May was the month of the Dodd-Frank Whistleblower Program, with the Securities and Exchange Commission (the “SEC” or the “Commission”) announcing three awards—two multi-million, and each going to insiders (the “May Awards”). While each award is of interest, underscoring the SEC’s prior warnings that whistleblowers are continually more common and sophisticated, the May 13, 2016 award of $3.5 million is particularly noteworthy as the recipient provided information that neither instigated nor expanded an enforcement action. Rather, the recipient was awarded for providing “detailed” information that “significantly contributed” to an ongoing investigation. The take away for companies: get a compliance check-up to ensure policies and procedures relating to investigations, whistleblowers, and employee communications position the company to effectively meet the ever-increasing threat of the Dodd-Frank Whistleblower.

The Dodd-Frank Whistleblower Program (the “Program”) awards individuals who voluntarily provide original information about a possible violation of federal securities laws that leads to a successful enforcement action.[1] A whistleblower is eligible for a reward of 10 to 30 percent where the monetary sanctions in the resulting investigation exceed $1 million. The May Awards bring the total to 31 whistleblower awards ordered by the SEC since the Program’s 2011 inception.

Both the May 17 and May 20, 2016 awards are consistent with prior orders, though each is of interest. On May 17, 2016, the Commission announced a $5-6 million award to an insider who provided information leading to conduct that would have otherwise been “nearly impossible to detect.”[2] This award, the third largest in the Program’s history,[3] went to a former employee from an unidentified function. Similarly, on May 20, 2016, the Commission awarded $450,000 to two whistleblowers who provided “a tip” leading to the initiation of a successful enforcement action, and—as the SEC emphasized throughout the respective release—who provided assistance through the process of the enforcement action, continuing to give key information as the investigation unfolded.[4] Like the May 17 action, the recipients of the May 20, 2016 award were also insiders from unidentified functions.[5]

The May 13, 2016 order—yet another to an insider—is, however, particularly noteworthy. There the SEC awarded $3.5 million to a whistleblower for information that neither initiated nor expanded an enforcement action.[6] In fact, the whistleblower came forward only after the investigation commenced and the alleged wrongdoing became the subject of media attention.[7] It was apparently for this reason that the recipient’s award application was initially denied. However, on May 13, the Commission reversed this prior determination and ordered the award, noting that the recipient provided “detailed” information that “strengthened the Commission’s case” and “significantly contributed” to the success of the ongoing action by “causing Enforcement staff to focus on [redacted in the order], when staff might otherwise not have done so”—an effort that “meaningfully increasing Enforcement staff’s leverage during the settlement negotiations.”[8] In calculating the value of the award, the SEC emphasized that the recipient had suffered “unique hardships” as a result of reporting the conduct, including the inability to find employment going forward.[9]

Consistent with prior awards and the oft-repeated goal of the SEC to maintain the confidentiality of whistleblowers, the respective award orders are redacted and contain little detail about the underlying matters or recipients. Nonetheless, the May Awards are interesting in a number of respects.

First, these awards continue the trend of insiders—i.e., employees of the subject company—as whistleblowers. While the positions and functions of the insiders-turned-whistleblowers were not identified in May Awards, each underscores the whistleblower risk from within. Second, as demonstrated by the May 13 award, the Commission will award any whistleblower who meaningfully contributes to the success of an investigation—even where that contribution does not initiate or expand the investigation. This award serves as a stark warning to companies to remain vigilant, recognizing that a whistleblower may appear at any stage—even after a matter has been initiated and made public.

Though noteworthy, the May Awards are not particularly surprising. In its Annual Report on the Whistleblower Program for 2015, the SEC noted a continuing increase in reports, culminating in an 8% increase to 3,932 reports received in FY2015.[10] In addition to quantity, according to the SEC, the quality of tips is also on the rise. As explained in the May 20 award release, the “recent flurry of awards reflects the high-quality nature of the tips the SEC is receiving as public awareness of the whistleblower program grows.”[11] The Program, the May 13 award release warns, “has seen tremendous growth since its inception, and [the SEC staff] anticipate[s] the continued issuance of significant awards in the months and years to come.”[12]

With awards increasing in size and quantity, and potentially available to any who provide valuable information at seemingly any point in an investigation, companies should regularly revisit their strategies for minimizing whistleblower risks:

  • Regularly Have Monitoring and Investigatory Efforts Assessed: With the evolution of a company’s risk profile and available tools, both monitoring and investigatory efforts can all too quickly become stale. As such companies should secure periodic evaluations of their compliance programs, which should specifically include an assessment of their monitoring efforts and investigatory strategies to ensure they are tailored to the current risk profile, and facilitating tailored and timely review and remediation of concerns.
  • Reevaluate The Approach To Communications Regarding Investigations: In a startling reminder that employees generally want to do the “right thing,” the 2015 Annual Report on the Program noted that approximately 80% of all insiders turned whistleblowers had first raised their concerns internally (or knew that supervisors and/or compliance personnel were aware of the issues) before coming to the SEC.[13] Where insiders know of and trust the investigative function and process, they are less likely to feel the need to go external with their concerns. Companies should thus look for appropriate mechanisms to educate employees on the investigation process, and regularly provide information demonstrating its effectiveness. Integrating anonymized case studies into training sessions, or accompanying reporting instructions with a high-level overview of the company’s investigation process are two examples of potentially effective tools.In short, there is opportunity to avoid internal issues becoming external problems.Periodic compliance check-ups can provide practical advice for any needed course corrections to minimize the risk that internal employees become external whistleblowers.
  • Develop and Deploy an Effective Media Strategy: Regardless of size, companies should proactively develop a strategy in the event it finds itself the subject of negative media attention, in a best-case scenario, part of an overall crisis management plan. Who will be authorized to speak for the company? Who will be involved internally in crafting the response? What employee outreach will be contemplated and who will be responsible for its execution? In the event the media highlights concerns, media plans can outline appropriate mechanisms by which the company can both coordinate an effective external response and assure employees that it is thoroughly considering the highlighted issues.Waiting to plan until the moment strikes is often too little too late.
  • Thoughtfully Stay in Touch with Your Whistleblower: In many instances it will be possible to remain in contact with a whistleblower. Even anonymous reporting often permits a reach back to the whistleblower while maintaining anonymity. Contacting a whistleblower for additional information or supporting documents may satisfy dual objectives, providing useful data for a more effective investigation, while demonstrating to a whistleblower the seriousness with which the company is treating the matter. Similarly, providing appropriate updates to a whistleblower throughout the investigation—mindful to maintain privilege and anonymity, and prevent retaliation—may also serve to prompt the provision of additional useful information and discourage the whistleblower from taking his or her concerns to the outside.In light of the May Awards, these efforts may be particularly appropriate for internal witnesses / whistleblowers.

Companies who do not respond in a timely and effective manner, or who leave insiders with little comfort that the issues will be meaningfully addressed, may find themselves confronted with a whistleblower even after issues are publically revealed. Dodd-Frank has repeatedly shown its teeth over the past few years, and only seems to be gaining momentum. Despite the growing whistleblower threat, many companies have yet to undertake a formal assessment of how, if at all, they might better position their compliance programs to meet this increased risk of enforcement. Time for a compliance check-up?