Are you ready for claims triggered by the new SEC whistleblower bounty rules? There are things you can still do to minimize the adverse effects of potential claims.
On May 25, 2011, the SEC issued its final rules implementing the whistleblower program mandated by Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). The publicity surrounding the final rules, the potentially huge bounties that can be available to a qualifying whistleblower, the protections that employee whistleblowers receive against adverse employment actions, and the promotional activities of lawyers seeking to represent whistleblowers in exchange for a share of the rewards all combine to increase the risk that any company subject to the securities laws (including the Foreign Corrupt Practices Act) may have to deal with new allegations of misconduct, whether or not the claims are justified.
Summary of the New Whistleblower Bounty Rules
The whistleblower bounty program under the Dodd-Frank Act and the new rules will reward individuals (natural persons only, with limited exclusions for persons with related duties) who:
- voluntarily provide to the SEC
- original information about a violation of the federal securities laws
- that leads to a successful enforcement action
- resulting in monetary sanctions that total more than $1 million.
If a whistleblower or group of whistleblowers satisfies these requirements, the Dodd-Frank Act requires the SEC to award them 10 percent to 30 percent of the monetary penalties the SEC recovers or that are awarded in related actions by other regulatory agencies.
Note that the whistleblower may initially report the information through the company’s internal compliance channels or to other regulatory authorities, although he or she is not required to do so. The SEC has indicated that whistleblowers who utilize internal reporting processes will receive credit in the calculation of award amounts within the 10 percent to 30 percent range. Culpable whistleblowers may receive lower awards within the mandatory range. Whistleblowers who report internally or to other agencies will qualify to receive a bounty if either the whistleblower or the company reports the information to the SEC within 120 days thereafter. As a result, there will be no more than a brief opportunity for the company to address the issues through a prompt, thorough and credible internal investigation, often with a report or periodic reports to the SEC.
Even if a company first learns of an alleged violation from the SEC rather than through its internal compliance program, a prompt and thorough internal investigation will sometimes be required. The SEC releases regarding the whistleblower bounty rules expressly note that, upon receiving a whistleblower complaint, the SEC staff may (depending upon the nature of the allegations and other factors) contact the company, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back to it. Given budgetary constraints and other factors, the SEC may often use this approach, and a company’s cooperation can be a mitigating factor when the government decides whether to prosecute a case or levy sanctions.
The Importance of a Culture of Compliance
Now is a good time to remind managers and employees that attentive and good faith compliance with applicable law and the company’s code of ethics, including internal reporting of evidence of potential violations by others, is an integral part of every corporate function against which managers and employees are evaluated and rewarded. The very best defense against serious allegations of misconduct, whether by whistleblowers, by government investigators, or by shareholders or other third parties, is a culture of compliance and ethical conduct. Even a single ethical lapse can have lasting adverse consequences for a company’s reputation for ethics and integrity.
Actions to Take Now
Companies that may be subject to whistleblower complaints should take the following actions before a problem arises:
- Review internal compliance and reporting programs and related policies. Train managers to identify and provide special attention to those employee reports or complaints that raise compliance concerns. Strengthen initiatives that encourage and reward employees who report potential securities violations in good faith through in-house reporting mechanisms, and adopt a robust exit interview process with departing employees that includes questions regarding compliance concerns. Review and consider the adequacy of D&O insurance, including coverage for costs incurred in governmental investigations or internal investigations in conjunction with governmental inquiries.
- Evaluate internal investigations protocols and procedures, and be prepared to act quickly and appropriately to preserve evidence, determine the facts, take remedial action and decide whether to self-report any problems that may be uncovered.
Review, refine (if necessary) and publicize your anti-retaliation policies as they relate to whistleblowers. The Dodd-Frank Act includes broader protections for whistleblowers than the Sarbanes Oxley Act did, and it is important that everyone know the rules.