Compliance and the Road Ahead
Insights for Executives and In-House Counsel

Ten years have passed since Enron and WorldCom collapsed. Despite rules and regulations created to curtail financial reporting fraud and protect investors, the financial crisis and other corporate failures followed. As a result, more requirements have been introduced, while existing laws have been subject to greater enforcement. Among those, three in particular stand out – the effect of which senior executives must work to successfully navigate. These are the Securities and Exchange Commission’s new whistleblower rules, the rules surrounding the “clawback” of executive pay, and the enforcement of the United States Foreign Corrupt Practices Act (FCPA).


More than a year ago, the Dodd-Frank Wall Street Reform and Consumer Protection Act became a federal law, increasing governmental oversight of the financial services industry. This sweeping legislation was aimed at helping the U.S. avert a repeat of the financial crisis by improving transparency and accountability within the financial system. In August 2011, the SEC’s final rules implementing the whistleblower provisions of Dodd-Frank went into effect, expanding the protections and allowing for potential monetary rewards given to employees who report corporate wrongdoing. The new program is broader than its predecessor, and allows for rewards in all types of securities actions, including violations of the FCPA. Previously, the Commission was limited to paying bounties solely in insider trading cases, with awards capped at 10% of the penalties collected in an enforcement action. Rewards may now range from 10% to 30% of the amount recovered, provided that the amount collected related to the violation exceeds $1 million. The whistleblower rule, and the related Section 922 of Dodd-Frank, also enhances the protection of employees from retaliation. Someone who reports a violation internally or to the SEC may not be terminated or treated adversely as a result of it. While the opportunity to receive a six- or seven-figure reward is a motivation to report criminal activity, the new rule and guidance describe the hurdles that exist before a “whistleblower” may qualify to receive a portion of the recovered funds. The new rules have also spawned a burgeoning cottage industry: plaintiff attorneys have begun to solicit potential whistleblowers to seize on the windfalls that could be awarded in the event of a successful enforcement action.

The prospect of higher awards has already produced an uptick in whistleblower complaints. In November, the SEC reported that its Office of the Whistleblower received 334 complaints – approximately seven per day – in the first seven weeks of the new program.1 The quality of the complaints received has also improved.

According to the agency, its whistleblower awards fund has more than $452 million available for payout to qualifying whistleblowers.

Companies should recognize that whistleblower complaints or tips may not necessarily be in connection with current or ongoing activities of the corporation. The information provided concerning possible violations of securities laws could, for example, entail conduct that occurred in the past, involve an issue that was addressed previously by the company or the SEC, or relate to individuals that are no longer with the company. Tips may also come from individuals with personal involvement in the alleged improper action or third parties including competitors and customers. Considering the many potential sources of whistleblower tips and the size of the fund available for payout, it would not be surprising to see a continued increase in whistleblower tips in 2012. As a result, companies should conduct reviews of their compliance policies and seek to foster a corporate culture that encourages internal reporting. Also, companies may need to reassess their procedures for identifying and appropriately handling potential problems. This should include considering when to conduct an internal investigation in-house and when to seek assistance from outside counsel or forensic experts. It may also be necessary for the human resources department to review whistleblower policies with employees and have appropriate training in place at each level of the organization.


Under the existing “clawback” rule, enacted under the Sarbanes-Oxley Act of 2002 (SOX), a CEO or CFO at a public company is required to return to the corporation bonuses and other payments such as option grants or stock profits if they were awarded on the basis of false financial statements that are subsequently restated as a result of misconduct.

Dodd-Frank expands the provisions governing the “clawback” of executive compensation significantly. Under Dodd-Frank, the SEC is required to write a rule requiring public companies to adopt mandatory provisions to “claw back” incentive compensation if the company is required to file a financial restatement under the Securities Exchange Act of 1934. Companies with $50 billion in assets will be required to have policies for the recovery of incentive-based compensation that was awarded during the three-year period prior to an accounting restatement. The “clawback” provisions would apply to all restatements (not just those involving misconduct), cover incentive-based compensation awarded during a three-year period prior to a restatement, and apply to executives beyond the CEO and CFO (including former executives).

