Categories
Daily Compliance News

October 20, 2022 the Lamentable Edition

In today’s edition of Daily Compliance News:

  • Don’t work for KPMG Saudi Arabia. (FT)
  • Elizabeth Holmes asks for a new trial. (NYT)
  • Goldman claims whistleblower allegations ‘lamentable’. (Reuters)
  • Vietnam has yet another anti-corruption push. (WaPo)
Categories
Daily Compliance News

August 11, 2022 the Trump Takes the 5th edition

In today’s edition of Daily Compliance News:

  • Trump takes the 5th in civil investigation. (NYT)
  • Basel Institute’s Green Corruption Program. (Relief Web)
  • Waters wants CFPB to investigate Equifax. (WSJ)
  • 9th Circuit reinstitutes whistleblower case. (Reuters)
Categories
Blog

Update on the SEC and Whistleblowers

We recently had some interesting news regarding whistleblowers and whistleblowing that I thought compliance professionals should be cognizant of going forward. These matters included a Securities and Exchange Commission (SEC) bounty award to two whistleblowers which detailed reasons for the award. Additionally, there have also been two enforcement actions brought by the SEC where companies had surreptitiously tried to prevent former employees from whistleblowing to the SEC through craft Non-Disclosure Agreement (NDA) language.

Whistleblower Bounty Awards

The SEC issued one Order announcing two anonymous whistleblower awards. As noted, the whistleblowers were anonymous as was the company whom they blew the whistle on. Claims Review Staff (“CRS”) had four claimants to evaluate for an award and settled on two of them, Claimants 1 & 2. Claimant 1 was awarded $13 million, and Claimant 2 was awarded $3.3 million. The Order listed six reasons why Claimant 1 was awarded the bulk of the whistleblower bounty.  (1) Claimant 1’s tip was the initial source of the investigation; (2) Claimant 1’s tip exposed abuses in (Redacted), that would have been difficult to detect without Claimant 1’s information; (3) Claimant 1 provided the SEC staff with extensive and ongoing assistance during the course of the investigation, including identifying witnesses, including (Redacted) and helping staff understand complex fact patterns and issues related to the matters under investigation; (4) the Commission used information Claimant 1 provided to devise an (Redacted) and finally, Claimant 1, “persistently alerted the Commission to the ongoing abusive practices for a number of years before the investigation was opened.”

Claimant 2 received their award based upon the following factors: (1) Claimant 2 was a valuable first-hand witness who also provided helpful information relevant to the practices, although several years after the SEC had received Claimant 1’s information; (2) Claimant 2 provided information and documents, participated in staff interviews, and provided clear explanations to the staff regarding the issues that Claimant 2 brought to the staff’s attention; (3) Claimant 2’s information gave the staff a more complete picture of how events from an earlier period impacted the Firm’s practices and provided information which the SEC staff was able to use in settlement discussions with the Firm’s counsel. However, and most significantly, and in contrast to Claimant 1, “Claimant 2 delayed reporting to the Commission for several years after becoming aware of the wrongdoing. Accordingly, we find that Claimant 2 unreasonably delayed reporting to the Commission and that Claimant 2’s award should be set at Redacted in light of all the facts and circumstances.”

Attempts to Impede SEC Reporting

Since at least the KBR, Inc.’s pretaliation enforcement action, the SEC has made clear that companies cannot impede, contractually through an NDA, the ability of a reporter to whistleblow to the SEC. A Law360 article, by Steven J. Pearlman, Pinchos Goldberg and Alexandra Oxyer, lawyers from Proskauer Rose LLP, detailed two recent SEC enforcement actions where companies were found to have wrongfully attempted to circumvent Rule 21F-17 under the Securities Exchange Act of 1934, which “prevents companies from, among other things, using confidentiality agreements to impede whistleblowing to the SEC.”

In the first matter, styled In the Matter of David Hansen, the SEC found that Hansen, an executive of NS8, Inc., had an employee who “raised concerns internally that NS8 was overstating its number of paying customers, including that the information used to formulate external communications to potential and existing investors allegedly was false. The employee also raised the concerns directly to the executive and later submitted a tip to the SEC. After making a report to the SEC, the employee told the executive that unless the company addressed the allegedly inflated customer data, he would reveal his allegations to the company’s customers, investors and any other interested parties.”

Hansen and the company Chief Executive Officer (CEO), “allegedly took steps to remove the employee’s access to the company’s information technology systems. The executive also allegedly used the company’s administrative account to access the employee’s company computer and obtain his passwords to his email and social media accounts. The company then discharged the employee. The SEC concluded that in restricting the employee’s access to the company’s IT systems and in monitoring his online activities, the executive substantially interfered with the employee’s ability to communicate with the SEC about his concerns in violation of Rule 21F-17.”

