[ By Tushar Oberoy]
The author is a student at NALSAR University of Law, Hyderabad.
Last year, the Securities and Exchange Board of India (SEBI) introduced the This step by the securities market regulator is inspired by the US Securities & Exchange Commission’s (SEC) whistleblower bounty program incorporated under the Dodd-Frank Wall Street Reform and Consumer Protection Act[i]. Since then, several concerns have been raised regarding the SEBI’s informant mechanism like maintenance of confidentiality, increment in the probability of frivolous complaints, etc. Apart from these, one of the concerns that arise is what will be the effect of incentivizing whistleblowers on the internal corporate compliance programs implemented by companies for tackling and preventing such violations at the internal level. This has also been pointed out in the SEC’s whistleblower bounty provisions and this post aims at analyzing the same in the Indian context.
SEBI’s informant mechanism is based on giving monetary incentives to people, who may be privy to insider trading violations, to come forward and report them to SEBI. Considering the fact that a company’s employees are most likely to know of any insider trading activity by the management, incentivizing them to come forward will also help SEBI to achieve its objective of tracking down insider trading cases. However, companies are also mandated to implement internal compliance programs for curbing insider trading by implementing checks and reporting to SEBI in case of a breach. [ii]. These internal compliance programs also require companies to frame a whistleblower policy to enable employees to report a leak of unpublished sensitive information (UPSI) or any violation internally[iii]. Since the informant mechanism gives monetary incentives to informants, an employee is more likely to report a violation directly to SEBI’s informant hotline, rather than making use of the internally established structures.
Moreover under Regulation 7B of SEBI (Prohibition of Insider Trading) Regulations, 2015 (PIT Regulations), an informant is rewarded only if he provides SEBI with “original information”[iv]. One of the important features of “original information” is that the Informant should be the sole source of information for SEBI and SEBI should not have knowledge of the insider trading violation from anywhere else[v]. Thus, employees who come to know of any insider trading violation in their organization would be in a race to first report the information to SEBI for successfully obtaining the reward. The implications of this would be that companies wouldn’t get a fair chance to self-investigate and self-report the violation to the market regulator, which goes against the crucial objective of developing a corporate compliance program. Carrying out an internal investigation of the alleged violation would also become difficult, as companies will not receive the required cooperation from its employees who might have crucial information regarding the breach.
There are also cases where there may be a lapse from the side of the company itself (eg. failure to close the trading window, non-disclosure of the required information, etc.) that amounts to a violation of the PIT Regulations. Due to a lack of cooperation from employees, companies might not be able to self-report, self investigate and assist SEBI in probe of any alleged breach. A probable consequence of this would be that mitigating circumstances for determining settlement amounts under SEBI (Settlement Proceedings) Regulations, 2018[vi] (example- applicant’s conduct during the investigation) would become inapplicable to them. This would result in higher settlement amounts being passed against them if they choose to settle the matter with SEBI.
From the above, it can be seen that the informant mechanism might undermine companies’ internal compliance programs, as the informant’s and the companies’ objectives will be at crossroads. Undermining of internal controls would also render useless the effort and monetary investment that a company had made for developing such institutional compliance programs. However, another question, equally pertinent that arises is whether such internal programs can be completely relied upon by SEBI for the prevention of insider trading or are external checks like the informant mechanism needed despite institutional controls.
Can companies’ internal compliance programs and processes be sufficiently relied upon to curb insider trading?
- Observations from the Whatsapp Leak Case:
One of the foremost failures of internal checks and compliance programs in matters of insider trading can be seen from the Whatsapp leak case. In this case, UPSI in the form of financial results of various companies was circulated through Whatsapp before they were publicly released. During the probe of the same, SEBI had also criticized the internal checks put in place by Axis Bank Ltd., which was one of the entities whose financial results had been leaked and also called it to improve its internal compliance mechanisms. In its order, SEBI observed that:
“Such leakage is prima facie attributable to the inadequacy of the processes/controls/systems that Axis Bank as a listed company had put in place. While procurement or communication of UPSI by any person is identified as a violation of reg. 3 of PIT Regulations and section 12A(e) of the SEBI Act, it becomes incumbent upon every listed company to put in place processes/controls/systems that would ensure that such procurement or communication of UPSI does not take place.”
- Ineffective management of whistleblower hotlines by Indian companies:
In a survey carried out by global consultancy firm Deloitte, it was found that Indian companies were merely following a “tick in the box” approach regarding the maintenance and implementation of internal whistleblower programs. The survey reported that only 68% of the firms were equipped with proper whistleblower programs/hotlines. The survey results further mentioned that in the majority of Indian companies, whistleblowing programs are often not functional, are failing to promise confidentiality to users, and are being run by without a dedicated team and mostly by persons of the human resources department.
Hence, due to the casual approach adopted by Indian companies in implementing whistleblower systems, the regulator cannot expect to receive information about insider trading by solely mandating them to put in place such systems under the PIT Regulations, 2015.
Also, there exists a much greater possibility of confidentiality breach and leak of the identity of a whistleblower if the internal whistleblower program of a company is used as compared to reporting to an independent entity i.e. SEBI using the informant hotline. If the identity of the whistleblower is leaked, the possibility of retaliation by the corporate muscles against an individual is huge. Due to such confidentiality concerns, a possible solution of requiring whistleblowers to first approach the matter through the internal hotlines of companies and only resort to SEBI’s informant mechanism if the company doesn’t properly pursue the complaint internally, is also ruled out.
Possible impact on internal compliance programs and concluding remarks:
Instances like the Whatsapp Leak Case, surveys detailing out non-functional internal whistleblower hotlines being put in place by several companies go on to show that companies’ internal compliance programs have been infallible. Even though SEBI has laid down guidelines for framing code of conduct and institutional mechanisms for preventing insider trading, the question of their robustness and effective implementation still remains. In such a scenario, an external check like the informant mechanism might have a deterrent effect on companies and individuals who take a casual approach to insider trading. Fear of such external checks might also instill in an organization a need to instill a better, effective internal compliance system in order to prevent insider trading from happening in the first place. The proof of the same can be seen from how increased crackdown on insider trading matters by SEBI leads to various firms engaging forensic auditors as reported here. These forensic auditors were engaged in improving internal codes and governance standards in order to curb insider trading. Various sophisticated techniques adopted by forensic specialists include IP controls, data-encryption, disabling USB devices, preventing printing of sensitive documents, using dummy figures while preparing financial statements, and reversing them just before their public release.. It is also pertinent to note that such techniques cannot be exhaustively laid down by SEBI in its regulations and hence a lot would depend upon the measures that organizations adopt that strengthen their internal controls and programs for curbing insider trading. Another example where SEBI probes lead to companies improving their internal processes is that entities named in the Whatsapp leak case barred mobile phones and gadgets in audit committee meetings for preventing leakage of UPSI.
With the whistleblower mechanism in place, the probability of entities being investigated by SEBI increases which can have the effect of installing better internal checks in order to curb and deter insider trading from occurring in the first place. Rather than undermining internal programs, such a step can indeed prove to be highly beneficial for the establishment of internal compliance programs in the long run.
[i] Section 922, Dodd-Frank Wall Street Reform and Consumer Protection Act, 2010
[ii] Regulation 9A, SEBI (PIT) Regulations, 2015
[iii] Regulation 9A(6), SEBI (PIT) Regulations, 2015
[iv] Regulation 7B, SEBI (PIT) Regulations, 2015
[v] Regulation 7A(1)(h)(ii), SEBI (PIT) Regulations, 2015
[vi] Regulation 10, SEBI (Settlement Proceedings) Regulations, 2018