Fleet-footed investigations and prompt remedial action: the new normal

Whistleblowing has really become a hot issue. In March 2015, the SEC issued a half million dollar bounty award to a whistleblower, serving as a huge reminder to employers–including community banks–to have protocols in place to investigate and respond to internal complaints and concerns. The national law firm of Littler Mendelson, experts in employment and labor laws, shares some insight to effectively address internal concerns to prevent (potentially embarrassing) escalations of situations.

• Does your bank respond to all internal concerns immediately, investigate them thoroughly and remediate them with unmatchable speed? 
• What if the concern comes from an officer, director, lawyer, compliance professional, internal auditor, or an outside accountant? 
• Do you assume you have time because, after all, it is the informant’s “job” to identify and remedy non-compliance or,
• Do you jump on the concern regardless of who raises it, launching and concluding your investigation and implementing remedial action within 120 days? 

The Security and Exchange Commission’s recent Dodd-Frank bounty award of half a million dollars to a former company officer who waited the requisite 120-day period tells employers they must act immediately no matter who raises or learns of the concern. This is the SEC’s first award to an officer who was not the individual raising the concern internally, and shows that individuals with compliance-related jobs and other “bystanders” are fully able to report matters to the SEC and collect awards. Act now on every concern, the SEC is saying, unless you would prefer to outsource your investigation to them. 

The SEC’s March 2, 2015 press release1 is also a clarion call to anyone observing corporate fraud. In this and other recent public statements, the SEC reaffirms that no matter who you are or how you learned of the fraud, you are encouraged to come forward and you will be heard. For every employer the message is equally clear: your internal complaint system should do no less.

Keep in mind that under the Dodd-Frank Act, anyone can be a whistleblower by reporting conduct that relates to a possible violation of the federal securities laws–including any rules or regulations thereunder–that has occurred, is ongoing, or is about to occur. Equally important, Dodd-Frank’s anti-retaliation provisions apply to violations of laws subject to the SEC’s jurisdiction, which includes the Bank Security Act, USA Patriot Act, and any other rules and regulations subject to the SEC’s jurisdiction. The whistleblower retaliation provisions also cover disclosures required or protected by the Sarbanes-Oxley Act of 2002, which includes reports of bank, mail and wire fraud.

Whether you are a public entity or privately-owned bank, the time is now to develop a reliable investigation system as part of your internal compliance program that welcomes internal concerns and promptly and capably addresses them. And that includes concerns raised by individuals who oversee and implement your bank’s compliance function.

Most employers know that Dodd-Frank’s bounty program offers significant rewards to whistleblowers who voluntarily provide original information about a possible violation of securities laws or regulations to the SEC, where that information leads to a successful SEC enforcement action totaling more than $1 million. When the SEC finalized its regulations to implement the bounty program, it included exceptions that prohibited awards to certain individuals whose roles customarily give them information about company fraud and misconduct.

Relevant here, those prohibitions included situations where the potential SEC whistleblower was “an officer, director, trustee, or partner of an entity and another person informed you of allegations of misconduct, or you learned the information in connection with the entity’s processes for identifying, reporting, and addressing possible violations of law.” 17 CFR § 240.21F-4 (b)(4)(iii)(A). Awards were also prohibited to individuals whose principal duties involve compliance or internal audit responsibilities, public accountants retained to perform the company’s audit, and firms retained to investigate violations of law.

The SEC’s regulations, however, included “exceptions to the exceptions,” which are central to the recent award. Each of the exceptions vanishes where the SEC whistleblower–as the SEC press release puts it–“reports the information to the SEC more than 120 days after other responsible compliance personnel possessed the information and failed to adequately address the issue.” The SEC informant need not be the one who raised the concern inside the company to the company’s legal or compliance function; he or she may simply have “received the information” if it was received under circumstances indicating that the entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or the informant’s supervisor was already aware of the information.

What this means is that bank “bystanders” who observe an ongoing ineffective or delayed investigation of securities-related concerns may become whistleblowers entitled to a bounty, even where they learn of the information in their capacity as one who identifies or oversees compliance concerns.2 The SEC has also focused its viewfinder on other employer compliance-related agreements and procedures (confidentiality agreements, separation agreements, codes of conduct, policies) that may dissuade individuals from communicating with the SEC. Taken together, the SEC’s messages should give every bank more than enough reason to develop effective internal reporting mechanisms that promptly address internal concerns without fear of retaliation.

What action is necessary to satisfy the SEC that a bank “adequately” addressed an issue within 120 days will be a case-by-case determination. One decision every bank must face is whether to self-report an issue or complaint to the SEC. Having sufficient information to make that informed decision will also require an effective and timely investigation.

