The volume of whistleblower complaints received by the SEC recently has left some to wonder about the current state of securities laws compliance. With the move by most businesses to a remote working environment, the SEC Enforcement Division has received over 4,000 whistleblower tips since mid-March, a 35% increase over the same time period last year. This has resulted in the Enforcement Division opening hundreds of new investigations[1]. At the same time, the number and value of whistleblower awards by the SEC have reached all-time highs,[2] with the single largest whistleblower award in history awarded Thursday.[3]

It is unclear whether the increased reporting rate is reflective of newly developed compliances issues during the pandemic, or long-standing ones that employees are now reporting with more personal time and physical distance from day-to-day operations.

The costs of remaining in or coming into compliance pale in comparison to the costs associated with a substantiated SEC whistleblower complaint leading to an enforcement action. Aside from the associated civil penalties, which can be considerable, the cost of conducting internal investigations and responding to external investigations can be extensive. The SEC announcing an enforcement action can also damage investor confidence, resulting in a lower stock price and costing a company far more than any penalties. Often, an enforcement action is also followed by shareholder litigation — even when alleged errors may be those of unknowing omission, rather than an active intent to violate securities laws. 

While a robust compliance and internal control program is always important, there has never been a better time to revisit your own processes and examine places for improvement. Here are a few areas on which to focus:

• Ensure employees know whom to contact within your company to report concerns or violations. Employees who feel leadership takes compliance seriously, investigates allegations of wrongdoing, and protects whistleblowers from reprisal can be the best first line of defense against any sort of securities enforcement action.

• Communicate to your employees how any whistleblower reporting to you remains confidential, and ensure your systems for maintaining confidentiality and preventing reprisal are robust. Allegations of reprisal by whistleblowers expose companies to further liability and penalty, beyond any securities law violations.

• As part of educating employees on how to report issues, make sure internal compliance policies are up to date and comply fully with Sarbanes-Oxley and other applicable laws and regulations. 

• Ensure the audit committee on your board is properly resourced and meeting regularly. Independent, internal investigations and prompt self-reporting, where appropriate, to regulators are viewed positively in any regulatory investigation or enforcement action.

• If you receive an internal whistleblower report, treat it seriously. Regulators do not expect a board to have detailed working knowledge of all day-to-day operations, but they do expect that when a board becomes aware of a problem, it will take decisive action to correct it.

Endnotes

[1]  https://www.wsj.com/articles/tips-to-sec-surge-as-working-from-home-emboldens-whistleblowers-11591003800

[2] https://www.natlawreview.com/article/sec-whistleblower-awards-skyrocket-2020

[3] https://www.law360.com/articles/1280015/sec-pays-50m-whistleblower-award-its-largest-ever.