Whistleblower provisions in Dodd-Frank legislation provide further impetus to increased FCPA investigations and enforcement

On July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Legislation”, or the “Act”). Among the most significant features of the legislation are new financial incentives and protections for whistleblowers who report violations of securities laws to the U.S. Securities and Exchange Commission (“SEC”). Although these provisions are partly in response to the financial crisis, they are widely expected to have a significant impact on an unrelated area of the federal securities laws –the Foreign Corrupt Practices Act (“FCPA”). When coupled with an initiative announced earlier in 2010 to encourage cooperation by witnesses in SEC actions,[1] the new whistleblower program likely will stimulate continued growth in FCPA investigations and enforcement actions. Because the Act also grants protection from retaliation for whistleblowing to employees of public company subsidiaries and affiliates, potentially including employees of foreign subsidiaries and affiliates, companies need to be prepared for an increase in bounty-hunting within their ranks. This has a number of implications for companies’ anti-corruption compliance programs and FCPA risk-management strategies.

New Whistleblower Incentives

In the wake of the Madoff scandal and other recent cases, Congress included provisions in the Dodd-Frank legislation intended to motivate people with information regarding securities law violations to report such information to the SEC.[2] Section 922(b)(1) of the Act instructs the SEC to pay monetary awards of between 10 and 30 percent to persons who voluntarily provide original information to the SEC that leads to successful enforcement actions resulting in monetary sanctions over $1 million. Unlike previous SEC insider trading bounty programs that were discretionary, bounties under the Dodd-Frank Act are mandatory.

• Broad scope of persons could seek the incentive. Except for excluding certain auditing firm and law enforcement personnel,[3] the legislation does not categorically restrict the types of persons who can receive an award (or even exclude the possibility of granting an award to an entity). Even whistleblowers involved in the underlying conduct remain eligible for awards, unless they are convicted of a criminal violation related to their involvement.[4] It is even possible that actual or potential business partners or acquirors who have learned information during the course of due diligence, as well as a foreign official to whom a bribe is offered, may be eligible. Information may be submitted anonymously through counsel, but no award may be paid without the whistleblower revealing his or her identity to the SEC. The legislation prohibits awards to persons who make false statements to the government. This could pose a significant barrier to eligibility for persons who are not prepared to cooperate fully and truthfully.
• Broad scope of violations that may trigger the award. As indicated above, the new incentives apply to all types of securities law violations, including the anti-bribery and accounting provisions of the FCPA. The incentives apply to reports concerning conduct occurring before the enactment of the legislation, as well as to reports that are filed after enactment but before the implementing regulations are enacted.[5]
• Reports must provide “original information” to be eligible for an award. The legislation defines “original information” as information that: (1) is derived from the whistleblower’s independent knowledge or analysis; (2) is not known the SEC from any source other than the whistleblower; and (3) is not derived exclusively from allegations made in a government hearing, investigation or report, or from the news media. Notably, these criteria do not expressly exclude awards for reports that lead to follow-on actions in existing cases.
• Amount of mandatory awards. The legislation requires the SEC to pay qualifying whistleblowers between 10% and 30% of the monetary sanctions collected out of an investor protection fund it is directed to maintain. These sanctions include not only civil penalties and prejudgment interest, but also disgorged profits in every case where these amounts exceed $1 million.[6] In cases originated by other enforcement agencies using information provided to the SEC, monetary sanctions may be shared. The SEC has the discretion to determine the amount of the award, and such determination is not appealable, although appeal rights exist with respect to other aspects of the legislation. There is no absolute limit on the amount an eligible whistleblower can receive. As a result, the provisions may well create distortive incentives. For example, in one recent FCPA enforcement action against a company that also was subject to earlier whistleblower allegations, total penalties reached US$195 million.[7] Some press reports have even cited a new industry: investment in whistleblower claims.[8]  

While the legislation takes effect immediately, the SEC must issue implementing regulations within 270 days of enactment establishing a method for receiving reports. The SEC also is required to establish a separate office for handling whistleblower reports, and must report annually to Congress. In testimony before Congress on July 20, 2010, the SEC Chairman indicated the whistleblower program is a high priority for the Commission. Indeed, the SEC also recently awarded its highest-ever whistleblower bounty – US$1 million – to a whistleblower who came forward in an already-pending insider-trading investigation.[9]

Expanded Whistleblower Protections

The Dodd-Frank Legislation also significantly expands legal protections for whistleblowers employed by companies issuing shares on a U.S. exchange, or who otherwise report violations of securities laws. Both the nature of these protections, and persons who are eligible for them, are expanded.

• Protection of the identity of the whistleblower. The legislation prohibits the SEC from disclosing information that could be reasonably expected to reveal whistleblowers’ identities, except in situations required by law.[10]
• Application of Sarbanes-Oxley Act cause of action for retaliation to employees of consolidated subsidiaries and affiliates of a publicly-traded company. The Act also extends the universe of persons who can claim retaliation under the Sarbanes-Oxley Act to include employees of the consolidated subsidiaries and affiliates of public companies, removing the limitation imposed by many prior Department of Labor decisions. Neither the Act nor the legislative history address to what extent the right applies to employees of foreign subsidiaries and affiliates. Provided such entities are included in the issuer’s consolidated financial statements, however, their employees would appear to be covered.[11]
• New private cause of action for retaliation. The legislation also provides for a new private cause of action for persons alleging retaliation for protected whistleblower activity. Preexisting Sarbanes-Oxley whistleblower protections required initial retaliation claims to be filed at the administrative level. Under the new program, persons discharged or otherwise discriminated against for providing information to the SEC or to a company’s audit committee under § 10A(m)(4) of the Exchange Act may now bring civil actions in district court.[12] Available remedies include reinstatement, double back pay, and attorney’s fees and court costs.  

Implications for Corporate Compliance

Given the Dodd-Frank Legislation’s increased incentives and protections for whistleblower activity, the need for mechanisms that will help companies surface concerns about possible FCPA non-compliance, including in foreign operations, has become more critical than ever.

• Importance of effective FCPA training for company personnel. Although the increased financial benefits of whistleblowing might not cause well-informed employees to make false reports, they may well lead uninformed employees to make spurious or misguided ones. Regular anti-corruption training to employees may reduce the likelihood that employees will report violations that do not exist. (For example, company employees not aware of the facilitating payments exception could inappropriately trigger an SEC inquiry by reporting such payments.) Live training in particular, while more costly than other means, may provide an opportunity for compliance personnel to become aware of employee concerns that would otherwise not surface.
• Heightened need to ensure internal reporting mechanisms are effective. Companies also should encourage use of internal reporting mechanisms and provide strong protections for those who use them, in an effort to capture reports internally, before an employee seeks to inform someone outside the company. Such encouragement should include developing and implementing anti-retaliation policies on a global basis.
• Increased importance of conducting thorough and independent internal FCPA investigations. While companies cannot prevent external reports by whistleblowers seeking a bounty, companies can and should conduct complete and independent internal investigations of credible allegations. Only such a full investigation can put a company in a position to respond to a government investigation that may be triggered by a whistleblower report.  

Finally, the legislation places whistleblower risks, known and unknown, even more squarely into the calculus of whether to make a voluntary disclosure of known compliance issues. Preemptive disclosure may become even more necessary than it has been in recent years.