Recommendations for internal investigations and communications

1. Given the SEC’s increased focus on this area, it is recommended that employers work with knowledgeable counsel to review and upgrade their internal investigation systems to promptly and effectively address all internal concerns. At a minimum, employers should: 
2. Review and upgrade their internal investigation system to ensure they immediately process, promptly and effectively investigate, and expeditiously resolve all concerns reported through any of the company’s internal channels (the company’s hotline and “in-person” channels such as human resources, legal and management).
3. Develop investigation guidelines and train investigation personnel. Conducting effective and lawful investigations is not a luxury for an organization; it is imperative. Well-designed investigation guidelines will better ensure that all important legal and compliance issues are identified, tracked, investigated in an appropriate and timely manner, and resolved.
4. Develop escalation procedures that adequately inform oversight personnel of significant risks. An effective communication system to the stakeholders of the employer’s compliance program means that the right level of personnel, including regulators like the SEC when appropriate, are receiving the right information at the right time. It also means that individuals who have no legitimate need to know about matters are not inadvertently provided such confidential information.
5. Update and socialize the importance of “speak-up” and anti-retaliation policies to encourage internal reporting.
6. Review compliance-related documents, confidentiality agreements, separation agreements, and employment agreements to ensure that these documents do not contain messages dissuading employees from communicating with federal agencies.

1. See Press Release 2015-45, Securities and Exchange Commission, Former Company Officer Earns Half-Million Dollar Whistleblower Award for Reporting Fraud Case to SEC (Mar. 2, 2015).

2. Of additional interest in this scenario is whether the officer has an obligation to turn over the reward to the employer, if, for example, he or she is subject to California law. See CAL. LAB. CODE § 2860 (“Everything which an employee acquires by virtue of his employment, except the compensation which is due to him from his employer, belongs to the employer, whether acquired lawfully or unlawfully, or during or after the expiration of the term of his employment”).

About the authors
Philip Storm is a Shareholder in the Ethics and Compliance Practice Group, based in Littler’s Chicago office, Earl M. “Chip” Jones III, co-chair of the Whistleblowing and Retaliation Practice Group, is the Office Managing Shareholder of the Dallas and Fayetteville offices, and Greg Keating, co-chair of Littler’s Whistleblowing and Retaliation Practice Group, is a Shareholder in the Boston office. Littler Mendelson, P.C. is the largest law firm in the nation specializing exclusively in the representation of management in all aspects of labor and employment law. Banks with EPLI through ABA Insurance Services can access more information about this and other employment law topics by going to HRriskmanager.com.

ABA Insurance Services' EPLI includes loss prevention resources from Littler 

The national law firm of Littler Mendelson, P.C. provides two important loss control services at NO ADDITIONAL COST to customers of ABA Insurance Services who purchase Employment Practices Liability Insurance:

HRRiskManager: A password-protected Web site providing over 2,500 pages of useful HR forms, employee policies, reference manuals and more--all prepared by Littler attorneys. Insureds of ABA Insurance Services can also access and download powerful tools specific to banks addressing: Employee Accounts and Personal Finances, Checking Accounts, Prohibited Transactions, Elder Financial Abuse, Proprietary Information, Return of Bank Property, Extension of Credit to Relatives, and Fiduciary Appointments.
Employment Practices Helpline: Call the Employment Practices Helpline to talk to an experienced employment law attorney from Littler about employee discipline and terminations, sick leave, attendance, harassment claims, conducting investigations, or other workplace or employment law issues. Attorneys from Littler are available to:

• Guide you through the proper steps with respect to personnel actions;
• Answer employment-related legal questions; and
• Identify the best approach to investigate, document and resolve workplace issues/disputes.

Accessing the Employment Practices Helpline is simple. Just call the Helpline and identify yourself as an insured of ABA Insurance Services. An experienced employment legal professional will assist you with your employment or labor law question or concern; however, the Helpline does not provide advice in connection with active litigation, reviewing or drafting documents, transactional work, trade secrets/covenants-not-to-compete, ERISA matters, on-going advice matters, wage and hour issues or advice requiring significant legal research.

Littler is the nation’s largest employment and labor law firm, uniquely positioned to assist your bank in navigating through the maze of complex employment law issues and regulations. Their attorneys draw upon extensive experience and resources to provide strategic guidance and help you reduce your exposure to employment-related liability. For more about Littler, contact Brian McMillan at 408-998-4150 or visit littler.com.

Any discussion relating to policy language and/or coverage requirements is non-exhaustive and provided for informational purposes only. For details on coverage provided by your specific policy, please refer to your policy.