The Commodity Futures Trading Commission (“CFTC”) recently issued a series of four whistleblower alerts aimed at seeking information from would-be whistleblowers in the areas of virtual currency fraud, foreign corrupt practices, insider trading, and violations of the Bank Secrecy Act (“BSA”).[1] Created under Section 748 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the CFTC’s Whistleblower Program enables the CFTC to pay monetary awards (between 10% and 30% of sanctions paid) to eligible whistleblowers who voluntarily provide the CFTC with original information about violations of the Commodity Exchange Act (“CEA”) that leads to a successful CFTC enforcement action resulting in monetary sanctions of at least $1 million.[2] Whistleblowers also may be eligible for awards based on “Related Actions” brought by other regulators, such as the U.S. Department of Justice (“DOJ”), other federal or state agencies, or a self-regulatory organization (“SRO”), if accompanied by a successful CFTC action.[3] Only individuals, not companies or other entities, are available for whistleblower awards.[4] Since issuing its first award in 2014, the CFTC has awarded more than $90 million to whistleblowers based on enforcement actions with sanctions totaling more than $730 million.[5]

The CFTC’s recent alerts suggest that companies must be aware that the agency has no intention of slowing down its enforcement program and instead seeks to further incentivize whistleblower cooperation to increase the effectiveness of its enforcement—particularly in areas typically policed by the Financial Crimes Enforcement Network (“FinCEN”) and the DOJ. This is consistent with the CFTC’s previously stated intent to focus its investigative resources on foreign corruption (an area historically occupied by the DOJ and SEC), as we reported earlier this year,[6] as well as the extension of its interest and increasingly active enforcement activity in the virtual currency space.

The CFTC’s Whistleblower Alerts

The four 2019 CFTC whistleblower alerts identify specific types of misconduct that potential whistleblowers should “be on the lookout for.”[7]

Foreign Corrupt Practices Alert:

The CFTC’s whistleblower alert addressing foreign corrupt practices in the commodities and derivatives markets, for example, encourages individuals with information about CEA violations “connected to bribes of foreign government officials or similar conduct” to come forward with information regarding:

  • Corrupt practices that alter the prices in commodity markets that drive U.S. derivatives prices;
  • Bribes employed to secure business in connection with regulated activities like trading, advising, or dealing in swaps or derivatives, paid out of funds investors believed were being used to invest; and
  • Corrupt practices used to manipulate benchmarks that serve as the basis for related derivatives contracts, as prices that are the product of corruption might be falsely reported to benchmarks.[8]

The CFTC appears to be trying to build upon the apparent success of the SEC whistleblower program, established in 2010,[9] related to potential Foreign Corrupt Practices Act (“FCPA”) violations. The SEC whistleblower program has led to a surge in reports regarding potential violations of the FCPA, resulting in more than $300 million paid to whistleblowers and more than $2 billion collected in enforcement actions[10]—a substantial portion related to FCPA violations.

Virtual Currency Alert:

The CFTC alert regarding virtual currencies similarly encourages whistleblowers to provide information to “stop fraud and manipulation relating to virtual currencies,” defined as “a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value.”[11] The CFTC considers virtual currencies, such as Bitcoin, to be commodities under the CEA.[12] Potential reportable misconduct in the virtual currency space may include:

  • Fraudulent solicitation of investments in virtual currencies;
  • Price manipulation (such as pump-and-dump schemes) involving virtual currencies and other virtual assets;
  • Pre-arranged or wash trading of virtual currencies, or swaps or futures contracts based on virtual currencies;
  • Virtual currency futures or option contracts or swaps traded on an unregistered domestic platform or facility;
  • Certain schemes involving virtual currencies marketed to retail customers by unregistered persons, such as off-exchange leveraged, margined, or financed commodity transactions, even without direct evidence of fraud or manipulation; and
  • Supervision failures or fraudulent conduct (e.g., creating or reporting fictitious trading) by virtual currency exchanges.[13]

The CFTC’s alert regarding virtual currencies reiterates the agency’s existing focus on cracking down on fraud in the virtual currency markets,[14] as well its pursuit of virtual currency platforms, exchanges, and other market participants that fail to properly register with and abide by CFTC regulations—even absent fraud or manipulation.

Insider Trading Alert:

The CEA and its accompanying regulations prohibit, among other things, trading on the basis of material nonpublic information (“MNPI”) in breach of a duty or on the basis of MNPI obtained by fraud or deception.[15] To that end, the CFTC’s whistleblower alert regarding insider trading encourages reporting of the following types of conduct:

  • Trading on market moving information that the source had a duty to protect;
  • Brokers front-running customer orders or taking the other side of any customer order without consent;
  • Tipping or trading using MNPI obtained by virtue of employment;
  • Trading on MNPI that was obtained by fraud or deception;
  • FCMs or brokers improperly disclosing customer orders or other MNPI; and
  • Swap dealers or major swap participants improperly disclosing MNPI or using MNPI provided by a counterparty without the counterparty’s consent.[16]

The CFTC’s insider trading alert dovetails with its recent creation of the Insider Trading and Information Protection Task Force, established in September 2018 to “root out this nefarious conduct from [CFTC] markets.”[17] In addition, the alert signals that the CFTC will focus not only on actual insider trading activity, but also will examine how the insider obtained MNPI—potentially including by paying bribes to foreign government officials, in violation of the FCPA.

