On December 7, 2020, the Securities and Exchange Commission (SEC) will implement new rules to its whistleblower program with the goals of providing greater transparency to the process, and increasing both the incentives and awards whistleblowers receive. The latter point will see awards increased to the "maximum extent appropriate," where sanctions obtained by the SEC are $5 million or less, which in this case is 30% of sanctions obtained. This rule applies to ‘all award claims still pending’ on December 7, 2020. Thus, the applicability of this rule is retroactive.
The new rules were approved by SEC commissioners in September and follow a bumper year for payouts, with the office awarding more money to more whistleblowers than ever before in the program’s history. The SEC paid out around $175 million in awards to 39 tipsters in the fiscal year ended September 30 and received a record number—around 6,900—of tips.
The SEC also received a record number of whistleblower tips this year, again, the most for any year since the program began, and suggests that the added pressures of COVID on companies and their employees is driving the increase in misconduct and a corresponding increase in external whistleblowing.
Economic pressure increases misconduct and misconduct reporting
According to the Global Business Ethics Survey 2020, from the Ethics and Compliance Initiative (ECI), more than one in every five employees feels pressure to compromise their organization’s ethics standards, policies, or the law. Furthermore, employees who feel under pressure to do so are 2x more likely to observe misconduct in their workplace than those who don’t.
With remote working a staple of 2020 and possibly beyond, the suggestion is that prospective whistleblowers feel more confident in taking action because they have the added security of being ‘out of sight, out of mind’ of their peers and leaders. But as is intended, the highlighted changes to whistleblower legislation are also having the effect of encouraging more people to come forward.
The SEC started to review its claim-evaluation process with the goal of making it more efficient about a year and a half ago in recognition of a global trend toward increasing the protections for those who choose to blow the whistle as well as to better protect them against retaliation.
In the US, further progress is being made in this direction at a federal level through the Whistleblower Programs Improvement Act (WPIA) and the Whistleblower Protection Reform Act of 2019 (WPRA).
Meanwhile, forthcoming European regulation will also apply to US companies with operations in the EU, as any company that has employees in the EU will be affected by the EU Whistleblower Protection Directive.
Every employer with more than 50 employees in the European Union will need to comply with the European Union’s Directive for the protection of persons reporting on breaches of Union law. The legislation comes into effect from December 2021.
Whistleblowers gain more protection
As is the case in the US, the EU Directive approved in October 2019 is designed to grant greater protection for those who seek to expose corporate wrongdoing and to encourage whistleblowers to come forward.
The problem in encouraging those who experience or witness wrongdoing to speak up is well documented. In 2017 the EU commissioned a Special Eurobarometer on Corruption and as is the case with all forms of misconduct, the majority of Europeans who experience or witness corruption do not report it. Worryingly, over eight in ten respondents (81%) said that they did not report corruption that they experienced to anyone.
Of the challenges revealed in the report, the main disincentives are the absence of consequences on the perpetrators and the lack of protection for those who report. Around one in three think reporting is pointless because those responsible won’t be punished and a similar number are concerned that there is no protection for those reporting it.
Another revelation of note is that less than half of all Europeans would know where to report corruption if they wanted to.
Such amendments to whistleblower legislation, whether in the US or the EU, are designed to solve these challenges, by increasing protections, demonstrating consequences, and promoting external reporting channels.
Optimizing internal reporting
There is an obvious concern here because when it comes to encouraging and capturing reports of ethical misconduct or compliance breaches, having prospective whistleblowers first use an internal reporting channel is the most desirable approach for businesses.
Not only does this minimise the risk of financial and reputational damage of an incident going public or to a regualtor at a later stage, it also strengthens trust between the employee and employer by encouraging more people to speak up before concerns boil over. Unfortunately, it’s often when the internal mechanism falls short, is ineffective, or even unavailable, that whistleblowers decide to take their concerns to an external party, social media, or to the press.
At Vault Platform we hear from compliance leaders that they are seeing a steady decrease in hotline usage by internal whistleblowers. The shift away from telephone hotlines is highlighted in the 2019 Global Business Ethics Survey, which revealed hotlines as the least popular channel - used only by 6% of people that reported misconduct.
With a multigenerational workforce that largely favours digital communications, hotlines are seen as increasingly outdated. The most effective way to open a two-way dialog with a prospective whistleblower, anonymously or in-name, is through technology such as a mobile app. Vault Platform also advocates for highly accessible technology that can blind-connect multiple parties reporting the same or a similar incident and help identify problems before employees feel compelled to take their reports to an external body.
With the safeguards set out in the legislative amends, authorities worldwide are signaling to whistleblowers that they have nothing to fear while encouraging workers to report on company wrongdoing. Ahead of the changes Compliance leaders need to:
- Communicate the impact of the amends to essential stakeholders, including new responsibilities
- Communicate the impact of the amends to all employees, identifying who is protected and what is covered
- Communicate the hierarchy of reporting channels and why/when they should be used
- Implement tools and processes to:
- Capture incident reports
- Confirm receipt of reports and provide updates
- Allow for further communication and feedback between reporter and investigator
- Allow for resolution update
- Ensure the tools and processes retain confidentiality of identities (and are compliant with GDPR in the EU specifically)
- Update policies to reflect new implications
- Make sure all the above information and policies are easily accessible
- Communicate the whistleblowing process and ‘how to’ to all employees and have a campaign plan to frequently disseminate this information