The SEC said this week that it will begin looking for signs of pre-taliation risks during routine examinations of registered investment advisers—the clearest sign yet that pre-taliation risk is here to stay, and that the SEC takes a serious, expansive view of the subject.
Word of the SEC’s intentions came in an alert released Monday from its Office of Compliance Inspections & Examinations. Examination staff will now be nosing around firms’ compliance manuals, codes of ethics, employment agreements, severance agreements, and any other documents that might obstruct an employee’s ability to bring concerns about misconduct to the SEC’s attention. If examiners do find trouble in your documents, they can pass along their findings to the Enforcement Division, and we all know where that road leads.
Note where you were when this happened, compliance officers. No longer is the SEC rebuking companies for pre-taliation when specific instances land on its doorstep; the agency is taking the initiative and looking for pre-taliation behavior. The SEC doesn’t merely want to correct this problem; it wants to eradicate the practice entirely.
We could even say that pre-taliation has been the crucible to transform whistleblower risk into something new, and that new risk has now assumed final form. Previously, compliance officers had to worry about retaliation: an act that one person performed against another. Pre-taliation is a condition that a company creates, through contract language or financial incentives that drive whistleblowers to remain silent.
Put simply, your company might never have an actual incident of retaliation against a whistleblower—but if you have a culture that encourages whistleblowers to stay silent, you may wind up in the same place anyway. That place is in violation of SEC Rule 21F-17, which implements the anti-retaliation provision of the Dodd-Frank Act.
Let’s dispense with a few items right away. Yes, the OCIE only examines broker-dealers and registered investment advisers. That doesn’t mean compliance officers outside the financial services sector can rest easy. On the contrary, the OCIE alert was driven by numerous SEC pre-taliation enforcement cases outside the financial services sector. The most recent came only a few weeks ago, when Anheuser-Busch paid $6 million to settle FCPA charges, including allegations that it forced a cooperating witness to sign a non-disclosure agreement and stop talking to investigators.
So the OCIE may have more leeway to sniff around financial firms for pre-taliation practices, but the Enforcement Division has already been punishing companies from all walks of industry for pre-taliation that it finds.
Second, do we know whether OCIE will always look for pre-taliation at all firms it examines? No. The alert only warns firms that OCIE examiners will now consider pre-taliation as a poor business practice under their purview, much the same way examiners look for sloppy cybersecurity practices or poor insider trading controls. We don’t yet know exactly how this alert will translate into actual scrutiny during a firm’s OCIE examination. (If it has happened to you already feel free to drop a line to [email protected] and tell me how it went.)
Third, what are some examples of pre-taliation that OCIE examiners might flag? The short answer (as we’ve discussed before) is anything that might inhibit a whistleblower’s ability to raise concerns about misconduct to regulators. More specifically, the OCIE alert mentions:
- Clauses that forbid employees from disclosing any confidential regulation, without an exception to approach the SEC about possible violation of securities laws;
- Clauses that allow employees to approach the SEC, but require them to waive any financial rewards they might receive for providing information (that is, contracts that forbid employees from collecting whistleblower rewards);
- Clauses that require employees to tell firms they are communicating with regulators, or to ask permission from the firm before communicating.
Clauses in what documents, you ask? Pretty much any corporate missive, from hiring contracts to severance agreements, Codes of Conduct or operating policies. The more sweeping you can think about your pre-taliation risk, the better.
Feeling the Pain
I do wonder how well some registered investment advisers will be able to handle this compliance exercise, since it’s an order of magnitude larger than installing a hotline and training middle management not to punish whistleblowers. Pre-taliation is about changing corporate attitudes, and empowering employees to speak directly with regulators. That’s a tough pill for C-level executives to swallow at any organization, and lots of registered investment advisers still don’t have a mature compliance function.
For example, we still see plenty of smaller registered investment advisers where the compliance officer is also the general counsel—or more accurately, the general counsel also holds the duties of the compliance officer. In one sense that’s good; the general counsel has lots of power to push through enterprise-wide changes to contracts and policies. In another sense that’s bad; general counsels naturally aren’t comfortable with the idea of allowing employees to speak to regulators directly.
RIAs are also the one set of companies where compliance officers do face more liability for program failures. That risk is still small, but not vanishingly small as we see in other industries. Holding compliance officers responsible for poor corporate policies and attitudes about pre-taliation strikes me as unwise; the SEC would be cutting off one of its chief in-house allies at the knees. I don’t believe we’ll see enforcement actions that hang CCOs out to dry like that, but we can’t be certain.
Except for the importance of pre-taliation risk, that is. You can be certainly be certain about that.