I could not help thinking about the astonishing positive changes that have occurred as I watched the SCCE’s September 16 general session on the new laws protecting whistleblowers enforced by the SEC’s Office of the Whistleblower.
Here’s a story that illustrates how far the compliance system has evolved — and how far the SCCE and compliance officers are from realizing a goal of true business-driven integrity.
* * *
John never thought about being a whistleblower. After all, he was a trusted and successful insurance adviser. Twenty-five years earlier, he had followed his company’s advice, becoming a pillar of his community and earning his neighbors’ trust as a straight shooter with expertise. The company’s products he sold to neighbors worked as promised. They helped people fund their kids’ college educations, and pay for health care and retirement.
But John hit a bump in the road. He sold his neighbors a product that after the 2008 financial meltdown didn’t perform as promised. John expected his company to stand by the product. But the company said it wouldn’t pay on the product unless it was legally compelled to do so. The company’s plan was that if someone sued, the law department would litigate and settle years later under a confidentiality agreement. John protested that this “so sue-me and settle later” plan was a cynical dodge and unlike anything he’d known about the company’ s ethics.
John’s complaints were carried through several levels of management and to the compliance and law departments, but to no avail. When he kept talking about the problem, others at the company who were old friends shunned him as a dangerous troublemaker. He contacted state insurance regulators but they showed no interest and didn’t call him back.
After John told colleagues at lunch that at least he could write an article for an industry newsletter, his bosses used the 30-day termination clause in his contract to end his 25-year career. He was told his former clients and business contacts were the company’s proprietary information and he couldn’t talk with them.
No longer trusted by his community and cut off from the insurance business, he became despondent and never worked again. No lawyer would take his case against a vastly powerful global organization with resources to fight forever in the courts.
The company took no notice of its lapse of integrity, kept quiet about the defective product even as the liabilities on the policies accumulated, and dodged the regulators.
That is how the story usually ended before 2014. But — remarkably — not anymore.
* * *
Based on the true story of an SEC whistleblower who went public, we can re-write John’s hypothetical story with a happier ending for everyone. After John was blackballed, he asked the SEC for protection against retaliation under the new laws.The SEC followed up. John chose a settlement instead of reinstatement and went back to selling insurance in a more responsible company. John’s company also settled with the SEC by paying out as promised on all of the policies not just for the few policyholders who sued. Other companies, aware of John’s case, tried to avoid similar investigations.
* * *
Concerned about SEC actions, whistleblower complaints are taken seriously — at least as long as strong enforcement is a real threat. This is essentially “reactive ethics” based on the threat of strong enforcement. These companies aren’t necessarily sold on compliance as a good investment and don’t inculcate the goals of the compliance profession as a business norm. So when the threat of strong enforcement declines, as it always does, what happens then?
The bigger goal of compliance officers should be to change the culture at companies so that the norm is business driven integrity. The SCCE world has many ideas about this. Roy Snell, the CEO of the SCCE, points out that problems are usually known within a company for a long time but no one has the influence or power to solve them. Like smoke before the fire, the dangers build until a scandal ruins the company’s reputation and prosecutors deliver fines and sanctions. The business then spends half a decade cleaning up the mess.
That’s no way to run a business, Snell says. And it’s no way to treat the public, according to Joe Murphy, the SCCE’s director of policy. As he explained in a RAND paper released at the conference, the mission of the compliance profession is to enable compliance professionals to create structures that protect the public from lapses in business integrity.
Both Snell and Murphy are right. In addition, compliance officers could create an enterprise culture where employees like John can say “We don’t do that here!” invoking an ethical group identity, or an enterprise culture based on the SCCE’s Code of Conduct adopted by board resolution. Other ideas came from experts who spoke at the conference — including Jeff Kaplan who writes the Conflict of Interest Blog, Scott Killingworth from Bryan Cave, and the RAND Center’s presentation exploring different paradigms for the compliance profession.
It’s one thing to acknowledge and be glad for the new laws and powers at an enforcement agency like the SEC. The “compliance system” has grown stronger as a result. The next step is for compliance officers, with the SCCE’s leadership, to move companies from “reactive ethics” to some form of business driven integrity. Measuring this progress might be an item for the SCCE’s 2015 agenda.
Part One of this series is here.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.