliance programs to improve their effectiveness, and to ensure they meet regulatory expectations. Recent cases involving Morgan Stanley and Ralph Lauren resulted in declinations to prosecute and provided helpful detail on what is expected, and what will drive enforcement credits and kudos from the SEC.  When the SEC provides specific direction and guidelines s, companies take decisive action–and make strategic investments in compliance programs.
While the mega-millions-jackpot size of the award will inevitably incentivize whistleblowers around the world, as Sean McKessy, Chief of the SEC’s Office of the Whistleblower suggests, it doesn’t empower companies to become better.  And isn’t that the point of all this? It seems so misguided to make such a powerful statement that prompts more questions than it answers.
Instead, the SEC will have to contend with an even higher volume of tips submitted by bounty hunters. A higher volume of tips also increases the likelihood that many of these tips will be dead ends.  Does the SEC have adequate resources to deal with the inevitable uptick?
Sadly, this all leaves the business community and public wondering if the SEC is simply hunting for bigger prosecutions, or if they really want to better protect the public by increasing business integrity. The Office of the Whistleblower website says the value of the whistleblower is to, “…help the Commission identify possible fraud and other violations much earlier than might otherwise have been possible. That allows the Commission to minimize the harm to investors…” I would argue that the SEC could dramatically increase the value of these validated tips by sharing lessons learned with the compliance community.
Recommended by Forbes

UK Commission Takes A Pass On U.S.-Style Whistleblower Bounties

Billionaire Whistleblowers
This is not only true in the U.S., but globally, where both anonymous whistleblowing and the legal landscape surrounding retaliation protections are developing rapidly.    The SEC’s award is effective advertising to employees around the world that the agency will pay a bounty to any person with good information (even non-employees like clients, vendors, suppliers and agents) and in any country, regardless of in-country laws surrounding anonymous reporting and the payment of bounties.  But again, it offers nothing to global companies trying to understand and effectively manage the scope of their risk.
Some might argue that disclosing more facts might chill the use of the whistleblower program. I would argue that the opposite is true, and that the positive benefits can be achieved without destroying faith in the SEC’s ability to safeguard the whistleblower’s desire for confidentiality.
In our work, we see some of the most advanced companies publicizing to all of their employees, sanitized versions of cases that have been reported internally.  Without revealing the identity of wrongdoers or victims, these disclosures send a powerful message to employees, letting them know that reporting is encouraged and applauded and there is zero tolerance for retaliation.  The transparency and open sharing of information helps to remove the shroud of mystery around the hotline/reporting and investigation procedure, and to show that the company takes action when it is alerted of potential wrongdoing.  These companies believe the risk of this “disclosure” is far outweighed by the reward—a true “speak-up” culture and an empowered group of employees who feel both confident in and obligated to be the eyes and ears of the organization.  These are not employees who when they suspect wrongdoing, immediately look to an external agency for help.
The whistleblower in this case should be protected and allowed to remain anonymous if that is what they choose. But the SEC going completely silent across the board in what is obviously a powerful case is going to do more harm than good.
Prosecution should serve as a deterrent in addition to serving justice. It should set an example for corporations who are striving for diligent behavior that serves their employees, their shareholders and the public and who want to improve their internal culture. In this case, we have no deterrent, and we have no guidance. This announcement has the same impact as publicizing a 99-year prison sentence without details of the crime or the laws broken.
Many companies, especially big ones, know they need to do a better job listening to their employees, especially when it comes to spotting malfeasance. And most understand that encouraging internal reporting is a good way to catch fraud early and root it out before it inflicts major damage. The SEC should be doing everything it can to help those companies do just that while still protecting the whistleblower. And it should start by coupling announcements like this week’s bombshell with relevant guidance that gives businesses a specific path to follow.