Somewhat overlooked in the attention to the SEC’s recent $30 million whistleblower award is a more frightening development for public companies. Just weeks earlier, the SEC announced an award to an employee who performed internal audit and compliance functions. The SEC said such employees “are on the front lines against fraud and corruption” and offered the prospect of large awards to whistleblowers.
The SEC’s action may drive a wedge between management and employees responsible for internal audit and compliance. Employees in the latter category are not regulators nor employees of the SEC. Internal auditors are responsible for evaluating and improving the effectiveness of risk management, control, and governance processes. Employees with compliance functions share similar roles but have other unique responsibilities. Both sets of employees should maintain open communication with management and work as part of a team to identify and resolve issues. This is particularly true in the area of accounting issues, which often depend on the exercise of judgment and may have more than one correct solution.
However, employees with compliance or internal audit responsibilities may be encouraged by the SEC’s action to avoid full engagement in the internal process and report to the SEC whenever an issue arises. While such employees must normally first report internally and wait 120 days before reporting to the SEC, they have no obligation to help the company resolve the issue raised. Indeed, the SEC’s adopting release for the whistleblower rules makes clear the 120 day period is for the benefit of the whistleblower, not the company.
The SEC’s whistleblower award to an employee with internal audit and compliance functions may be disruptive to these functions, and should be a cause of concern for all public companies. At a minimum, the SEC’s recent whistleblower announcements serve as a warning call to companies, and as a reminder of the value of having a plan in place to respond to allegations of wrongdoing.