Compliance in the news: Supreme Court ruling affects third-party outsourcing

image of small puzzleThe Sarbanes Oxley Act of 2002 is certainly a giver – it certainly keeps giving public companies something new to think about. The most recent SOX piece of “giving” is a Supreme Court decision earlier this month that will affect all private contractors of public companies.

In early March, the Supreme Court ruled in Lawson vs. FMR, LLC that employees of private companies hired by public companies are covered by the same whistleblower rules of the Sarbanes Oxley Act of 2002 that cover public company employees.

What that means is that a law meant to protect whistleblowers reporting bad behavior of public companies now extends to … well, any company (public or private) that’s working with a public company.

According to a recent blog post on the site of compliance and ethics consulting company NAVEX Global, this could mean more oversight burdens for everyone:

While the full impact of the decision on the number and subject matter of whistleblower claims remains to be seen, there is another critical take-away from Lawson: The use of all third parties puts the engaging party at higher risk of fines, litigation and damage to reputation. Whether in the form of liability for direct, unlawful acts such as bribery or quality failures, or liability for the consequences of retaliation, all third parties need to be evaluated for the potential risk to the enterprise, private and public.

In other words, be careful of who your next contract is with. The full effects of the Lawson case aren’t known, but dissenting justice Sotomayer worried that the ruling was overbroad and  that “whistleblower” protection could extend to, well, anyone – even babysitters.

Reason to worry?

No doubt, if you’re reading this, you may be thinking “So what? My company isn’t doing anything wrong.” Well, that may be true.

The issue is … do you trust all your contracted partner and vendor companies with what information, and can you be assured there’s no risk of specious accusations? It’s probably too soon to say, but companies may become even more restrictive of what types of information get shared with vendors and contractors – making contract relationships more cumbersome and complex.

The law, of course, is all about protecting shareholders when public companies go off kilter and practice the kind of “the king has no clothes” financial information that Enron hid from shareholders. And indeed, there’s every reason to ensure that whisteblowers who are looking out for public companies’ shareholders don’t face crippling retribution.

Now, however, we see a law that seems to be going far beyond its intended purpose – with hard-to-know results on companies doing business with public companies and the public companies themselves.

It’ll be OK

The good news is that this ruling may not affect “business as usual” all that much. The ruling just extends an umbrella afforded to public company employees further.

Nonetheless, it does illustrate the point many have been making since the Great Recession of 2008 roiled the economy: compliance keeps getting trickier, and even the most well-meaning of new regulations have had unforeseen consequences that keep popping up in unexpected ways.

It’s safe to say that, for the time being, third party risk keeps getting more complex. That doesn’t mean it’s beyond hope of management, however. This underscores the need for contract management because, ultimately, managing risk is part of the job of contract management.

In today’s compliance environment, not having a contract management tool in place seems to be ensuring your organization is lacking a key tool for success.

[Image courtesy of Cooldesign via]