27 February 2007

Whistleblower: The FCPA & Voluntary Disclosure...

Operational Risks involving people are happening everyday in your organization. It may be going on for a day, a week and sometimes years. But at some point someone has to tell someone before it gets violent or the company loses any more corporate assets.

What is the anonymous phone number at your organization to phone in the "Whistleblower" information? Who is responsible for the follow through on investigations? How can you insure against employee confidentiality and any possible reprisals?

In most cases the call is by phone and not by some other method. It is rarely a hoax and the hotline is keeping tabs on the subordinate / management battle over half of the time.
What's the best way for an employee to blow the whistle on fraud or related infractions? The most popular way seems to be via hotlines or similar reporting tools. According to a joint report from the CSO Executive Council, an organization of corporate and government security executives, and The Network (a hotline provider), almost two-thirds of the nearly 200,000 reports it studied were made via hotlines without first alerting anyone in management.

Few of those alerts prove to be false alarms. The study, which tracked incidents at 500 organizations over the past four years, found that 65 percent of the reports were serious enough to warrant investigation, while 46 percent led to some type of action being taken. Corruption and fraud accounted for 10 percent of the incidents, well behind personnel-management situations (51 percent). Company and professional-code violations accounted for 16 percent and employment-law violations 11 percent.

Compliance with an effective Whistleblower program is just the beginning of developing a culture that has a zero tolerance for the kinds of risks that make an HR manager or General Counsel have constant nightmares. This is certainly the case on the front lines where business is being transacted and deals are being cut on a global basis. Is there sufficient due diligence to determine whether any party in the transaction is not in violation of the Foreign Corrupt Practices Act (FCPA)?
By definition, FCPA crimes generally occur thousands of miles outside of the United States. Why would counsel advise a corporate client to bring such activities to the attention of the SEC or the DOJ? Is it necessary to self-report when, as a good corporate citizen, the client has investigated thoroughly, corrected the problem, and taken substantive remedial measures including firing the wrongdoers and correcting the financials?

Having the possibility of a deferred prosecution agreement is the strategy utilized more often than you would think these days. In any case, SOX requires a Whistleblower program, and the next phone call may have to do with that last big deal that closed last quarter. Why Voluntary Disclosure?
The DOJ's "Principles of Federal Prosecution of Business Organizations," commonly known as the "Thompson memorandum" and published in 2003 on the heels of SOX, also played a significant role in the surge of voluntary disclosures. The Thompson memorandum placed an "increased emphasis" on a company's cooperation with the government when considering whether to prosecute. Voluntary disclosures were an important part of that cooperation.

At the end of the day all of the auditing will never catch the people that know the system. That is why the anonymous phone number can make all the difference in mitigation of significant risks to your enterprise.

No comments:

Post a Comment