The SEC recently adopted detailed rules implementing the Dodd-Frank Act’s program of hefty bounty awards for whistleblowers who provide the agency with original information about securities law violations resulting in sanctions in excess of $1 million.

The new rules impose special limitations on the receipt of bounties by certain persons who have explicit or implicit compliance responsibilities with a company, including, for example:

  • any officer or director who is informed by any other person about allegations of misconduct,
  • any officer or director who learns such information as a result of the company’s whistleblower hotline or other corporate mechanisms for identifying potential violations, and
  • any employee whose principal duties involve compliance or internal audit responsibilities.

Under the rules’ limitations, such individuals can receive a bounty for information they disclose to the SEC, but only if:

  • they have a reasonable basis to believe that such disclosure is required to prevent the company from acting in a manner likely to cause substantial injury to the financial interest or property of the company or investors,
  • they have a reasonable basis to believe that the company is engaging in conduct that will impede an investigation of the misconduct, or
  • 120 days have passed since the company had notice of the information.  

Company personnel with compliance responsibilities will often possess the most complete information about an alleged violation, and the prospect of a whistleblower bounty will, in many cases, provide such personnel with a substantial incentive to inform the SEC before the company or another person does so. Moreover, the abovedescribed limitations generally leave such individuals free to inform the SEC at the end of the 120-day period, if not before.