Business Roundtable

December 17, 2010

Ms. Elizabeth M. Murphy
Secretary
U.S. Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549-1090

Re: File Number S7-33-10 Proposed Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934

Dear Ms. Murphy:

This letter is submitted on behalf of Business Roundtable, an association of chief executive officers of leading corporations with a combined workforce of more than 12 million employees in the United States and nearly $6 trillion in annual revenues. We are submitting this letter in response to the November 3, 2010 request for public comments by the U.S. Securities and Exchange Commission (“SEC” or “Commission”) on its Proposed Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934 (“Proposed Rules”), issued pursuant to Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), and set forth in the Commission’s accompanying release (“Proposing Release”).

Business Roundtable has long been at the forefront of efforts to improve corporate governance. We have been issuing “best practices” and related statements in this area for over three decades, including Principles of Corporate Governance (April 2010) and The Dynamics of Public Trust in Business: A Call to Action to Overcome the Present Crisis of Trust in Business (June 2009)—a joint publication of the Business Roundtable Institute for Corporate Ethics and the Arthur W. Page Society. The Business Roundtable Institute for Corporate Ethics is an independent entity funded by, and established in partnership with, Business Roundtable to enhance the link between ethical behavior and business practice. The Institute brings together leaders from business and academia to fulfill its mission of embedding ethics into the everyday business decision-making and practice of organizations. All of these efforts have been driven by one principle: to guide corporate governance practices and further U.S. companies’ ability to create products and services for the economic well-being of all Americans.

Our member companies, as well as other public companies, have adopted numerous corporate governance enhancements over the past decade, including robust compliance programs with mechanisms for employees to alert management and the board about potential or actual misconduct without fear of retribution.

An important component of our efforts is to set a strong tone from the top and to establish a culture of compliance and integrity in our organizations, and we have devoted substantial time and resources to this effort. In its influential work on internal controls, Internal Controls—Integrated Framework, the Committee Sponsoring Organizations of the Treadway Commission states that a proper tone from the top enhances a company’s ethical culture, which “contributes importantly to the effectiveness of the company’s policies and control systems, and helps influence behavior that is not subject to even the most elaborate system of controls.” ¹ Accordingly, we are particularly concerned that the Proposed Rules will undermine our efforts in this regard. As one commenter recently observed, “almost 10 years post-SOX many companies have worked hard to create a culture of trust within their organizations, but now the SEC has created a competition with pay to almost usurp that culture.”²

We commend the Commission’s statements in the Proposing Release recognizing the importance of strong company compliance programs. However, we are concerned that while the Proposed Rules include provisions “intended not to discourage whistleblowers who work for companies that have robust compliance programs to first report a potential violation to appropriate company personnel,” they do not do anything to encourage employees to use internal reporting mechanisms.³ Thus, despite the Commission’s best intentions, its “Securities Whistleblower Incentives and Protection” program is likely to significantly undermine established corporate compliance programs by giving employees a substantial financial incentive and no meaningful disincentive to bypass internal reporting mechanisms in pursuit of bounty payments from the SEC. We believe that the Commission can implement Section 922 of the Dodd-Frank Act in a manner that mitigates the negative impact of the Proposed Rules, and our suggestions below are intended to achieve this.

Most significantly, we believe that the Commission should require whistleblowers to report internally before reporting to the Commission, at least at companies with processes that meet the requirements of Section 301 of the Sarbanes-Oxley Act of 2002 (“SOX”), as implemented by Rule 10A-3(b)(3) of the Securities Exchange Act of 1934 (“Exchange Act”), and related exchange listing standards. The SEC’s only stated reason in the Proposing Release for not proposing this requirement is that some companies may lack “established procedures and protections.” At  the same time, it acknowledges that “many companies have compliance processes that are well-documented, thorough, robust, and offer whistleblowers appropriate assurances of confidentiality.” Tying the requirement to first report internally to a SOX-compliant internal reporting mechanism should accomplish the Commission’s objective without undermining internal corporate compliance programs. Before addressing this suggestion in more detail, as well as other recommended changes to the Proposed Rules, we discuss below the compliance programs that our companies have developed and implemented, and the importance of internal reporting mechanisms to such programs. We also discuss the governmental actions that have supported and encouraged these programs. With respect to the applicability of the final rules, we recommend that the Commission apply them to cover all whistleblower complaints that it has received since passage of the Dodd-Frank Act. Accordingly, consistent with our suggestions relating to internal reporting, the Commission should provide any complaints received since passage of the Dodd-Frank Act to companies with SOX-compliant reporting procedures.