The second matter, In the Matter of The Brink’s Company, the SEC found that from at least April 2015 through April 2019, Brinks used an NDA that prohibited employees from disclosing confidential company information to any third party without the prior written approval of Brinks. This NDA threatened current and former employees with liquidated damages and legal fees if they failed to notify the company prior to disclosing any financial or business information to third parties. Most significantly, the NDA did not provide an exemption for potential SEC whistleblowers. Perhaps most damning for Brinks was that after the KBR enforcement action, Brinks modified its NDA by adding a $75,000 liquidated damages provision for violations of the agreement. While the reason(s) is not clear from the SEC Order, Brinks was assessed a $400,000 penalty for its blatant attempts to keep employees from reporting to the SEC.

While the Brinks matter seems straight-forward, the Order did note that Brinks was made aware of the KBR Order, so the company was on actual knowledge of what the legal requirements were and still disobeyed them. However, the Hansen matter does seem a bit less clear. The Proskauer lawyers noted, the Order “could be read to reflect an exceedingly broad view of the protections afforded to SEC whistleblowers under Rule 21F-17 — protecting employees who have threatened to broadcast company information to third parties other than the SEC, such as customers or investors, or even the media. This could jeopardize the privacy of sensitive data and other confidential information and trade secrets, which could present a range of significant risks to companies.” They also noted a vigorous dissent from Commissioner Heather Pierce.

The whistleblower awards remind all compliance professionals the power of internal reporting and the cost when internal reporters are not listened to and take their concerns the SEC. The enforcement actions involving Hansen and Brinks demonstrate the SEC takes concerns of company actions to, in any way, stop employees from bringing information to the SEC very seriously and will vigorously enforce the protections afforded to whistleblowers.

Categories
Blog

Ethical Conduct Through Psychological Safety: Part 2 – Safety in the Middle

According to Juan Toribio, writing in MLB.com, Blake Grice waited patiently with his right hand raised for about two minutes to hear his name called inside the Dodgers’ interview room. When he was finally noticed, LA Dodgers star pitcher Clayton Kershaw asked “Whatcha got?” The 10-year-old related that his dying grandfather, Graham, had created a bucket list of things he still wanted to do, one of which was to meet Kershaw. Blake was credentialed by MLB to attend the Post-Game Press Conference and when he did, he dedicated the moment to his now deceased  grandfather.
As reported by Toribio, Blake told Kershaw ““My grandpa loved you. He watched the 1988 [World] Series and he wanted to meet you and Vin Scully one day. So this moment is important to me because I’m meeting you for him.” Before he finished telling Kershaw the story, Blake began to cry” and Kershaw responded by going over to Blake and consoling him with a hug. Kershaw the said to him, “Come here, dude, great to meet you. Thanks for telling me. That took a lot of courage to tell me that. Great to meet you. Your granddad sounded like an awesome guy. Thanks for coming up.””
With a nod of the (St. Louis Cardinals) hat to Tim Erblich for sending me this story, I thought it was a very good way to introduce Part 2 of my series on advancing ethical culture through psychological safety. This series is based on a recent article in the MIT Sloan Management Review, Summer edition, entitled “Fostering Ethical Conduct Through Psychological Safety” by Antoine Ferrère, Chris Rider, Baiba Renerte, and Amy Edmondson. The authors believe “there are a number of things organizations can do to make it more likely that people will speak up when they observe unethical behaviors.” But one key is psychological safety, defined by co-author Edmondson as “a shared belief held by members of a team that the team is safe for interpersonal risk-taking” — or, put another way, that “we can say what we think” or “be ourselves around here.” Today, we look at how to determine the state of psychological safety in your organization.
The authors’ research concluded that while many employees “said that they spoke up after witnessing perceived unethical behavior, a substantial minority said that they did not speak up.” The authors found that “those who felt less psychologically safe were significantly less likely to report those behaviors via channels where organizational leaders might act on them.” Conversely, employees “who felt the most psychologically safe were most likely to have reported the misconduct they observed. This held true even after taking into account a range of other psychological factors that could influence incident reporting, such as perceived levels of organizational justice, fairness, and trust. Psychological safety is therefore important for more than just team effectiveness and well-being; it may also be critical for forming strong ethical cultures where employees feel comfortable speaking up.”
Interestingly, the authors realize the non-siloed nature of psychologically safety at the workplace. They note that ethics, risk management, legal and compliance functions, plus Human Resources (HR) all share an interest in fostering such an environment. This mandates a cross-functional approach as an essential requirement of molding an organization’s culture to include psychological safety. The authors believe, “Managers throughout a company must become aware of the blind spots created by a psychologically unsafe environment, along with the associated risk of underreported misconduct.” They also caution that a formal program such as a reporting hotline “may capture only a fraction of the problematic behaviors that occur.” This leads the authors to posit that gauging psychological safety “may help companies determine whether misconduct is being reported and, in turn, enhance the effectiveness of their formal speak-up programs.”
After 15 years of the Department of Justice (DOJ) and other regulators talking about “tone at the top”; the authors credit that most organizations appear to have senior leadership that talks about ethics positively. They believe “CEOs emphasize that integrity is a core value of their organizations, and that point is reiterated in calls with shareholders and during employee town hall meetings.” Unfortunately, while this messaging is important, the research indicated “it is not sufficient to prevent the derailers of ethical conduct that occur deep within an organization.”
The authors recognize what compliance professionals have known for some time, that it is middle managers, and “not just official speak-up channels are often on the front lines when it comes to hearing about unethical behavior.” They found that 80% of employees who did report internally, went to their direct managers, who are almost always in middle management. This is because middle managers are the company leaders play who play the critical role in ensuring that an employee speaking up feels supported and heard. The authors noted, “Our data shows that how line managers act has a disproportionate impact on the way potentially unethical behavior is addressed within organizations.”
Unfortunately, simply because a middle manager may feel psychologically safe you must not assume that their direct reports feel the same way. Confirming the findings from the ECI Report of its 2021 Global Business Ethics Survey, “managers and senior leaders tend to feel more psychologically safe than their employees and have a more positive perception of their organization’s ethical climate than the rest of the workforce. When you put these two findings together it makes clear that the higher up in the organization you go, there may well be “an ethical blind spot. That makes the role of team managers even more important when it comes to fostering an environment conducive to both engaging in ethical behavior and talking about ethics in an open, constructive way.”
The authors also confirmed a greater problem which is that “in a global context, psychological safety is not uniform across nations.” Survey respondents from “the Americas and Europe tended to score higher on psychological safety than respondents from Asia.” This suggests to the authors that “the potential effectiveness of tailoring interventions that promote speaking up in order to address the specific circumstances of different groups of employees.” Moreover, “global organizations that seek to build psychological safety must assess its various region-specific drivers and derailers to adjust their activities to specific seniorities and cultures.”
Join us tomorrow in Part 3 where we consider why a company that does not have psychological safety throughout it can not only be so toxic but in serious danger as well.

