Day: August 17, 2022

We recently had some interesting news regarding whistleblowers and whistleblowing that I thought compliance professionals should be cognizant of going forward. These matters included a Securities and Exchange Commission (SEC) bounty award to two whistleblowers which detailed reasons for the award. Additionally, there have also been two enforcement actions brought by the SEC where companies had surreptitiously tried to prevent former employees from whistleblowing to the SEC through craft Non-Disclosure Agreement (NDA) language.

Whistleblower Bounty Awards

The SEC issued one Order announcing two anonymous whistleblower awards. As noted, the whistleblowers were anonymous as was the company whom they blew the whistle on. Claims Review Staff (“CRS”) had four claimants to evaluate for an award and settled on two of them, Claimants 1 & 2. Claimant 1 was awarded $13 million, and Claimant 2 was awarded $3.3 million. The Order listed six reasons why Claimant 1 was awarded the bulk of the whistleblower bounty.  (1) Claimant 1’s tip was the initial source of the investigation; (2) Claimant 1’s tip exposed abuses in (Redacted), that would have been difficult to detect without Claimant 1’s information; (3) Claimant 1 provided the SEC staff with extensive and ongoing assistance during the course of the investigation, including identifying witnesses, including (Redacted) and helping staff understand complex fact patterns and issues related to the matters under investigation; (4) the Commission used information Claimant 1 provided to devise an (Redacted) and finally, Claimant 1, “persistently alerted the Commission to the ongoing abusive practices for a number of years before the investigation was opened.”

Claimant 2 received their award based upon the following factors: (1) Claimant 2 was a valuable first-hand witness who also provided helpful information relevant to the practices, although several years after the SEC had received Claimant 1’s information; (2) Claimant 2 provided information and documents, participated in staff interviews, and provided clear explanations to the staff regarding the issues that Claimant 2 brought to the staff’s attention; (3) Claimant 2’s information gave the staff a more complete picture of how events from an earlier period impacted the Firm’s practices and provided information which the SEC staff was able to use in settlement discussions with the Firm’s counsel. However, and most significantly, and in contrast to Claimant 1, “Claimant 2 delayed reporting to the Commission for several years after becoming aware of the wrongdoing. Accordingly, we find that Claimant 2 unreasonably delayed reporting to the Commission and that Claimant 2’s award should be set at Redacted in light of all the facts and circumstances.”

Attempts to Impede SEC Reporting

Since at least the KBR, Inc.’s pretaliation enforcement action, the SEC has made clear that companies cannot impede, contractually through an NDA, the ability of a reporter to whistleblow to the SEC. A Law360 article, by Steven J. Pearlman, Pinchos Goldberg and Alexandra Oxyer, lawyers from Proskauer Rose LLP, detailed two recent SEC enforcement actions where companies were found to have wrongfully attempted to circumvent Rule 21F-17 under the Securities Exchange Act of 1934, which “prevents companies from, among other things, using confidentiality agreements to impede whistleblowing to the SEC.”

In the first matter, styled In the Matter of David Hansen, the SEC found that Hansen, an executive of NS8, Inc., had an employee who “raised concerns internally that NS8 was overstating its number of paying customers, including that the information used to formulate external communications to potential and existing investors allegedly was false. The employee also raised the concerns directly to the executive and later submitted a tip to the SEC. After making a report to the SEC, the employee told the executive that unless the company addressed the allegedly inflated customer data, he would reveal his allegations to the company’s customers, investors and any other interested parties.”

Hansen and the company Chief Executive Officer (CEO), “allegedly took steps to remove the employee’s access to the company’s information technology systems. The executive also allegedly used the company’s administrative account to access the employee’s company computer and obtain his passwords to his email and social media accounts. The company then discharged the employee. The SEC concluded that in restricting the employee’s access to the company’s IT systems and in monitoring his online activities, the executive substantially interfered with the employee’s ability to communicate with the SEC about his concerns in violation of Rule 21F-17.”

The second matter, In the Matter of The Brink’s Company, the SEC found that from at least April 2015 through April 2019, Brinks used an NDA that prohibited employees from disclosing confidential company information to any third party without the prior written approval of Brinks. This NDA threatened current and former employees with liquidated damages and legal fees if they failed to notify the company prior to disclosing any financial or business information to third parties. Most significantly, the NDA did not provide an exemption for potential SEC whistleblowers. Perhaps most damning for Brinks was that after the KBR enforcement action, Brinks modified its NDA by adding a $75,000 liquidated damages provision for violations of the agreement. While the reason(s) is not clear from the SEC Order, Brinks was assessed a $400,000 penalty for its blatant attempts to keep employees from reporting to the SEC.