The Government Has Encouraged, And Our Companies Have Instituted, Strong Compliance And Reporting Programs.

As the Proposing Release acknowledges, “many employers have compliance processes that are well-documented, thorough, robust, and offer whistleblowers appropriate assurances of confidentiality.”⁴ These compliance processes are rooted in governmental actions stretching back several decades.

Since 1991, the Federal Sentencing Guidelines have defined the requirements of an effective compliance and ethics program for purposes of increasing the opportunity for a reduction in an organizational sentence. In particular, Section 8B2.1 of the Guidelines states, among other things, that senior leaders must ensure that the organization has an effective compliance and ethics program; specific individuals must have day-to-day operational responsibility for the program; the company must evaluate periodically the effectiveness of its program; and companies must promote a culture that encourages ethical conduct and a commitment to compliance. Of particular significance here, companies also must “have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.”

Moreover, the SEC and federal prosecutors have looked at the effectiveness of corporate compliance programs at particular companies, using the Guidelines, to determine whether to take enforcement or prosecutorial action.⁵ And every version of the Principles of Federal Prosecution of Business Organizations of the U.S. Department of Justice, first issued more than 10 years ago, has reiterated the government’s emphasis on the existence and adequacy of a corporation’s compliance program when determining whether to criminally prosecute a business organization.

Similarly, as the Proposing Release discusses, SOX, the SEC’s implementing regulations, and related exchange listing standards all promote vigorous company compliance programs⁶. Importantly, Section 301 of SOX, as implemented by Rule 10A-3(b)(3) under the Exchange Act, requires the audit committee of public companies to establish procedures for the receipt, retention, and treatment of complaints regarding accounting, internal accounting controls, or auditing matters, as well as the confidential submission by employees of those complaints. Even before SOX, the SEC had announced that in evaluating cooperation by companies, it would consider the “tone set by those in control of the company” and “[w]hat compliance procedures were in place to prevent the misconduct.”⁷ The SEC’s Enforcement Cooperation Initiative further illustrates the importance that the Commission places on internal processes, especially those processes that relate to investigations and disclosure.⁸ And public statements made by the SEC Chairman, Commissioners, and staff repeatedly have emphasized the importance of such programs.

In light of the foregoing, our companies have devoted substantial time, money, and other resources to design and implement robust compliance and reporting systems. Today, eight years after SOX was enacted, our companies have in place a panoply of controls dedicated to detecting and preventing securities law violations, including procedures and protections for whistleblowers. Indeed, “the positive results realized from SOX have prompted other organizations to recognize the value of the hotline for reporting unethical activities and as a means for reducing corporate culpability.”⁹ And, we are pleased to note that U.S. companies’
efforts in this regard recently were recognized by the Organization for Economic Cooperation and Development, which highlighted the “success” of U.S. companies’ “whistleblower tip hotlines.”¹⁰

An Employee At A Company With SOX-Compliant Reporting Processes Should Be Required To First Report A Potential Violation Internally In Order To Qualify As A Whistleblower.

In the Proposing Release, the Commission repeatedly and clearly states that it wants “to support, not undermine, the effective functioning of company compliance and related systems.”¹¹ The Commission explains that “internal compliance and reporting systems are essential sources of information for companies about misconduct”¹² —enabling companies to detect and prevent wrongdoing, perform remediation, and disclose information to and cooperate with the SEC—and “if these programs are not utilized, our system of securities regulation will be less effective.”¹³

Despite this language in the Proposing Release, the Proposed Rules do not require potential whistleblowers to use in-house compliance and reporting procedures before reporting to the Commission. The concern articulated by the Commission is that “while many employers have compliance processes that are well-documented, thorough, robust, and offer whistleblowers appropriate assurances of confidentiality, others lack such established procedures and protections.” We do not believe that the Commission should use the failure of some subset of companies to have appropriate compliance processes as a reason not to require the use of internal processes at all. Rather, the Commission should affirmatively require whistleblowers to use internal mechanisms at the “many” companies with appropriate compliance and reporting procedures.

