Home > Risk > PwC advice on addressing the SEC whistleblower rules

PwC advice on addressing the SEC whistleblower rules

February 28, 2012 Leave a comment Go to comments

PwC has very graciously allowed me to share with you a copy of their report on this topic. I have included it in the files I share.

As PwC suggests, this is a fine time to review the organization’s internal processes for handling complaints. They address the following areas, with suggestions for each:

  • Review internal reporting mechanisms and nonretaliation policies

These policies should define expectations specific to employees and relevant third parties such as customers, contractors, suppliers, and agents.

  • Ensure internal processes to investigate and resolve issues are robust

Under the new rules, individuals considering making a whistleblower claim externally have 120 days to do so (120-day “look back” provision). If individuals believe that the company will investigate issues quickly, they may be more inclined to report internally first, while retaining the right to go to the SEC in the event they are not completely satisfied — in essence, giving the company a chance to address the issue first.

Companies should focus communication efforts on the benefits of internal reporting. However, actions speak louder than words. As such, the burden will rest on the company to ensure that issues reported internally will in fact be investigated and resolved well within the 120-day time frame. People reporting issues are likely to run out of patience quickly if they believe their concerns are not being taken seriously or addressed in a timely manner.

  • Revisit communications and training on your internal reporting and non-retaliation policies and processes

As with any new or updated policy, companies need to make sure that employees and other relevant parties are consistently informed of company expectations and their own individual rights and obligations. Frequent reminders and reinforcement through varied communication channels will help to get the message out.

  • Review your compliance confirmation process

This process serves as an additional opportunity to reinforce the message on the company’s ethics and compliance related expectations and supporting resources. However, it’s important to recognize that the code compliance confirmation process may leave the company exposed to situations in which an individual confirms observing or reporting misconduct but with insufficient information for management to determine whether, in fact, the matter was properly addressed.

  • Ensure you have validation procedures to confirm that the operational aspects of the ethics and compliance program are working effectively

Certainly the best defense against any external whistleblower claim and the resulting government investigation is prevention of the misconduct in the first place, or early detection and mitigation. Although effective compliance and ethics programs can help to prevent misconduct, the 2011 Compliance Week State of Compliance Study confirms that companies have difficulty measuring the effectiveness of their programs and many do not evaluate their programs at all. Further evidence that routine monitoring is a challenge for companies came in a recent ECOA survey, which found that only 12% felt they did a good job. Although the new whistleblower provisions themselves do not add requirements to evaluate ethics and compliance program effectiveness, it is advisable to check that your overall ethics and compliance program is designed and operating effectively and that relevant information is being appropriately communicated up and down. The best defences against an external whistleblower claim and the possible resulting government investigation is prevention of the misconduct in the first place, or early detection and mitigation — the roles that ethics and compliance programs are intended to perform.

Specifically, focus should be placed on designing and implementing performance metrics that allow you to monitor your ethics and compliance performance. It may also be a good time to review technology options to refine or create effective, integrated dashboards for greater insight into available data.

PwC closes very effectively with this:

SEC whistleblower rules should already be embedded in an ethics and compliance program that follows leading practices. Fundamentally, the best solution to the recent whistleblower rule changes is a healthy corporate culture where employees readily speak up to report concerns, and operating procedures that both sustain this culture and properly deal with issues.

What would you add? Do you think enough is made of the culture issue in the last paragraph?

  1. shahid
    March 1, 2012 at 4:33 AM

    This should also address the issue of market competitive employees compensation packages otherwise efforts may go in vain

  2. James
    March 4, 2012 at 9:50 PM

    As a former PwC employee who left them in disgust after being retailated for contacting authorities over overbilling client or travel expenses (kick-back ‘discount’ scheme) I find PwC the last firm who should advise on this topic. For me, it was the ‘normal’ retaliation, 5 years of expense audits, indpendence audit of family members and all financial records, no-reimbrusement of expenses (‘delayed’), until I quit.

    So be very, very, very careful about being a whistleblower, you will loose in 99.9% of cases, even when you are right…..

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: