Following the financial crisis and the discovery of Bernie Madoff’s Ponzi scheme, Congress passed the Dodd Frank Act, which expanded substantially the SEC’s whistleblower program and established the SEC’s Office of the Whistleblower. Under this new regulatory scheme, whistleblowers were eligible to receive an award of between 10 and 30 percent of the monetary sanctions collected, including any sanctions that might be levied in parallel investigations brought by other regulators including DOJ. Since 2010, the SEC has awarded whistleblowers a number of large awards, including several awards in the multi-million dollar range, the largest of which until now was for $30 million in 2014.

But on March 19, 2018, the SEC upped the ante considerably by awarding $83 million to three whistleblowers who informed the SEC about Merrill Lynch’s practice of misusing customer data. The informants provided information to the SEC, resulting in two separate SEC investigations. To settle the matter, Merrill Lynch admitted to wrongdoing, and agreed to pay $415 million in penalties. As bounty award for bringing the matter to the SEC’s attention, two whistleblowers, who filed their complaint jointly, received $50 million collectively, while the third whistleblower was awarded $33 million.

With respect to predicting whether this type of recovery will be the new norm for the SEC, it is worth noting that the Merrill Lynch matter was resolved during the Obama administration. Given the current administration’s efforts to repeal portions of Dodd Frank, it remains to be seen whether this magnitude of recoveries and corresponding whistleblower awards will continue. Regardless, these highly publicized whistleblower awards help the SEC to advertise its bounty program to would-be whistleblowers looking to cash in on a company’s failures by reporting directly to the Commission. As a result, companies may experience a downturn in internal reporting by employees, such as through hotlines, depriving well-meaning companies of a critical source of information necessary to run an effective compliance program. In light of these developments, companies should take the time to review their policies, procedures, training, and communications concerning reporting potential violations of law and test the effectiveness of those procedures, advertise the compliance program and all reporting avenues to employees, and emphasize non-retaliation as an established part of corporate culture.