To determine which companies have appropriate procedures, the Commission can look to the requirements in Section 301 of SOX, as implemented by Rule 10A-3(b)(3)¹⁴. Section 301 requires publicly listed companies to establish procedures for “the receipt, retention, and treatment of complaints received by the listed issuer regarding accounting, internal accounting controls, or auditing matters; and the confidential, anonymous submission by employees of the listed issuer of concerns regarding questionable accounting or auditing matters.” While these statutory and regulatory requirements (and the listing standards) refer to accounting-, internal controls-, and auditing-related matters, at our companies and many others these hotlines and related procedures already address all securities violations, as well as other violations of law and company policy. Consistent with Section 21F of the Exchange Act, the Commission could require that a company’s reporting procedures be applicable to all securities law violations in order for a whistleblower to be required to first report internally. In this regard, the Commission could provide a space on its complaint form for whistleblowers to certify whether they first reported the information to their employer.

Our recommendation would implement Section 21F in a way that strikes “the right balance between the Commission’s need for a strong and effective whistleblower awards program, and the importance of preserving robust corporate structures for self-policing and self-reporting.”¹⁵ At the outset, it would reduce the potential negative impact on compliance programs without undermining the purpose of Section 21F. As currently drafted, the Proposed Rules provide powerful incentivizes for employees to bypass internal processes on a large scale a result that would: (1) deprive companies of the ability to investigate promptly, determine the scope of the problem, and stop or limit the impact of wrongdoing; (2) deprive audit committees and independent auditors of information that may impact the accuracy of financial reports; (3) if there is a systemic problem, deprive companies of the ability to revise their internal controls and procedures to stop violations; (4) impair companies’ ability to take disciplinary action against employees who may have violated the law or internal policies, as well as discipline those who are aware of wrongdoing and idly sit by; and (5) discourage employees from coming to their company (including their direct supervisors) with questions as to possible conduct that might or might not be a violation of law or company policy.¹⁶ In addition, the Proposed Rules could have the perverse effect of encouraging employees to withhold information about possible de minimis violations until the potential misconduct and investor harm increase exponentially, making it more likely that the monetary sanctions in a Commission action will exceed the $1,000,000 threshold required for an award payment pursuant to Section 21F of the Exchange Act. Further, if the potential misconduct does not increase, the employee may not report the information to the company, and the company may never learn of it.

Our recommendation to require internal reporting where a company has a SOX-compliant procedure applicable to all securities violations would eliminate or moderate these adverse consequences in many cases. It would permit the continued effective functioning of established compliance and reporting regimes, while allowing eligible employees to claim a bounty, with their whistleblower status dating back to the time of their internal report. It also would be consistent with our codes of conduct, which generally require employees to report internally all potential violations of law or company policy.

In addition, our approach would further the Commission’s objective of gathering more high quality tips and fewer groundless complaints. As David Rosenfeld, Associate Director in the SEC’s New York Regional Office, recently noted, the agency currently is being “inundated” with tips, and he “expects tons of these whistleblower complaints” going forward the review of which would consume “considerable resources and time.”¹⁷ Undoubtedly, the quality of these tips will run the gamut. Studies show that the majority of whistleblower complaints relate to personnel issues, such as wages, hours, benefits, promotions, and employee-management interactions.¹⁸ These types of tips have nothing to do with securities law violations, but an employee easily “could be mistaken about securities laws” and nevertheless may submit these types of complaints to the SEC; further, “regardless of whether their judgments regarding certain violations were correct, such employees could be motivated to report a suspicious finding as soon as possible.”¹⁹

Moreover, while we support the various certification requirements in the Proposed Rules, we remain concerned that false, baseless, or frivolous tips will be submitted. This concern was reflected in the recent comments of Preet Bharara, U.S. Attorney for the Southern District of New York, who announced that the U.S. Department of Justice will prosecute whistleblowers who lie or fabricate information in order to benefit from the SEC’s upcoming bounty program.²⁰ Taken together, the overall effect could be “a large number of tips of varying quality,” “causing the Commission to incur costs to process and validate the information.”²¹ In contrast, compliance and legal personnel at companies with established programs “would likely be better informed about whether certain conduct constitutes a violation of securities laws,”²² and, where appropriate, they could help see that only that information indicating a high likelihood of a substantial securities violation is provided to the Commission.

