The Securities and Exchange Commission’s (SEC) March 8 announcement that it had paid almost $2 million to three whistleblowers underscores the burgeoning number of tips the agency is receiving, its whistleblower program’s importance to enforcement efforts, and the increased risk for SEC-regulated companies. The largest of those three awards – approximately $1.8 million – went to an unnamed informant who the SEC said voluntarily provided information that led to the agency opening an investigation. The SEC does not identify whistleblowers by name and does not disclose information that might reveal their identities.

This award announcement was the first for 2016, but it comes on the heels of the agency’s report to Congress on its fiscal year 2015 Dodd-Frank Whistleblower Program. The report shows that the SEC received nearly 4,000 tips and paid out more than $37 million in awards in the prior year, a 30 percent increase from 2012, the first full year of the program, in which the SEC received 3,001 tips. In the March 8 announcement, Sean McKessy, Chief of the SEC’s Office of the Whistleblower, attributes the surge in tips to “increased public awareness of our program and the tens of millions of dollars we’ve paid to whistleblowers for information that helped us bring successful enforcement actions.” The program provides a bounty of up to 30 percent of the amount the SEC collects in a resulting enforcement case.

To be sure, only a small fraction of these tips lead to significant enforcement actions, and the SEC’s Office of the Whistleblower faces substantial challenges in sorting through the complaints to determine which of them warrant follow-up. But considering the volume of complaints, the breadth of subject areas they address, and the consequences a company may face if a complaint leads to an SEC inquiry, companies that ignore the risk do so at their peril.

Topics raised in whistleblower tips have remained fairly consistent over the three full years of the program’s existence. In the 2015 fiscal year, 687 of 3,923 total complaints involved corporate disclosures and financial issues, comprising the largest share of complaints (18 percent), followed by offering fraud (16 percent), and market manipulation (12 percent). Perhaps resulting from this breakdown and the agency’s creation of its Financial Reporting and Audit Task Force in 2013, the SEC has brought more cases alleging financial reporting and audit violations recently – 134 in 2015, compared with 98 such cases in 2014 and 68 in 2013.

One obvious message for companies in this high-stakes whistleblower environment: Get your internal controls and financial reporting right. Having an effective compliance program and procedures to prevent securities law violations may not eliminate the possibility of an employee becoming a whistleblower, but will make dealing with an SEC inquiry that results from a tip more manageable.

But more than that, a critical consideration for companies is whether they have the appropriate compliance culture. The best way to avoid whistleblower complaints to the SEC about your company is to prevent them from happening. SEC officials have reported that the vast majority of tips they pursue come from employees who first raised their concerns internally, but who felt their concerns were either ignored or not taken seriously. Therefore, companies need to have procedures in place to maximize the possibility that they can learn about and investigate complaints of wrongdoing before an employee becomes an SEC whistleblower. Companies must provide employees with clear avenues for internal reporting (including doing so anonymously) and describe what the company will do to handle reports. Once a complaint is received, the company must take prompt action to not only understand whether there is merit to the complaint, but also to demonstrate to the whistleblower that his or her concerns have been taken seriously. Moreover, in the event that the whistleblower ultimately provides a tip to the SEC (or any other regulator), as part of its assessment of the company’s commitment to compliance, the agency will question what steps the company took to address the complaint. The company’s ability to demonstrate such a commitment is important to achieving the best possible result from an agency inquiry or investigation.

Of course, the company also must make clear that it has no tolerance whatsoever for retaliation of any kind. A company’s response to an internal complaint must focus on the substance of the complaint rather than on an attempt to learn the identity of an employee who reports concerns anonymously. This admonition holds true whether the company is conducting an internal investigation only or has received an inquiry from the SEC that may be the result of a whistleblower complaint. Dodd-Frank explicitly prohibits retaliation against those who report misconduct to the SEC, and the SEC has made clear that it considers Sarbanes-Oxley anti-retaliation protections to apply equally to whistleblowers who only report internally.  Should SEC staff make an inquiry about what may be a whistleblower complaint, the company should recognize that the staff likely believes there may be some merit to the complaint. Any effort by the company to impugn the whistleblower’s integrity or motivations will be, at a minimum, counterproductive. Similarly, employee evaluations of a known or suspected whistleblower should be drafted with great care to ensure that no claim can be made that a negative comment is retaliatory.

The SEC has gone a step further by addressing what it contends are actions by companies that might chill the willingness of employees to make whistleblower complaints to the SEC. Last year it brought an enforcement action alleging that KBR, Inc.’s use of a confidentiality agreement prohibiting witnesses in an internal investigation from discussing the subject matter of their interviews was a violation of Rule 21F-17(a), which forbids taking actions that would impede an individual from communicating directly with the SEC about a possible securities law violation. The agency brought this proceeding even in the absence of any evidence that KBR intended the confidentiality provision to apply to whistleblower complaints, or that any whistleblower was actually deterred from making a report. Companies need to be mindful of this issue in their use of severance agreements and other employee contracts that contain confidentiality provisions.

The SEC’s encouragement of whistleblowing is here to stay. Companies that develop and adhere to robust compliance practices, properly handle internal complaints, and promote a healthy, non-retaliatory culture can avert costly and damaging SEC investigations.