A Roadmap for Audit Committees in Meeting the Challenges Posed by Enhanced Regulatory Scrutiny Under the Dodd-Frank Act

Audit committees must aid management in navigating an increasingly complex regulatory framework. Two recent developments arising from the passage and implementation of the Dodd-Frank Act¹ have led to further challenges for audit committees and increased the importance of their oversight role. 

First, Dodd-Frank created new monetary incentives for whistleblowers and increased the breadth and scope of anti-retaliation protections for whistleblowers. Second, Dodd-Frank gave the SEC authority to initiate enforcement actions against entities and individuals that “recklessly provide substantial assistance in violation of the securities laws.” As a result, public companies and their officers and directors may be liable for securities violations of which they were unaware if the government can establish that they failed to maintain proper internal controls or to create a culture of regulatory compliance. This newsletter discusses the new regulations and their ramifications for public companies and also suggests a set of best practices for audit committees going forward.

Enhanced Whistleblower Provisions and Protections
In May 2011 the SEC adopted final rules to implement the whistleblower bounty program mandated by Section 922 of the Dodd-Frank Act.² Since the new measures went into effect in August 2011, the number and quality of tips the SEC has received have reportedly increased.³ The new rules provide monetary awards for whistleblowers who voluntarily provide the SEC with original information that leads to a successful enforcement action yielding more than $1 million in sanctions. The bounty applies both to public companies and to nonpublic subsidiaries whose financials are consolidated into the parent. The amount of the award is ultimately at the Commission’s discretion, but will range anywhere from 10 to 30 percent of the total monetary sanctions collected in successful Commission and related actions.⁴

The final rules encourage, but do not mandate, that employees utilize internal compliance and reporting systems before reporting to the SEC.⁵ Given the increase in monetary awards, there is a risk that whistleblowers may bypass internal reporting systems and report directly to the SEC. As a result, audit committees should ensure that management creates a protected, anonymous system (when allowed under the country’s laws where the employee and alleged malfeasor are located) for employee complaints and that it communicates to employees that reports will be taken seriously. It should be recognized, however, that such efforts may be less successful when a whistleblower has already retained outside counsel. 

Dodd-Frank also enhanced anti-retaliation protections for whistleblowers. The Act prohibits the SEC from disclosing information that could reveal a whistleblower’s identity. Internal complaints constitute protected activity provided the whistleblower had a reasonable belief that the information provided related to possible securities law violations. Aggrieved employees can bring claims up to a maximum of ten years from the last retaliatory act (versus 180 days under Sarbanes-Oxley).⁶ Whistleblowers who have been retaliated against can also earn double the potential damage recovery under Dodd-Frank than was previously available under Sarbanes-Oxley.⁷  

SEC Enforcement Actions for “Recklessly Providing Substantial Assistance”
Perhaps Dodd-Frank’s greatest impact on the responsibilities of audit committees arose from its expansion of scienter requirements. Sections 929M-O of the Dodd-Frank Act lowered the standard for “aiding and abetting” violations of the securities laws from “knowingly providing substantial assistance” to “knowingly or recklessly providing substantial assistance” and expanded the Commission’s authority to bring aiding and abetting actions beyond the Securities and Exchange Act of 1934 to the Securities Act of 1933, the Investment Company Act and the Investment Advisers Act. Prior to Dodd-Frank the SEC had to prove that an individual had actual or constructive knowledgeof the securities violation. Now the SEC need prove only that the individual acted recklessly.⁸ Recklessness has been defined by the courts as “highly unreasonable [conduct], involving not merely simple, or even inexcusable negligence, but an extreme departure from the standards of ordinary care, and which presents a danger of misleading buyers or sellers that is either known to the defendant or is so obvious that the actor must have been aware of it.”⁹ This should make it easier for the Commission to bring aiding and abetting actions in the future. These changes might be particularly significant for audit committees, given their responsibility for assessing risk management and compliance.

At present there is no private right of action for aiding and abetting another in violation of the securities laws; however, that may change, as Section 929Z(a) of the Dodd-Frank Act provided that the “Comptroller General of the United States shall conduct a study on the impact of authorizing a private right of action against any person who aids or abets another person in violation of the securities laws.”

In light of this new standard, audit committees of public companies should ensure that procedures and systems are in place to guard against reckless securities violations. Here are some recommendations:

Remember, “an ounce of prevention is worth a pound of cure.” Furthermore, even if these measures are not completely successful in preventing violations, the Department of Justice’s Principles of Federal Prosecution of Business Organizations gives significant weight to robust compliance programs in determining whether a prosecution is appropriate.¹¹ In addition, even when the DOJ decides that prosecution is appropriate, the U.S. Sentencing Guidelines provide for a reduction in penalties if the company had in place an “effective compliance and ethics program” that was well-publicized, monitored by the company’s Board and contained anti-retaliation provisions for whistleblowers.¹²

<sup>1. Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111–203 (2010), was enacted on July 21, 2010 in order to address oversight and supervision of financial institutions and to enhance corporate governance and whistleblower provisions. back to text
2. See SEC Final Rules, 17 C.F.R. §§ 240.21F-1—240.21F-17 (2011), publicly available at http://www.sec.gov/rules/final/2011/34-64545.pdf. back to text
3. See Speech by Sean McKessy, Chief, Office of the Whistleblower (Aug. 11, 2011), publicly available at http://www.sec.gov/news/speech/2011/spch081111sxm.htm. back to text
4. See SEC Final Rule, 17 C.F.R. § 240.21F-5 (2011). back to text
5. For example, see SEC Final Rule, 17 C.F.R. § 240.21F-6(a)(4) (2011), listing participation in internal compliance programs as one factor the Commission may consider in increasing the amount of the whistleblower's award. back to text
6. See Kramer v. Trans-Lux Corp., 3:11CV1424 SRU, 2012 WL 4444820 (D. Conn. Sept. 25, 2012). back to text
7. See 15 U.S.C. § 78u-6(h)(1)(C) (2010). back to text
8. See 15 U.S.C. § 78t(e) (2010). back to text
9. Hollinger v. Titan Capital Corp., 914 F.2d 1564, 1569 (9th Cir. 1990), quoting Franke v. Midwestern Oklahoma Dev. Auth., 428 F. Supp. 719, 725 (W.D. Okla. 1976). back to text
10. The Corruption Perceptions Index for 2012 is publicly available at http://www.transparency.org/cpi2012/results. back to text
11. See United States Attorney's Manual, 9-28.800. back to text
12. See U.S.S.G. § 8C2.5(f)(1). back to text</sup>