On November 1, 2010, new changes to the Federal Sentencing Guidelines went into effect that govern corporate compliance programs. Two days later, the SEC announced proposed rules for implementing the new whistleblower provisions of the Dodd-Frank Wall Street Reform Act that Congress signed into law last July. Together, these new regulations make the implementation of an effective compliance program more important than ever.
Sentencing Guidelines Amendments
Government regulators use the Federal Sentencing Guidelines as a benchmark when evaluating whether a company has an effective compliance program - a determination that will directly affect whether the government grants leniency to a company when determining the appropriate outcome of an alleged violation. So companies are well-advised to use the factors set forth in the guidelines when assessing whether their own compliance efforts are up to par.
In effect, the new changes to the guidelines shift the focus from the conduct of individual high-level managers toward the effectiveness of the compliance program overall. Under the prior law, participation or willful ignorance of "high-level personnel" in the underlying offense functioned as a bar to any potential reduction for corporate good behavior. Now, if the company can show that it maintained an effective compliance program, the company may nonetheless still qualify for leniency.
The new guidelines make clear, however, that favorable treatment is only available to a company whose compliance program has certain characteristics, such as a direct reporting mechanism from its chief compliance officer to the Board of Directors or Audit Committee. The company also must have detected the violation before the government, and then promptly have reported the violation to the authorities. Predictably, if someone involved in the compliance program was involved in the offense, the company is still not eligible for leniency.
Also, the new guidelines place an increased emphasis on the steps a company takes after discovering wrongdoing. Previously, the guidelines generally required a company to "take reasonable steps to respond appropriately" after discovering wrongdoing. For the government to consider a compliance program effective, the new guidelines now specifically mention that a company should take steps to remedy any harm that the wrongdoing may have caused, including restitution to identifiable victims where appropriate.
Financial Awards Under the Dodd-Frank Act
The changes to the guidelines highlight the importance of a company's ability to detect misconduct, so that it can take necessary steps to respond. This means that organizations must assess their whistleblower systems, ensuring that they offer appropriate incentives to report wrongdoing. This is particularly true in light of the recent Dodd-Frank Act, which provides significant incentives for whistleblowers to report directly to regulatory authorities.
The Act establishes a new financial awards program that allows a whistleblower to receive between 10 and 30 percent of any recovery by the government over $1 million that results from "original information" provided by the whistleblower. Given the size of recent settlements with the government involving hundreds of millions of dollars, the incentive to report suspected wrongdoing to the government - instead of internally within the company - is significant. That is especially so considering that the new law also prevents companies from taking any adverse action against the employee for blowing the whistle to the authorities.
Proposed SEC Regulations
The SEC apparently realized the challenges that the new whistleblower law would create for companies trying to promote internal compliance through efforts such as ethics hotlines. Accordingly, in the proposed rules announced by the SEC on November 3, 2010, a whistleblower would still be eligible to collect an award if she reports the violation to the company first, so long as she provides the same information to the government within 90 days. This is true even if the company chooses to alert the government about the violation before the whistleblower, so long as the government did not know about the wrongdoing before the date of the initial report by the whistleblower to the company.
Although the proposed regulations provide some solace to companies who worry how they will effectively encourage employees to continue to utilize internal reporting mechanisms, the reality is that the new statute greatly increases the likelihood that suspected violations will be brought to the attention of government enforcers - whether companies choose to disclose the matter voluntarily or not. So companies should remember that the fundamentals of an effective compliance program remain more important now than ever.
For example, as a company braces itself for the potential impact of the new whistleblower statute, this would be a good time to evaluate whether internal reporting mechanisms are working like they should. How effectively does the company promote its ethics hotline? How does the company react when it receives complaints? Do employees perceive that the company takes complaints seriously? The bottom line: Do employees view internal reporting procedures within the company as a real way to fix problems?
If a company implements an internal whistleblower program that employees respect because it actually works, the company will not only deter misconduct, but also provide itself with an opportunity to address potentially serious violations prior to their disclosure to the government. If an employee makes a complaint internally and knows that the company will take it seriously, that employee is less likely to