Our suggested approach also would better align the whistleblower rules with the policies under the U.S. Sentencing Guidelines, SOX, and other guidance described above all of which encourage companies to maintain robust compliance and reporting programs. The Proposed Rules depart from that settled understanding and represent a major shift from the government’s emphasis on the importance of internal processes. Notably, they also depart from whistleblower internal reporting requirements in the United Kingdom, which require use of internal reporting mechanisms.²³ In short, we believe the Commission can most effectively implement the whistleblower program by requiring whistleblowers to report internally at companies with established reporting processes.

Companies With Compliance And Reporting Programs Should Have 180 Days To Conduct An Internal Review Of A Potential Violation.

If the Commission determines to require initial internal reporting in the manner recommended above, it should retain the “grace period” in the Proposed Rules, which affords employees a certain amount of time after reporting information internally to make a whistleblower submission to the Commission and have their submission deemed effective as of the date of their internal report.

We believe, however, that the proposed 90-day window may be an insufficient amount of time to permit a company to investigate potential violations, particularly allegations that raise complex issues or occur overseas. In our view, 180 days would be a more reasonable amount of time for the internal process to proceed before the employee becomes eligible for whistleblower status with the SEC, although even that amount of time may be insufficient in complicated situations. If the company does not report back to the employee within 180 days or within an SEC authorized longer period, the employee would be free to report the matter to the SEC and be eligible for a bounty. As a practical matter, in many cases, before 180 days elapse, a company may determine to report the information to the SEC, with disclosure to the SEC of the existence of an internal reporting date for the whistleblower. If the company determines that the information lacks merit or otherwise does not warrant reporting to the SEC, it could be required to notify the employee of this determination. At that point, the employee could decide to report the matter to the SEC, with the employee’s status as a whistleblower dating back to the time of his or her internal report. In this regard, the definition of “original information” in the Proposed Rules could be broadened to include information that the employee provides to his or her company and that the company later reports to the SEC.

Companies Must Be Permitted To Require Internal Reporting As Part Of Their Compliance Programs.

The Proposed Rules state that no person may take any action to impede a whistleblower from communicating directly with the Commission staff about a potential securities law violation. We are concerned that there is a possibility that the term “impede” may be read so broadly as to further undermine the internal compliance function. For example, many companies with robust compliance and reporting programs include in their codes of conduct a requirement that potential violations be reported internally to the company, and take disciplinary action if they discover that an employee did not report such information. Has that company impeded a whistleblower from communicating directly with the SEC about potential misconduct? Of course not, but we have seen commentary about Section 922 to that effect. Such a result would be inconsistent with the Commission’s intent to facilitate the operation of effective internal compliance programs, and would further undercut company compliance and reporting processes. Consistent with our suggested approach, the Commission should make clear that companies do not “impede” whistleblowers under this provision when they adopt policies requiring internal reporting as part of their compliance and reporting systems, or when company personnel recommend that employees first report potential violations through internal procedures before reporting them to the Commission.

Whether An Employee First Reported A Potential Violation Internally Should Be A Required Factor In Setting The Award.

Given the importance of internal reporting mechanisms discussed above, the SEC should make clear that one of the criteria that it must, not may, consider in determining the amount of the award is whether, and the extent to which, the whistleblower first reported a potential violation to the company. If the Commission does not first require internal reporting as we have suggested above, or if a company does not have a SOX-compliant reporting mechanism that covers securities violations, the rules should specify that whether a whistleblower initially reported a potential violation to the company will be considered a significant positive factor and failure promptly to invoke company reporting procedures will be treated as a significant negative factor. The Commission also could provide that no award above 10% will be given if the whistleblower did not report internally.

In contrast, the Proposed Rules do not adequately incentivize employees to first report potential violations internally. They require the SEC to consider a number of factors in setting the award, but the consideration whether the employee first reported the alleged violation in accordance with the company’s internal procedures “is not a requirement for an award” and “whistleblowers will not be penalized if they do not avail themselves of this opportunity.”²⁴ The incentives that a bounty provides for employees to go straight to the SEC and bypass internal reporting mechanisms require some countervailing measures to see that internal compliance programs are not vitiated by the bounty program. Directly tying internal reporting to the amount of the award would be a step in this direction.

An Individual In A Compliance Or Similar Function Should Not Be Eligible To Be A Whistleblower.

