Institutional investors and companies should be beefing up their internal compliance programs in the face of the Securities and Exchange Commission's whistleblower program, adopted last year under the Dodd-Frank Wall Street Reform and Consumer Protection Act.
The program provides new incentives for whistleblowers to report fiduciary and other breaches.
Not that some employees need incentives. At the $13.3 billion Kentucky Retirement Systems, a trustee precipitated an investigation, detailed in an independent counsel report released March 12, into use of placement agents and undisclosed fees paid to them. At Institutional Shareholder Services Inc. earlier this year, an employee alleged the corporate-governance advisory firm sold confidential client proxy-voting data to proxy solicitation firms.
These whistleblower complaints represent a concern of institutional investment management that will require better ways to handle tips and deal with issues brought to light.
The SEC, much maligned after missing or ignoring sensational cases like the Madoff investment swindle, has made the new whistleblower provision a key element in strengthening its enforcement efforts.
That the whistleblower program is an SEC priority is shown by links posted on its website's home page, seeking tips and explaining the program.
The SEC seeks to draw whistleblower tips through the Gordon Gekko philosophy of “greed is good.” A key component of the program is a bounty system that offers whistleblowers an award of between 10% and 30% of monetary sanctions of at least $1 million collected in actions brought by the SEC, and related actions brought by other regulatory and law enforcement authorities.
As a result, the SEC whistleblower program could transform internal compliance programs at corporations, investment management firms, pension funds, endowments, foundations, other institutional investors, or any organization that could be at risk through violations of federal securities laws. Ideally, it should serve as a catalyst to strengthen internal compliance.
Whistleblowers don't have to go through the SEC. The Kentucky systems' trustee did and the ISS employee apparently did as well. Complaints might not fit SEC criteria or whistleblowers might decide for other reasons to bring their complaint through another venue.
The SEC whistleblower rules likely will encourage more such allegations and influence how they are handled. And in this era of social networking, employees might more willingly embrace coming forward to reveal activities.
Institutional investors and corporations will need to fight fire with fire if they want to strengthen their compliance programs to counter the alluring provisions of the SEC program — such as the bounty — and the promises of anonymity and protection against retaliation.
The SEC commits to protecting a whistleblower's identity “to the fullest extent possible,” even precluding disclosure of the identity in response to Freedom of Information Act requests. Its shield is not absolute. For example, in court proceedings the SEC might have to produce documents that would reveal the person's identity.
Institutional investors and corporations should offer financial incentives and protection from reprisals or other retaliation, including offering some confidentiality. They should have compliance departments report only to boards, or they could even outsource compliance functions to specialty firms, all to put internal fraud reporting programs on a more equal footing with the SEC's whistleblower office.
Internal compliance should encourage reporting of illegal activity. In 2010, the $233.4 billion California Public Employees' Retirement System, beset with allegations of improper investment activity with its assets, introduced a whistleblower hotline to identify fraud and waste. It hired a private company, EthicsPoint Inc., to operate the helpline.
Institutional investors and corporations that fail to step up their compliance efforts risk harming financial performance and risking regulatory or judicial penalties.
Among problems with the SEC program, some whistleblower allegations might become known, as in the case of ISS. But without confirmation from the SEC that a matter is under investigation, an institutional investor or corporation is in the dark, even as the allegations cast a cloud on its reputation.
The SEC ought to provide more transparency about allegations; otherwise it could encourage rumors or even false reports of SEC whistleblower allegations against institutional investors or corporations to damage them.
Institutional investors and corporations, for their part, need to recognize and embrace a new era of risk management to combat investment and securities fraud, and to step up their own efforts to encourage internal reporting of allegations of illegal activity.