November 8, 2010
I disagree with the bounty program for whistleblowers. If there is a problem at a company, it is the employee, consultant, accountant, and attorneys job to report any deficiency up the chain of command. If they do not, they should be punished. If the company and management does not do anything to resolve this problem, then they should be severely punished. In addition, all reports of possible deficiencies and fraud throughout the company should be filed, confidentially, with the SEC annually.
We cannot reward people for doing what they are already required, or should be required to do. Instead, we should punish those who are not doing their job. The penalties should also be severe, such as hefty fines and a bar from the industry. Also, do not let management hid behind DO insurance when it comes time levy a penalty.
In sum, as between the carrot and the stick, I think the stick may be a better tool to achieve the goal of eliminating fraud and compliance deficiencies.
If you go through with the bounty program, do not provide rewards, or substantially limit rewards (e.g., 1% of fraud) for those who do not first report the deficiency internally.