Defining Robust Internal Compliance Processes for Section 21F

May 31, 2011 - PRLog -- Bribery, corruption, and insider trading are major risks for publicly traded corporations and investment companies. With regulations like the Foreign Corrupt Practices Act (FCPA) and Section 21F of the Securities Act, it is clear that stamping out corruption has to be a priority and a comprehensive and effective compliance program is mandatory for publicly traded corporations and investment companies.

The U.S. Securities and Exchange Commission (SEC) adopted, by a 3-2 vote on May 25, 2011, a rule creating a whistleblower program that was mandated by Section 922 of the Dodd-Frank Act, which added Exchange Act, new Section 21F.

The final rule states, “we are not requiring potential whistleblowers to use internal compliance and reporting procedures before they make a whistleblower submission to the Commission. Among our concerns was the fact that, while many employers have compliance processes that are well-documented, thorough, and robust, and offer whistleblowers appropriate assurances of confidentiality, others do not.”

For global businesses, the ethics and compliance program should go beyond employees and extend to all foreign third-parties in their complex value chain.  This includes institutional investors that rely on investment professionals to manage their global portfolio of assets.

Rather than dismissing the efficacy of internal compliance in the face of the opportunity to do an end around, it's time to re-think how internal programs work and how they may be made to work better with the new Dodd-Frank whistleblower program in place.

Publicly traded corporations and investment companies must be willing to voluntarily disclose the fundamental data required to substantiate the fitness of their internal compliance system, with relevant, reliable, and sufficient information such as:

1) ETHICS CODE CERTIFICATIONS - A searchable index of records granting public access to the signed, acknowledged, and certified Code of Ethics for each Director, Officer, and Employee.

2) ETHICS ACTION REPORTING - A searchable index of records granting public access to the Code of Ethics incident reports and opinions, including concurring and dissenting opinions, as well as orders, made in connection with the adjudication of matters relating to the Code of Ethics.  Such records include, but not be limited to, the following:
- Official incident report number (unique identifier)
- Date incident first reported
- Description of incident
- Official title(s) of person(s) involved.
- Supporting documents/summary findings
- Official opinion(s) rendered and its reasoning
- Date incident closed and made available to the public
- Person (and department) responsible to ensure proper handling of the incident report

This fundamental data is essential to form valid opinions regarding the adequacy of design and effectiveness of operations within a “robust” internal compliance system.  In addition, this fundamental data serves as a significant basis to judge the duties of care and loyalty.

# # #

zEthics is a start up based in Phoenix, Arizona that takes a holistic view of risk, integrating External Risk Assessments with Enterprise Risk Management (ERM) systems. zEthics introduces the first cloud computing application for Enterprise and External Risk Management (EERM), providing publicly traded corporations, investment companies as well as federal and State agencies a holistic view of risk. zEthics provides the diagnostic tools to align risk and performance to create a risk intelligent organization.