While the Brinks matter seems straight-forward, the Order did note that Brinks was made aware of the KBR Order, so the company was on actual knowledge of what the legal requirements were and still disobeyed them. However, the Hansen matter does seem a bit less clear. The Proskauer lawyers noted, the Order “could be read to reflect an exceedingly broad view of the protections afforded to SEC whistleblowers under Rule 21F-17 — protecting employees who have threatened to broadcast company information to third parties other than the SEC, such as customers or investors, or even the media. This could jeopardize the privacy of sensitive data and other confidential information and trade secrets, which could present a range of significant risks to companies.” They also noted a vigorous dissent from Commissioner Heather Pierce.

The whistleblower awards remind all compliance professionals the power of internal reporting and the cost when internal reporters are not listened to and take their concerns the SEC. The enforcement actions involving Hansen and Brinks demonstrate the SEC takes concerns of company actions to, in any way, stop employees from bringing information to the SEC very seriously and will vigorously enforce the protections afforded to whistleblowers.

We also lost someone Monday who was a cultural phenomenon for many decades, Olivia Newton-John, the beautiful Australian singer who burst on the US scene in 1974. She is probably best known as the heartthrob Sandy in the movie version of Grease where she put the singer’s chaste image behind her. According to her New York Times (NYT) obituary, “her character, Sandy, transformed from a pigtailed square smitten with John Travolta’s bad-boy Danny to a gum-smacking bad girl. “Grease” became one of the highest grossing movie musicals ever, besting even “The Sound of Music.” Its soundtrack was the second best-selling album of the year, beaten only by the soundtrack for “Saturday Night Fever,” which also starred Mr. Travolta.” If you can watch Grease without singing along, you are probably dead.

For my personal tribute I will quote a Facebook post from my friend Bill Dyer who I have known since 1976 when he was my RA at the University of Texas. Dyer penned the following, “In the summer of 1974, before my senior year at Lamesa High School, I was a full-time DJ at KPET-AM. Olivia Newton-John’s “If You Love Me, Let Me Know” album had come out in May, and we had a promotional copy at the station…The single I was supposed to play from this album was the country & western(ish) title song, “If You Love Me, Let Me Know” — consistent with our station’s C&W format. But the track that I personally preferred from the album was this song, I Honestly Love You. The programming director gave me grief about it, and I did indeed also play “If You Love Me, Let Me Know.” But this was THE heart-throb song of the summer. And yeah: It still gets me. Requiescat in pace, Olivia Newton-John. You were jaw-droppingly talented and lovely, and your music will continue to summon forth some of my most vivid memories of my young adulthood.”

We are currently exploring 10 Principles of Effective Organizations, by Michael O’Malley. The author identified 10 research-backed principles from the field of organization development to guide companies and I have adapted them for the compliance professional. Yesterday in Part 1, we took up his first five, focusing on the Chief Compliance Officer (CCO), and today we conclude with his final five, focusing on operationalizing your compliance program.

Diversify your workforce — and create an inclusive environment

Every CCO should be modeling diversity, but the author makes clear the benefits of diversity, noting “Complex tasks require a diverse mix of viewpoints and abilities to satisfactorily complete.”  For compliance this need will only grow with the need for a diversity of subject matter expertise (SME) in a corporate compliance function, including compliance, legal, behavioral psychology and behavioral organization, data scientist and a host of others.

Compliance functions in 2025 and beyond will “require large numbers of different agents to enhance system reliability and resilience.” In addition to the diverse workforce and discipline need for any compliance program, you should consider diversity of citizenship so that not all your compliance talent is from the domicile from your home country. You should also consider bringing other corporate disciplines into your compliance function on a rotating basis such as sales leaders, senior executives and Human Resource (HR) functionaries as well.

Promote personal growth

Almost stating table stakes in the 2022 corporate world, the author states, “An effective talent management program is one in which a company has a large pool of able, external job candidates, sufficient competent coverage of existing positions, succession plans throughout the organization, and a panoply of support programs: career counseling and development, career planning workshops and vocational assessments, mentoring and coaching programs, and in-house training and educational assistance to augment employees’ career objectives.”

