America's business community is having a collective coronary attack over the new whistleblower rules put forth by the Securities and Exchange Commission as part of Dodd-Frank. Their fears may be blinding them to the positive outcome this could have for corporate governance.
The rules create the prospect for eye-popping "bounties" — payments of 10-to-30 percent of penalties and fees over $1 million — for corporate whistleblowers who report fraud to the SEC, bypassing internal corporate-compliance mechanisms as they do so.
Many CEOs fear that internal compliance may implode as a result, and drive new litigation as would-be whistleblowers try to cash in with the SEC.
"Not informing the company of a potential fraud and waiting for the SEC to act is the equivalent of not calling the firefighters down the street to put out a major fire," said a spokesperson for the U.S. Chamber of Commerce.
Not everyone agrees. Senator Chuck Grassley, an Iowa Republican and a longtime supporter of whistleblower legislation, cites "a long history of retaliation against whistleblowers" as the reason why "protection and independence from the operation that's potentially doing wrong" could prevent the next Bernard Madoff-like fraud.
Corporate Crime
Some of the back-and-forth arguments over the Dodd-Frank whistleblower rules have sounded like the chicken and the egg.
On the one hand (the government says), companies aren't doing enough to root out corporate crime; a new channel for reporting fraud is needed. On the other hand (companies say), we can't root out corporate crime internally if the government creates irresistible incentives for employees to bypass management and report directly to the SEC.
Is the corporate sky in danger of falling? Last month the RAND Center for Corporate Ethics and Governance convened a symposium of executives, compliance officers, academics and regulators to discuss the real barriers to internal whistle blowing and explore how government and industry might actually work together to detect and prevent corporate misconduct.
The kerfuffle over Dodd-Frank conceals broad agreement that corporate fraud and misconduct are bad and that internal compliance mechanisms are intended to protect companies as well the community at large from bad behavior. We'd all be better off if the occurrence of misconduct is low, employees trust internal reporting mechanisms, and those mechanisms make external whistle blowing largely superfluous.
Botched Investigations
So how do we move the corporate community in this idealized direction?
Start with the premise that all internal reporting programs are created equal. One need look no further than Tenet Healthcare Corp.'s and Renault SA's recent public stumbles to see the thousand ways that internal programs can go awry. In both those instances, the use of an internal whistleblower-reporting hotline still resulted in a botched investigation and questionable decisions on the part of the companies.
Chief compliance officers with long experience in the field say it's not enough for a company to install a reporting line. The company has to convince skeptical employees that management will act on internal reports of misconduct, and that employees will be protected against retaliation for raising concerns.
These two factors, according to the Ethics Resource Center's National Business Ethics Survey, are what keep 40 percent of employees who observe misconduct in the workplace from reporting their concerns to anyone.
Objective Process
Once an internal report of misconduct is received, the company needs a consistent and objective process for investigating the complaint and raising problems to the top. That process needs to be adequately resourced and overseen by someone with appropriate skill, experience and independence. Given that companies and careers hang in the balance, and that powerful individuals are often at the center of allegations, is it any wonder that the process forinternal investigation is difficult to get right?
Enter the chief compliance officer, who is the ultimate protector of the employee who blows the whistle internally. Previous RAND work has addressed the question of what makes for effective internal compliance, and has emphasized the importance of an independent, senior-level chief compliance officer.
While "tone at the top" in building ethical corporate culture is also vital, it can too easily obscure the role of the chief compliance officer and of the concrete steps needed to build robust culture and effective internal reporting mechanisms.
The good news under Dodd-Frank is that regulators, companies and whistleblower advocates have more in common than they realize. The devil is in the details. This is why continuing refinement in the implementation of Dodd-Frank, with further input from the compliance community, needs to be a high priority.
Dr. Michael Greenberg is director of the RAND Center for Corporate Ethics and Governance. Donna Boehme, former group compliance and ethics officer at BP Plc, serves on the advisory board of the RAND center and as principal at Compliance Strategists LLC.