As I’ve written before, the notion of “corporate bounty hunters” doesn’t pass my sniff test.
Apparently, the so-called “era” of the corporate bounty hunter, ushered in by a Dodd-Frank provision (Section 922), doesn’t pass the internal audit profession’s sniff test – or, for that matter, the SEC’s whistle-blower data – either.
Less than 5 percent of the 545 chief audit executives (CAEs) and internal audit directors who responded to The Internal Audit Association’s (The IIA’s) current “Pulse of the Profession” survey expressed concern that employees could bypass their organization’s whistle-blowing process to report incidents directly to external parties.
“We expected Dodd-Frank would cause everyone to run to the SEC for the monetary incentive associated with the whistle-blower program,” reports The IIA CEO Richard Chambers. “Our survey does not substantiate this.”
Dodd-Frank Section 922 also requires the SEC to submit an annual report to Congress that includes the following information:• A description of the number of awards granted and the types of cases in which awards were granted during the preceding fiscal year; • The balance of the Fund at the beginning of the preceding fiscal year; • The amounts deposited into or credited to the Fund during the preceding fiscal year.
The “Fund” refers to the SEC’s Investor Protection Fund, from which awards are paid to “eligible individuals [i.e., whistle-blowers] who voluntarily provide original information that leads to successful Commission enforcement actions resulting in the imposition of monetary sanctions over $1,000,000, and certain successful related actions.” The awards range from 10 percent to 30 percent of the monetary sanctions (fines) the SEC collects in any enforcement action that results from the external whistle-blowing.
The fund contains roughly $450 million dollars. Guess how much was paid to whistle-blowers in 2012? A total of $45,739.16, to one whistle-blower, according to the SEC’s report to Congress. That’s right, one.
That’s not to say this Dodd-Frank program should be ignored. After all, 3,001 whistle-blower tips, complaints or referrals (“TCRs” in SEC parlance) were received in the Commission’s 2012 fiscal year. These calls – more specifically, the reasons they were made – should be monitored. Aside from “other,” the most common issues the calls referenced in FY 2012 included:
1) Corporate disclosures and financials (18.2 percent of the total TCRs);
2) Offering fraud (15.5 percent); and
3) Manipulation (15.2 percent)
It would seem wise to apply extra GRC/ERM scrutiny on these specific areas, as well as some other areas. The IIA survey, for example, suggests that audit coverage in 2013 might lag in two key areas: risk management effectiveness and strategic/business risks.
Focus on these areas, continue to manage internal whistle-blowing hotline activity (which The IIA survey indicates has remained virtually unchanged since Dodd-Frank took effect) as well as other elements of GRC, and forget the bounty-hunter hype.