Now take this base line and overlay what the Department of Justice (DOJ) has told us over the years. In theFCPA Corporate Enforcement Policy it states, “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;”. This means not simply hiring competent compliance department personnel but also that they continue to grow within the compliance profession by going to conferences and growing professionally in other ways (such as reading blogs and listening to podcasts).

Empower people

While many CEO-types believe “the practice of empowerment in organizations is often like a parent handing the keys of a high-performance vehicle to their teenager and hoping, day after day, that the car will return intact.” CCOs and other compliance professionals recognize that empowering not simply your compliance team but indeed your employee base to ‘do compliance’ is a key manner to operationalize your compliance program to make it effective.

Always remember that as a CCO or compliance professional, your customers are your employees, and this can extend to other stakeholders such as key third-party partners. Empower these groups to do compliance and they can become not simply your good friends but also will allow you to move from a detect mode to a prevent mode. This also ties into having a true speak up culture in an organization.

Reward high performers

Here the author focuses on based pay for performance plans for employees. He believes that rewarding high performers can “increase job satisfaction and motivate action and, when appropriately structured, are instrumental in producing environments in which the best help the rest. Indeed, it is common in teams that the top members will lift the performances of good, but less capable, members.”

Yet when you consider rewarding your employee base for doing business ethically and in compliance you should consider the same benefits as a part of your compliance program. The DOJ has long recognized this as far back as the original edition of the FCPA Resource Guide which continues to state in the 2^nd edition, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. The incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” So, reward your high performers for doing business ethically within your company’s values in addition to your compliance function personnel who do great work.

Foster a Leadership Culture

Even in 2022, ethics and compliance all starts at the top. The author correctly notes, “Everyone who has worked in an organization knows the affective power of leadership and its effects on culture, both good and bad.” Appropriate tone at the top and a compliance program and function to back up “supportive, inclusive management practices that provide assurances of safety allow people to take reasonable risks, make mistakes, speak up and challenge the status quo, and ask for help and request resources to make improvements” will help your organization going forward.

Senior management who create safe environments encourage “employees to more openly and beneficially interact, learn and grow, display greater creativity, and think of themselves as potent and efficacious actors will reap those benefits. Despite the known value of leadership, organizations frequently show little genuine interest in the quality of leadership by foregoing meaningful assessments and by being far too accommodating of managerial miscreants who may be productive but are toxic to the organization’s culture.”

The author concludes, “Fulfilling these 10 principles is a tall order.” Nonetheless, any CCO who puts these into practice will have a compliance function that should be resilient and able to respond to market or regulatory changes when needed and does business ethically and in compliance through a fully operationalized compliance regime.

Tom’s Top 5 Olivia Newton-John Playlist (all from YouTube)

I Honestly Love You

You’re the One I Want

Summer Nights

Xanadu

Let Me Be There

Last week we lost Vin Scully, this week we lost David McCullough. McCullough was one of America’s greatest living historians. He worked in a variety of formats, including non-fiction books, television and movies. He was a great writer, winning numerous national awards for his books. According to his New York Times (NYT) obituary, “McCullough won Pulitzer Prizes for two presidential biographies, “Truman” (1992) and “John Adams” (2001). He received National Book Awards for “The Path Between the Seas: The Creation of the Panama Canal” (1977) and “Mornings on Horseback” (1981), about the young Theodore Roosevelt and his family.”

Many others knew him from his television work, most notably on Ken Burns The Civil War, and as the host of the American Experience. Not exactly John Facenda-like (i.e., the Voice of God) but as Gary North said, “not imperious, yet not exactly soothing, either — comes on, and we become more calm.” He also noted, “Incredibly, you don’t want him to shut up.” I heartily agree and could have listened to McCullough read the phone book (when there was such a thing).

As for my favorite books, probably No. 1 is The Path Between the Seas. Book about places are a notoriously tricky thing but it was great history, wrapped in a great biography all the while telling a great story. My co-favorite (1A) was his biography John Adams, first and foremost because of the love story between Adams and his wife Abagail, who was truly his partner in his entire life’s work. It also set a standard for telling the story of how Founding Fathers created a new nation in the midst of a bitter war.

