Whistleblowing After Dodd-Frank: New Risks, New Responses

Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act has changed the dynamics of ethics and compliance programs. Not only are the potential rewards for whistleblowing in the millions of dollars, but employees can go directly to the Securities and Exchange Commission with an allegation, instead of reporting it internally. Many organizations are diligently protecting their reputations by improving internal fraud assessment and whistleblowing hotline processes.

Tune into the latest episode of Deloitte Insights to learn how this new rule might affect your business.

Guests:

• Donna Epps, Partner, Forensic & Dispute Services practice, Deloitte Financial Advisory Services LLP
• Mohammed Ahmed, Senior Manager, Forensic & Dispute Services, Deloitte Financial Advisory Services LLP

Transcript: Whistleblowing After Dodd-Frank: New Risks, New Responses

Sean O’Grady: Hello and welcome to Insights. Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act created rewards between 10 percent and 30 percent of monetary sanctions for whistleblowers who provide the Securities and Exchange Commission with original information leading to securities law enforcement actions that recover more than 1 million dollars. So how might this new rule affect your business? Here with thoughts on just that are two guests, the first is Donna Epps, a partner in the Forensic & Dispute Services practice in Deloitte Financial Advisory Services and our second guest is Mohammed Ahmed, a senior manager, also in Forensic & Dispute Services of Deloitte Financial Advisory Services. Folks thank you very much for joining us here today in New York. My first question for you, Mohammad how big of a concern should this new rule be for companies?

Mohammed Ahmed (Mohammed): Yeah Sean, this is one of the biggest rules affecting ethics and compliance program in recent history for a couple of reasons. One is the nature of the bounty that is being offered by the SEC. Very significant amounts from a monetary perspective, unprecedented and, you know, it could be running in 20 to 100s of millions for certain whistleblowers. And second is the fact that it allows potential a whistleblower to go directly to the SEC with an allegation instead of going internally with the company and that changes the dynamics of an ethics and compliance program significantly. So, a lot of volume of allegations is expected as a result of this rule and, you know, onus on organizations to protect their reputational risks.

Sean: So Donna if there is an increase is volume, how might this affect an organization’s internal processes?

Donna Epps (Donna): I think a lot of organizations are focusing on their whistleblower hotline process and that is important. It is important to understand that employees know how to use it, that it is accessible to them, and that culturally there are no inhibitions of using the whistleblower hotline process. However, other organizations are also looking more holistically at their program around what do we have around antifraud programs and controls perspectives overall. So for instance, governance, does a company have a concise process that is documented and explains the definition of fraud as well as the responsibilities around fraud? Does the organization have a fraud and/or corruption risk assessment process? Many organizations have something in place, but it may not be robust enough. Third is fraud prevention and fraud detection, those are areas that companies have some of these things in place, but they may need to be build up a bit and become more effective and then finally fraud response management. This is an area where if you do have an allegation of fraud or corruption, who knows about it, when it is communicated, when do you have a data preservation notice, when do you bring in outside independent council, and/or independent forensic accountants, etc.? Having those things mapped out ahead of time can be very helpful in these situations because as Mohammad indicated when whistleblowers go directly to the SEC, the company will have less of a time to respond to that and need to have all of their ducts in a row, if you will, to be able to respond.

Sean: Mohammad do you agree?

Mohammad: Yeah, I agree completely with Donna. And I would add a lot of companies are looking at their whistleblower programs to see if there are any efficiencies or improvements, they can make to them. The key aspects for whistleblower program are two main areas. One is to providing confidence to potential whistleblowers in the system and the second one is making sure that everyone in the company is aware of the program on how to report and know what types of allegations they are to report. So here organizations are looking at ways to improve their systems by doing things like benchmarking against industry standards, looking at assessments of the whistleblower programs to identify new things that they might be able to do to improve it, and also taking things like employee surveys, taking a temperature check of employees to get their feedback on how comfortable they are using system and whether they are aware of the mechanisms to use it be it via the hotline or be it informally directly to a supervisor.

Donna: The only thing I would add is just that companies also need to focus on bolstering their antiretaliation programs, if you will. It is very important that employees feel that there will be no retaliation if they do come to the company and/or the SEC.

Sean: So if the prescription for this new rule is enhancing or bolstering an organization’s internal processes, Mohammad how does an organization develop a tone at the top that will support those initiatives all the way through the culture?

Mohammad: Yeah. That is very important. The tone at the top, the ethical environment is going to be paramount and there are several things that organizations can do. One of the starting points is to do a fraud and corruption risk assessment, is really to understand where the exposures of security law violations that are part of this new rule, are there at an organization and that could be looking at existing foreign corruption risk assessments or performing new ones. But the first step is really to understand where the exposure is and how big the exposure is. Once that is done, that will allow organizations to determine where to focus on in terms building that tone at the top and ethics and compliance and there they can do things like fraud monitoring and proactive detection, such as looking at anomalies, analytics, and things of that nature and also doing fraud auditing. And the last key aspect is working on awareness and communication. The new rules put onus on organizations to ensure that their communication and trainings around ethics and compliance and whistleblower hotlines are effective because the programs are only as good as individuals that are aware of it and are confident using it and know about what type of issues they need to bring up.

Donna: The only other thing that I would add to what Mohammad said regarding communication that is just so important in this, but there is also an aspect of transparency and that is the place where organizations have been somewhat uncomfortable in the past. How much dirty laundry do we want to air and how we are going to deal with this, but it is extremely important that employees understand that these processes that they are having to deal with every day, the communication if you will of any issues that they come across are being dealt with and so there is a fine line of what to be communicated, but it is important that employees truly know that these processes and controls are working and that from the top of the organization they are walking the walk and talking the talk.

Mohammad: I agree. One of the keys for organizations is to improve their detection. Everything that they are trying to do is to ensure that that detection mechanism is strong and any potential issues are brought to the table as early as possible.

Sean: Thank you for that. We have been talking a lot about the processes within an organization. My last question for you is about other compliance areas. Donna, are there other compliance areas that should be a concern?

Donna: Well, I think and we have touched on this a bit today, but really it is important for organizations to think about corruption and if you think about what you have seen in the papers over the last several years, obviously there are not very many days you don’t see something around Foreign Corrupt Practices Act. We have got coming up in July the effective date of the UK Bribery Act, which not only makes it illegal to have government officials bribed but also commercial bribery. So, it is important for organizations to think about their processes and controls around compliance with anticorruption laws, not just the two I have mentioned but globally to really bolster the programs that they have in place and figure out if they are working, do the employees in those countries that are impacted understand the words that are being used, do they understand the expectations of how they are going to conduct business, etc., and that they have some sort of monitoring, if you will, of the effectiveness of those programs.

Sean: Clearly a dynamic and changing landscape. So thank you both very much for joining us. You have been listening to ramifications of the new Dodd-Frank Whistleblowing rule with Donna Epps and Mohammed Ahmed, both from the Forensic & Dispute Services practice of Deloitte Financial Advisory Services. 

If you would like to learn more about Donna and Mohammed or any of the topics we have discussed on this program, you can find that information and more by visiting our Web site, it doesn’t change, It is www.deloitte.com/insightsus

For all the good folks here in Insights, I am Sean O’Grady. We will you see next time.