It is important to note that the “clawback” provisions apply whether or not an officer is personally charged with wrongdoing. The SEC used this more expansive policy when it reached a settlement with Maynard Jenkins, the former CEO and chairman of CSK Auto Corporation in November. Although he was never charged with wrongdoing, Jenkins agreed to return $2.8 million in bonus compensation and stock profits that he received while the company committed accounting fraud.2

With this more expansive “clawback” rule, we may see more actions under Dodd-Frank than have occurred under SOX. As a result, companies may consider moving away from incentive-based compensation or tying compensation to forms of measurement other than earnings. Regardless, the new “clawback” rule could have implications on the ways in which public companies structure incentive compensation. The new provision, once enacted, will create an unusual paradox in that the executives who are subject to the “clawback” provisions will also have a hand in determining whether or not financial statements should be restated.


The heightened scrutiny of public companies is also demonstrated by tougher enforcement of existing laws, such as the FCPA. The FCPA, enacted in 1977, makes it illegal for publicly traded companies to pay foreign government officials in order to help them obtain or retain business. The law also provides that public companies maintain adequate books and records and systems of internal controls. In recent years, the United States Department of Justice and the SEC have stepped up enforcement of bribery offenses by increasing the number of resources committed to conducting FCPA investigations and, in the case of the SEC, creating a unit dedicated to enforcement of the FCPA. This has translated into an increase in both the number of enforcement actions and size of monetary fines related to bribery or violations of the books and records provisions. In 2010, the SEC brought more FCPA cases than ever before, against 23 entities and seven individuals, resulting in more than $600 million in disgorgement and civil penalties.3 In its fiscal year 2011, the SEC recorded 20 enforcement actions and, for the first time, began listing FCPA violations as their own statistical category in its case tracking system.4 Meanwhile, closer coordination between international governments and new legislation, such as the UK Bribery Act, have given added weight to the enforcement of anti-corruption laws in transnational business.

It is important for companies to recognize that the risks and costs associated with failing to detect a problem can be much higher than those related to implementing effective compliance policies. The potential penalties related to a whistleblower claim, or an FCPA issue self-reported by the company, may be sizable: 2011 saw FCPA settlements with individual companies of hundreds of millions of dollars. Companies may also be subjected to years of investigations that are accompanied by an ongoing stream of legal fees. A company’s officers may be at risk, with culpable individuals potentially subject to fines or imprisonment following DOJ or SEC actions. As a result, it’s important to ensure that appropriate FCPA training and compliance programs are in place. It’s also important to understand the company’s exposure to business dealings in high-risk countries and with foreign businesses that may qualify as state-owned entities under the FCPA. Finally, problems that may be detected in one subsidiary or particular geographic region should result in the evaluation of whether problems represent an isolated incident or whether similar problems may exist in other operations across the globe. The company should ensure that it can appropriately respond to questions from securities regulators regarding the breadth and depth of any FCPA concerns.


Public companies are operating in a much tougher regulatory environment. The potential costs in fines and reputational risk, along with added incentives given to those who identify and report misconduct, have raised the stakes for failing to maintain strong corporate governance and business practices. In this environment, companies need to conduct risk assessments to identify areas of concern. It is important to evaluate existing compliance programs to ensure they are robust and effective at preventing problems from occurring or identifying problems early. In some cases, companies may find it necessary to take proactive steps in order to reduce risk, including allocating significant additional resources to the compliance area and ensuring that an appropriate level of monitoring is occurring. By implementing appropriate training and policies designed to facilitate internal reporting, companies may be better equipped to address compliance issues earlier and more quickly. In the current regulatory environment, how companies handle these issues is quickly becoming as important as the nature of the problems themselves.


1 Securities and Exchange Commission Annual Report to Congress on the Dodd-Frank Whistleblower Program, November 2011,
2 Press release, Securities and Exchange Commission, Nov. 15, 2011,
3 Comments by Cheryl Scarboro, Chief of the Security and Exchange Commission’s FCPA Unit, The SEC Speaks, February 4-5, 2011, Washington, DC
4 Press release, SEC, Nov. 9, 2011,