I thought McCullough was a good introduction to start a two-part series on business approaches to create an effective compliance. I recently saw an article in the Harvard Business Review (HBR), entitled 10 Principles of Effective Organizations, by Michael O’Malley which also intrigued me about this topic. The effectiveness of a compliance program is an ongoing dialogue but what business strategies can you use to do so. Chief Compliance Officers (CCOs) are good at using the Hallmarks of an Effective Compliance Program, as delineated in the FCPA Resource Guide 2^nd edition, as a guide but in this article, the author articulates a set of criteria and goals to meet to maintain the ability of companies to compete and grow. He identifies 10 research-backed principles from the field of organization development to guide companies and I have adapted them for the compliance professional. Today we take up his first five and we conclude tomorrow with his final five.

Encourage cooperation

The central objective of every compliance program is to achieve a cooperative ethical order in an organization to do business ethically and in compliance. From the organizational behavioral perspective, this means removing “divergent motives and antagonistic goals” in an organization.  While getting everyone to row in the same direction is one part, the second part is to keep some group of employees, a business unit or geo-region, from breaking off and taking a short cut in your risk management protocol.

This means you as CCO need to channel your inner Russ Berland and buy lots of pizza for the business unit folks or others in the organization to create “strong social bonds among employees” that will drive all employees to do business in such a desired manner. The author notes, “They are affective bridges back to the organization that positively build relationships and influence performance.” That is certainly a key for every CCO and compliance professional.

Organize for Change

Many “once-great companies have found their final resting places in an expansive graveyard of slow-movers and has-beens. These companies failed because they were unable to adapt to changing conditions and succumbed to capitalism’s unapologetic truth that only the fittest will survive.” Now think about that intonation in the context of 2 years of a pandemic and the Russian invasion of Ukraine and its impact on business on a worldwide basis. Just as business has been buffeted by these winds, so has the compliance profession and its need to respond.

In effective compliance programs, CCOs “upend paralysis by generating a consensus of meaning and action. They build the case for change, create a positive mindset for change, convince others of the value and legitimacy of the change efforts, and battle against systemic forces of institutional inertia that lock companies into their current, misguided trajectories.” This is only truer in 2022 for the reasons I noted above. What the author said about companies applies to compliance even more, “Confidence, conviction, and courage are helpful companions in this journey, as not all change is readily apparent and must be made before there is an evident need for it and the window of opportunity has closed.”

Anticipate the Future

This is something I have talked more and more about, as the “preservation of an organization­ depends on its leaders having the navigational judgment and skill to prepare their companies for what lies ahead.” Once again this is even more so for the compliance function. The author noted that the “short term is undertaken with greater certainty of outcomes. The short term can be very rewarding. The short term provides executives with the continuing authority to lead by demonstrating their effectiveness in producing results.” Yet as we begin to plan towards mid-century, CCOs “must be able to look past nearby obstructions to see clearly what lies beyond.”

Part of that is anticipating your organizations needs both on the sales side and in the Supply Chain. Part of that is having resiliency built into your compliance program so that if China invades Taiwan, you will be able to respond to the inevitable changing landscape. Another part is technology or ComTech. A CCO needs to have tech savvy “people who collectively challenge the assumptions on which their current actions are based in order to imagine other possibilities. As Thomas Kuhn maintained, if your conception of the world is that it is flat, you will see things one way; if your conception is that it is round, you will see things in quite other ways. But you cannot see the implications of roundness until you suspend belief in flatness.”

Remain Flexible

Compliance must be at once disciplined, resilient and flexible, “reacting to the unexpected during turbulent times and flexibly bending when rushes of demand are placed on” it, then bounce back into shape “once the need for transformation has passed.” This can largely be achieved through improved use of ComTech and by aligning that tech to meet new challenges. Here the author also speaks to the need of “a simple creative additive of divergent thinking.” What you may not need on your compliance team is another lawyer but a data scientist, behavioral psychologist or a training expert. Compliance is changing and as a CCO you need to be ready to embrace the change to deliver the top compliance services to your customer, your company employees.

Create Distinctive Spaces

Interestingly, coming out of a two-year (and still ongoing) pandemic, the author believes there is  a “link between the quality of a work environment and employees’ health, satisfaction, and performance.” This means if you are going to require your compliance team back in the office, the “basic dimensions of environmental indoor quality such thermal comfort, air quality, lighting, acoustic quality, and the ergonomic features of furnishings positively relate to enhanced performance.” Not only will it make your compliance team more effective, but it will also help in the competition for talent acquisition and retention.

Join us tomorrow where we conclude our review and note that Grease is the word.