We appreciate the Commission’s effort to foster robust corporate compliance programs by generally excluding individuals with legal, compliance, audit, supervisory, or governance responsibilities from the category of persons who are eligible to receive an award. We also commend the SEC for taking the further step of excluding individuals who obtain information through a company’s process for conducting internal compliance, legal, audit, or similar reviews. But the Proposed Rules provide a notable exception to both exclusions: These individuals may become eligible whistleblowers and recover an award if the entity fails to disclose the information to the SEC within a “reasonable time” or if the entity proceeds in “bad faith.” That is, if a company does not self-report a potential violation within a “reasonable time” or acts in “bad faith,” a wide range of otherwise excluded individuals may become whistleblowers, including in-house lawyers, compliance personnel, internal auditors, supervisors, and board members. We are concerned that this exception will totally undermine the effective operation of internal compliance programs and should be eliminated.

In the context of the SEC’s proposal, the terms “reasonable time” and “bad faith” are vague, and a potential whistleblower contemplating the prospect of a large bounty payment may have a self-interested view of how much time is “reasonable” and what type of action or inaction constitutes “bad faith.” As the Commission acknowledges, “The determination of what is a ‘reasonable time’ in this context will necessarily be a flexible concept that will depend on all the facts and circumstances of the particular case. In some cases . . . a ‘reasonable time’ for disclosing violations to the Commission may be almost immediate.”²⁵ The breadth of the term “bad faith” is similarly indeterminate. The Proposing Release mentions only one factor “among other [unidentified] things” that will be considered in determining bad faith. There are a number of scenarios that illustrate the problem with this exception. For example, a supervisor may report a potential violation to the internal compliance program and later that same day claim that the company failed to report the alleged violation to the SEC in a reasonable time because, in the supervisor’s estimation, the facts and circumstances of the particular case required more immediate disclosure to the Commission. Or if an employee believes that his or her report to the company’s compliance department may enable another member of that department to obtain the bounty as a whistleblower, the employee may avoid submitting the report rather than take the risk of someone else receiving the award.

We urge the Commission to eliminate this exception, which provides an opportunity for individuals whose job and responsibility it is to help the company detect, investigate, stop, and remediate fraud to bypass internal processes and report to the SEC as whistleblowers. Otherwise, the Commission will be undermining the effective operation of our compliance programs.

Culpable Whistleblowers Should Be Excluded From Receiving An Award.

Individuals who may bear culpability for the conduct being reported to the SEC, but who have not been convicted of a crime in connection with the conduct, are still eligible to become whistleblowers under the Proposed Rules. The Commission has proposed limits on allowing culpable individuals to benefit from the bounty program, but we believe the better approach is to exclude all culpable whistleblowers from the category of individuals who are eligible to receive an award. Certainly, a rule that permits wrongdoers to disclose information to the SEC and profit from doing so would create undesirable incentives for wrongdoers to violate the securities laws. Furthermore, such a rule would undercut the culture of compliance and ethics that we have worked hard to establish. An important aspect of this culture is an emphasis on forgoing business opportunities when they present unacceptable compliance risks.²⁶ But the Proposed Rules belie that message. By allowing wrongdoers to recover an award, the proposal conveys that certain unacceptable compliance risks may be acceptable after all, as they may come with a large bounty carrying the imprimatur of the Commission.

The SEC Should Define The Proper Scope Of SEC Staff Communications With Whistleblowers.

The Proposed Rules authorize the SEC staff to communicate directly with whistleblowers who are directors, officers, members, agents, or employees of a company that has counsel, without first seeking the consent of the company’s counsel. We are concerned that this process undermines our ability, and that of our employees and directors, to obtain effective counsel. Moreover, important aspects of the process are not addressed. For example, the Proposed Rules do not provide any guidance to the SEC staff with respect to any limitations on the subject matter of their communications with a whistleblower. Plainly, the staff should not request, and refuse to accept, attorney-client privileged information. Similarly, the scope of the requirement that the whistleblower provide “additional information” is not clear. Presumably, this does not mean that the SEC staff can direct whistleblowers to provide confidential, competitively sensitive material or seek additional information through conversations with co-workers, but those and other limitations are not addressed in the Proposed Rules. The Commission should make clear that the staff may not communicate directly with whistleblowers who are directors, officers, members, agents, or employees of a company that has counsel, without first notifying the company’s counsel.

