Finance, legal professionals question impact of OSC Whistleblower Program on ‘culture of compliance’

June 2, 2015

By Helen Chan, Compliance Complete

TORONTO, June 2, 2015 (Thomson Reuters Accelus) – The Ontario Securities Commission (OSC) recently closed the consultation period on its proposed whistleblower program, but debate over the draft rules appears to be far from over. Finance and legal professionals have raised concerns over the program, particularly the absence of requiring eligible whistleblowers to report misconduct to internal compliance personnel prior to approaching the OSC.
Modeled after the Dodd-Frank Whistleblower Program, the OSC’s Whistleblower Program seeks to encourage individuals with information of financial misconduct at their firms to come forward.

Under the proposed program, individuals who come forward with information that results in settlements or sanctions of more than C$1 million could receive a reward of up to 15 percent of the penalty; payouts would be capped at C$1.5 million. The OSC has also proposed anti-retaliation measures to protect the identity of whistleblowers.

OSC whistleblowers would have to be (1) an individual (2) who provide high quality, original information that results in a settlement or sanctions and (3) is not exempt from consideration.

Culture of compliance in focus

Similar to the Dodd-Frank Whistleblower Program, the proposed OSC Whistleblower Program does not impose a requirement on eligible individuals to report misconduct internally first, a point that has raised eyebrows in the Canadian finance and legal communities.

Throughout the consultation period, some finance and legal professionals have commented that the whistleblower program could have the unintended consequence of eroding a ‘culture of compliance’ at firms at a time when qualitative factors such as corporate culture are on the radar of regulators around the world.

While many financial institutions have responded to increased regulatory demands by devoting additional resources and expertise to compliance and oversight of risk at senior levels, lower and middle ranks may still not be properly incentivized to adopt a company-wide ‘culture of compliance’.

A recent global risk management survey conducted by Deloitte noted only 50 percent of respondents stated that their firm’s risk management should review compensation to assist its impact on risk appetite and culture. The findings suggest that more work needs to be to encourage and reward employees for following compliance procedures and ethical practices.

Industry sentiments on compliance culture

In a comment letter to the OSC, law firm Osler Hoskin & Harcourt LLP (Osler) argued that “recourse to internal compliance and/or complaint programs should be a threshold requirement.”

Osler suggested that individuals should be required to demonstrate to the OSC that they availed themselves of internal compliance programs and procedures first. In situations where internal reporting is not possible, the law firm proposed that individuals should be required to provide an explanation to the OSC.

In its comment letter, mutual fund investment company Vanguard Investments Canada Inc. expressed concern that the lack of a requirement for whistleblowers to report misconduct internally first would undermine its compliance culture and even compromise the ability of firms to promote compliance with securities laws.

On culture, Vanguard argued that the process of internal reporting can assist firms in strengthening a ‘culture of compliance’ by providing opportunities for managers to publicly endorse a zero tolerance policy towards compliance violations.

The firm added that the program would encourage whistleblowers to bypass its own internal controls which would affect its ability to “properly address and detect any potential securities violations.” Vanguard went on to assert that their compliance systems cannot work effectively if employees do not alert risk management and compliance personnel of potential regulatory risks.

Similarly, another mutual fund dealer FundEX Investments Inc. argued that the OSC’s proposed program could have the unintended effect of incentivizing whistleblowers to bypass internal reporting procedures, which would damage compliance culture at firms.

In its comment letter, FundEX noted that the program should support the development of robust internal compliance programs and an appropriate corporate culture to support compliance initiatives. Bypassing the internal reporting process would hamper compliance functions. As a result, FundEX argued that the OSC’s Whistleblower Program should encourage individuals to follow their firm’s compliance guidelines to report misconduct internally first, “absent extraordinary circumstances.”

Law firm Davies Ward Philips & Vineberg LLP (Davies) argued that offering financial rewards to whistleblowers without a requirement to report internally would negatively impact compliance culture and open the door to frivolous claims.

The law firm noted that while financial rewards recognize the personal and professional risks whistleblowers undertake when reporting misconduct, whistleblowers motivated by financial gain could be improperly incentivized to report frivolous claims. Davies went on to further hypothesize that such frivolous claims could overburden OSC resources and prove counterproductive to goals of the OSC’s Whistleblower Program.

Overall, commentators support adding an eligibility requirement for OSC whistleblowers to report misconduct internally first, or at the very least, demonstrate why internal reporting is not possible or practical.

Findings from the SEC on internal reporting

Currently, the SEC encourages whistleblowers to report misconduct internally first but does not require them to do so. Whistleblowers who report information to the SEC within 120 days of reporting it internally can still be considered for a financial award. To further encourage whistleblowers to report internally first, the SEC considers internal reporting as a factor when determining awards.

Despite the lack of a concrete requirement to report misconduct internally first, the SEC claims that majority of whistleblowers prefer to do so. These informants then only approach the SEC if their employer declines to take action. In its 2014 Annual Report to Congress on the Dodd-Frank Whistleblower Program, the SEC noted that over 80 percent of whistleblowers who were employees raised their concerns internally prior to reporting them to the regulator.

While the OSC has proposed to cap whistleblower awards at C$1.5 million, the SEC does not limit awards, many of which have been much larger than the cap proposed by the OSC. To date, the highest award made under the Dodd-Frank Whistleblower Program was a US$30 million award given to a whistleblower outside of the United States in 2014. In its announcement, the SEC noted that the whistleblower had valuable information pertaining to ongoing securities fraud. The regulator further mentioned that the violation would have been very difficult to detect but for the whistleblower’s assistance.


Based on experiences gleaned from the SEC’s several year old whistleblower program, the absence of a solid requirement for individuals to report misconduct at their firms internally first does not necessarily translate into a diminished ‘culture of compliance.’

Nevertheless, fostering a company-wide compliance culture that encourages employees to adhere to compliance guidelines and bring information of misconduct to the attention of senior managers is vital to a firm’s risk oversight strategy. An environment that upholds internal reporting will assist a firm’s compliance and risk functions in identifying and managing regulatory risks, which are essential parts of any robust internal compliance program.

Visible and consistent endorsement of a firm’s compliance culture by senior managers can further strengthen a ‘culture of compliance’. Practicing a zero tolerance policy towards compliance violations can help senior managers cultivate an attitude that compliance is taken seriously throughout the firm. Active engagement with compliance efforts by senior managers also shows that compliance obligations are part of every employee’s responsibilities and will further build a ‘culture of compliance’.

Moreover, securities regulators are trending towards the consideration of qualitative factors such as a firm’s attitude towards risk in enforcement actions, and even in routine assessments. Establishing a ‘culture of compliance’ does not guarantee that a financial institution will never have a run-in with regulatory enforcement; however, it may just be what keeps a bad situation from getting much worse.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see