Categories
Compliance Into the Weeds

JPMorgan Responds to Whistleblower Claims


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recent response of JPMorgan to the whistleblower termination allegations of Shaqualla Williams. Highlights include:

  • What does whistleblower protection actually mean?
  • Can a company fire an employee for other conduct if they have filed a whistleblower report?
  • Will this become the template for getting rid of whistleblowers?
  • Do the substance of whistleblower reports matter?

Resources
Matt in Radical Compliance

Categories
FCPA Compliance Report

Gordon Graham-A Whistleblower’s Story


In this episode of the FCPA Compliance Report I visit with Gordon Graham. Gordon is a successful whistleblower who told his tale in the book The Intrepid Brotherhood. In this book, Graham discusses how corruption threatened to ruin jobs and harm lives. The leadership at the top of the organization used intimidation, distrust, and secrecy to control the Chelan County Public Utility District showing that control and power can corrupt even the most ethical organization’s integrity—unless someone speaks up. Which Gordon Graham did. In this podcast, he tells his story.
Resources
website: www.intrepidbrotherhood.com
LinkedIn: linkedin.com/in/gordon-graham-57385319a
Facebook Author Page: In Search Of Aristotle | Facebook

Categories
Compliance Kitchen

EU Sanctions Whistleblower Tool


EU rolls out an EU Sanctions Whistleblower Tool for anonymous reporting of sanctions violations.

Categories
Compliance Into the Weeds

Two Obscure Academic Papers and Compliance


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take up two recent academic papers which every compliance practitioner should study as they provide insight about how communications can impact both fraud prevention and compliance. Some of the issues we consider

  • Berger and Lee on state FCA claims cutting overall accounting fraud.
  • Jinjie Lin on SEC tweeting and reduction of SEC violations.
  • What do these communication strategies portend?
  • How can they be used by the compliance professional?
  • Why whistleblowing does more than simply prevent fraud, waste and abuse. Itimproves the bottom line.
  • Investment in communications strategies pays off.

Resources
Matt in Radical Compliance
 

Categories
Daily Compliance News

January 29, 2022 the Mike Lynch Guilty Edition

 
In today’s edition of Daily Compliance News:
·      ESG expertise in short supply.  (FT)
·      If Russia invades…  (WSJ)
·      VW unceremoniously fired whistleblower. (SecurityWorld)
·      Mike Lynch found guilty. (BBC)

Categories
Compliance Into the Weeds

A Single Source of Truth


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a the recently filed lawsuit by Shaquala Williams against JPMorgan for alleged retaliation for her internal whistleblowing. Williams was in a compliance function at the bank and claimed she was terminated for raising the issues that JPMorgan was not living up to its reporting requirements under a DPA.Some of the issues we consider are:

  • Facts of the claim?
  • Made in the context of an ongoing DPA.
  • The lack of lack of documented policies and procedures.
  • Siloed nature of compliance functions.
  • Inconsistency in risk assessments.
  • Why is a single source of truth so critical?

Resources
Matt in Radical Compliance, That Lawsuit Against JP Morgan