Boardroom failures, financial regulatory lapses, auditor and security analyst conflict of interest, unsatisfactory banking practices, and fraud compelled the passage of Sarbanes-Oxley in 2002 and Dodd-Frank in 2010, placing organizations under greater government scrutiny. The higher standards set by the legislation place enormous responsibility on organizations to be prepared to conduct their own internal investigations and to police themselves more effectively or face penalties and fines.
When the Dodd-Frank Act first passed, Peter Zeidenberg, a DLA Piper partner who worked as a federal prosecutor at the Department of Justice and the U.S. Attorney’s Office, remarked, “Most companies will have to deal with an internal investigation at some point. You’re very lucky if you don’t. In any large company, it’s hard to imagine that at some point in time there’s not going to be some suggestion or allegation of internal misconduct.”
SEC Whistleblower Program is Gaining Traction
Three years later, Zeidenberg has been proven correct and one of the most visible elements to come out of the Dodd-Frank legislation has been the Securities and Exchange Commission’s (SEC’s) Whistleblower program. Over 6,500 people have offered confidential information to the SEC in hopes of earning the 10%-30% of the settlement amount that the legislation promises, according to the Wall Street Journal. In fact, the awards are increasing in both size and frequency over the past year and appear to be gaining awareness overseas. The SEC’s most recent annual report noted that 11 percent of the tips received had come from overseas and that they expect that percentage to increase. Adding fuel to the fire, last week in a speech in New York, soon-to-be-former U.S. Attorney General Eric Holder encouraged more potential whistleblowers to step up to help prevent the next financial collapse.
This week, the SEC announced the award of a record $30 million to an overseas employee who reported fraud at an American company with global operations. Interestingly, had the employee reported the fraud earlier, the bounty might have been even larger, according to the SEC.
Eric Holder and the SEC are sending a clear message to corporations and their employees in the US and around the world. Companies are expected to not only change the practices that contributed to the financial crisis’ in 2002 and 2008, but also monitor those changes and ensure that their organizations are complying with the numerous regulations that are a part of Sarbanes-Oxley and Dodd-Frank or face consequences.
Essential Compliance Step One: An Investigative Infrastructure
Publicly traded companies—and especially multinational corporations—can take an essential step toward compliance by establishing a comprehensive investigative infrastructure that enables visibility and searchability of all network endpoints.
Simply installing EnCase® Enterprise puts you solidly on the path to compliance with key sections of Sarbanes-Oxley (SOX) and in a state of readiness to respond to demands for information from the SEC. It's working for legal, HR, and risk/compliance teams inside 70 percent of the Fortune 100, it’s discreet and nondisruptive to business operations, and it’s the foundation for other EnCase products that support compliance, information security, and e-discovery readiness, as well.
Comments? Stories from the Risk/Compliance Trenches? I welcome discussion in the section below, whether on this topic or on one you would like to see us write about here in the blog.