Thank you very much for considering our comments. We would be happy to discuss our concerns and recommendations, or any other matter that you believe would be helpful. Please contact Larry Burton, Executive Director of Business Roundtable, at 202-872-1260.

Sincerely,

Alexander M. Cutler
Chairman and Chief Executive Officer of Eaton Corporation
Chair, Business Roundtable Corporate Leadership Initiative

C: The Honorable Mary L. Schapiro, Chairman
The Honorable Kathleen L. Casey, Commissioner
The Honorable Elisse B. Walter, Commissioner
The Honorable Luis A. Aguilar, Commissioner
The Honorable Troy A. Paredes, Commissioner
Mr. David M. Becker, General Counsel and Senior Policy Director
Ms. Meredith B. Cross, Director, Division of Corporation Finance
Mr. Robert Khuzami, Director, Division of Enforcement
 

 

---

1 Committee Sponsoring Organizations of the Treadway Commission (“COSO”), Internal Controls—Integrated Framework 24-26 (May 1994).
2 Elizabeth Judd, The SEC’s Whistleblower Bounty, Corporate Secretary 15 (Nov. 2010) (quoting David Childers, Chief Executive Officer of EthicsPoint, a company that works to enable organizations to foster a business culture of integrity and compliance).
3 Proposing Release at 4 (emphasis added).
4 Proposing Release at 34.
5 Federal Sentencing Guidelines, ch. 8, Introductory Commentary 496 (2010).
6 Proposing Release at 120.
7 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Exchange Act Release No. 44,969 (Oct. 23, 2001).
8 Press Release, SEC Announces Initiative to Encourage Individuals and Companies to Cooperate and Assist in Investigations (Jan. 13, 2010) (“The new initiative establishes incentives for individuals and companies to fully and truthfully cooperate and assist with SEC investigations and enforcement actions.”).
9 2009 Corporate Governance and Compliance Hotline Benchmarking Report: A Comprehensive Examination of Organizational Hotline Activity from the Network 11 (2009).
10 T. Markus Funk, High Marks for U.S. Foreign Anti-Bribery Efforts, Law360 (Oct. 21, 2010); Organization for Economic Cooperation and Development, United States: Phase 3 Report (Oct. 2010).
11 Proposing Release at 33; see also, e.g., id. at 34 (SEC notes “the policy interest in fostering robust corporate compliance programs”); id. at 35 (Commission “want[s] to implement Section 21F in a way that encourages strong company compliance programs”); id. at 112 (SEC wants “to encourage companies to create and implement strong corporate compliance programs”).
12 Proposing Release at 34 (emphasis added).
13 Proposing Release at 112.
14 The SEC also can look to related exchange listing standards. See, e.g., NYSE Listed Company Manual (2010), http://nysemanual.nyse.com/LCM/Sections.
15 Proposing Release at 35.
16 Studies suggest that “ninety percent of employees seek out an individual they know within the company for advice or to report misconduct.” E.g., Ethics Resource Center, National Business Ethics Survey: An Inside View of Private Sector Ethics 26 (2007).
17 Yin Wilczek, SEC to Take Advantage of New Powers to File Aiding, Abetting Charges, Official Says, BNA Corporate Accountability Report (Nov. 12, 2010).
18 See, e.g., 2009 Corporate Governance and Compliance Hotline Benchmarking Report: A Comprehensive Examination of Organizational Hotline Activity from the Network 9, 14 (2009).
19 Proposing Release at 112-13.
20 Yin Wilczek, DOJ to Prosecute Whistleblowers Who Fabricate Information, Bharara Says, BNA Corporate Accountability Report (Nov. 15, 2010).
21 Proposing Release at 113.
22 Proposing Release at 112.
23 The U.K.’s Public Interest Disclosure Act sets forth “Disclosure to employer” as the first avenue for disclosure. See Public Interest Disclosure Act, 1998, c. 23, §§ 43C-43F (Eng.). The Act delineates additional requirements that must be met before an employee can disclose to other individuals, thereby evincing a clear intent in favor of initial internal reporting. Id.
24 Proposing Release at 51.
25 Proposing Release at 26.
26 COSO, Internal Controls—Integrated Framework 25 (May 1994).