In a potentially alarming trend for companies, the Securities and Exchange Commission (the “SEC”) recently announced the award of more than one million dollars to a compliance officer who utilized the Dodd-Frank Wall Street Reform and Consumer Protection Act’s Whistleblower Program (the “Dodd-Frank Whistleblower Program” or the “Program”)[1] to voluntarily provide information to assist the SEC in an enforcement action against the whistleblower’s own company. According to Andrew Ceresney, Director of the SEC’s Division of Enforcement, the compliance officer reported misconduct through the Program “after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.” This whistleblower is the 16th to receive an award under the Program since its inception in 2011, and the second in 2015. The SEC’s full April 22, 2015 press release (the “Release”) and award order can be found here. This represents the second time a compliance professional has received an award under the Program, with the first having come just this past August.[2]

The SEC awarded the compliance professional turned whistleblower between $1.4 million and $1.6 million, which represents between 10 and 30 percent of the amount collected in actions, as required under Dodd-Frank Whistleblower Program. To qualify for an award, an eligible whistleblower must voluntarily provide original information about a possible violation of the federal securities laws that results in a recovery by the SEC of $1 million or more.  As with prior awards under the Program, and keeping with the strong and stated goal of the SEC to maintain the confidentiality of whistleblowers, the award order is redacted and provides little detail about the underlying matter or the compliance professional who triggered it.

The Program generally provides that employees whose principal duties involve compliance or internal audit responsibilities are ineligible to receive awards, but there are several exceptions, including instances where the whistleblower has a reasonable basis for believing that the disclosure to the SEC is necessary to prevent the company from engaging in conduct that was likely to cause substantial financial harm to the company or investors.[3] These exceptions were the subject of much debate during the rule-making period as companies, trade associations, and others expressed concern that permitting gatekeepers to participate in the Program would inappropriately incentivize internal audit and compliance professionals to report matters rather than address them through the internal functions they are responsible for executing. Despite these concerns and the initial uncertainty surrounding the breadth of these exemptions, two of the 16 awards provided under the Program have now gone to such whistleblowers, making clear that the SEC is ready, willing, and able to reward compliance and internal audit employees turned whistleblowers.

As detailed in the 2014 Annual Report of the Dodd-Frank Whistleblower Program, the number of whistleblower tips received through the program has increased steadily each year, with 3,620 tips received during the Program’s FY2014—up from 3,238 in FY2013, and 3,001 in FY2012. For FY2014, the most common complaint categories reported by whistleblowers included Corporate Disclosures and Financials (16.9%), Offering Fraud (16%), and Manipulation (15.5%). The specific category covering FCPA-related submissions, which has increased each year, rose in FY2014 to 159 tips. Similarly, the “Other” category, which is generally understood to include some FCPA-related tips, also again rose in FY2014, with 911 reported tips. In FY2014, tips were received from all fifty states, the District of Columbia, and Puerto Rico. Since the Program’s creation, the SEC has received tips from individuals in 83 countries outside of United States and in FY2014, submissions were sent by individuals in 60 foreign countries. In FY2014, the highest number of foreign tips came from whistleblowers in the United Kingdom (70 tips), India (69 tips), Canada (58 tips), the People’s Republic of China (32 tips), and Australia (29 tips). The continued rise in the number of tips received, in addition to the expanding origin of such submissions, makes clear the Dodd-Frank Whistleblower Program is quickly becoming a core mechanism for whistleblowers across the globe to raise concerns. This most recent award further complicates the landscape for corporations considering this trend, underscoring that—in addition to increased reporting from around the globe—a company may well find its issues reported by the very internal personnel entrusted to detect, analyze, and remediate these concerns.[4]

Recognizing that the increased use of the Program is drawing government intervention into issues that—just a few years ago—would have remained internal, companies should continually evaluate and redouble their response to reported concerns. While the Program does not require would-be whistleblowers to report their concerns internally (the corporate community having also lost that key battle in the comment period under the statute),[5] studies indicate that employees are not, at least in the first instance, eager external whistleblowers. Rather, and perhaps surprisingly to some, as reflected by relevant studies more often than not, they first step forward and raise issues internally.[6] Of the current or former employees who received awards in the Program’s FY2014, 80% of these recipients first raised their concerns internally before reporting the information to the SEC. Having revealed a concern, these employees then expect the company to do the “right thing”—take the information seriously, analyze the concerns, and appropriately remediate. Where employees see those steps taken and/or trust that they have occurred, they are much more likely to keep their whistles in their pockets.

The same is true of the compliance and audit professionals who, in view of their very charge to protect the company, are in many instances the employees most likely to have reportable information. Incentivized—now twice—with the precedent of literally millions to gain by reporting, can these compliance professionals be expected to rely on internal mechanisms to resolve concerns? Here again, an appropriate and timely response from the company to a reported concern will, in many instances, prevent the reporting employee from feeling the need to take the internal issue external. Motivated by the fact that an internal report is an opportunity to resolve a concern before it goes to a regulator, companies should take aggressive measures to analyze reported issues, and to end any conduct likely to cause substantial financial harm to the company or its investors. As appropriate, these efforts should be made known within the company such that employees—and particularly those in compliance, audit, and other functions with access to the most sensitive concerns—trust the company to respond appropriately.

With the SEC receiving increasing numbers of tips, more and greater bounties being awarded, and compliance insiders now solidly in the mix, companies must carefully examine their end-to-end compliance reporting, investigations, and remediation processes to assess whether they are, in this new day, appropriately managing the risk of whistleblowers. Companies who fail to make needed adjustments are more likely to find themselves faced with the new Dodd-Frank reality: thanks to a gatekeeper turned whistleblower, their would-be internal issue is the subject of an SEC investigation.