BSA Alert:

Finally, FinCEN regulations pertaining to the BSA require Futures Commission Merchants (“FCMs”) and Introducing Brokers (“IBs”) to comply with various BSA requirements, including (1) maintaining and implementing a written anti-money laundering (“AML”) program approved by senior management; (2) implementing a written customer identification program (“CIP”); and (3) filing suspicious activity reports (“SARs”) and currency transaction reports (“CTRs”).[18] The CFTC previously has brought charges under 17 C.F.R. § 166.3 for FCM and IB supervisory failures with respect to BSA requirements,[19] and other BSA-related concerns include:

  • Improper supervision and records violations;
  • Failure to diligently supervise officers’, employees’, and agents’ opening and handling of accounts;
  • Failure to protect customers and the markets from fraud and corruption;
  • Improper enforcement of trading limits assigned by regulators;
  • Inadequate construction of a CIP as part of the firm’s compliance program; and
  • Failure to file SARs.[20]

This alert illustrates the CFTC’s continuing efforts to pursue misconduct in areas traditionally occupied by FinCEN, which also can constitute CEA violations, thereby underscoring that failures in these areas can pose serious risks to customers, and the CFTC thus intends to take these issues seriously. Like other enforcement programs, the CFTC appears to be expanding its enforcement efforts into corporate failures to properly implement compliance programs.

The CFTC’s issuance of whistleblower alerts in these four areas suggests that the CFTC is examining closely transactions involving foreign corruption, virtual currencies, insider trading, and BSA violations for any CEA violations that may warrant additional enforcement efforts. The CFTC’s stated interest in whistleblowers in these areas is especially notable, in that it suggests that the CFTC may be keen to pursue hybrid cases—that is, cases that may involve the use of cryptocurrencies, derivatives, or other commodities in foreign bribery schemes or financial crimes.[21]

What Encouraging Whistleblowing Means for Companies (and Individuals)

The CFTC’s effort to encourage whistleblowing is an explicit attempt to increase the flow of information to the CFTC, which companies operating in relevant industries should carefully consider. Although the CFTC’s whistleblower awards are anonymous, the CFTC has issued a number of sizeable whistleblower awards in 2019 alone—including one for $2.5 million.[22] In 2018, the CFTC issued its largest whistleblower award to date—some $30 million.[23] Given the multi-million-dollar nature of some whistleblower awards (and the fact that companies are ineligible to receive them), individuals have significant incentives to come forward and provide the CFTC with information in hopes of receiving a substantial payout in return. This, in turn, may leave companies and firms subject to the CFTC’s jurisdiction vulnerable to eager (or even over-eager) whistleblowers.

Accordingly, in the wake of the CFTC’s recent whistleblower alerts, companies involved in commodities transactions (including but not limited to transactions in virtual currencies) or other conduct subject to the CEA—both domestically and abroad, and both CFTC registrants and non-registrants—should not only evaluate the policies and procedures they have in place to prevent insider trading, foreign corruption, virtual commodities fraud, and BSA violations and scrutinize whether and how those programs are implemented in practice, but also ensure that they have a strong corporate compliance program that encourages employees to report internally via an internal reporting system.

A company’s compliance program and culture—in particular, how it handles and responds to employee complaints or other issues—can contribute measurably to whether an individual employee decides to report issues internally or seek outside assistance through the CFTC whistleblower program. Whistleblowers often resort to filing whistleblower complaints out of frustration, when companies fail to address their concerns internally. For this reason, it is imperative that companies have in place robust policies and procedures that encourage employees to report concerns and ensure effective investigation of those concerns, so that employees rightly believe that their complaints are treated with the respect they deserve.

Companies also should examine their exposure in these areas comprehensively, not in isolation—including, for example, potential vulnerability to insider trading, BSA violations, or foreign corruption related to cryptocurrency transactions. Given the whistleblower alerts, the CFTC is likely to give these particular areas increased scrutiny. Companies also are advised to consult with outside counsel familiar with the CFTC’s practices and expanded enforcement efforts in these new areas to consider the benefits of a comprehensive risk assessment and learn how to effectively implement enhanced compliance and internal controls. Doing so will enable a company to develop a program that can efficiently deter, and if necessary identify, potential foreign corruption, virtual currency fraud, insider trading, and BSA violation risks in relation to activities in the commodities markets.

Finally, where a company identifies a whistleblower or potential whistleblower, it should immediately consult outside counsel to address how best to navigate its relationship with the whistleblower (particularly if the whistleblower is a current employee), ensure appropriate privilege protections for the investigation and review, remediate if necessary, and manage relations with the CFTC and other enforcement agencies, to maximize cooperation credit and minimize any associated sanctions.

The CFTC has made explicit that it is seeking information about violations from companies subject to its regulatory regime. Companies must recognize these expanded enforcement efforts and react appropriately. Failure to understand the risks now could leave a company vulnerable to future enforcement efforts, resulting in significant penalties and immense business impact.