On August 21, 2012, the Securities and Exchange Commission announced its first award to a whistleblower under the Dodd-Frank Act’s bounty program. The SEC’s order granting the award can be found in Release No. 34-67698.

According to the SEC, the whistleblower helped the Commission stop a multi-million dollar fraud by providing “the exact kind of information and cooperation we were hoping the whistleblower program would attract,” which the Commission stated saved its investigators substantial time and resources. For these efforts, the whistleblower will receive a bounty of $50,000, which represents 30% of the amount the SEC has collected to date in its enforcement action. To preserve anonymity, the SEC did not provide information about the circumstances of the tip, including whether it came from an employee or whether the individual reported or attempted to report the wrongdoing internally before going to the SEC. A second whistleblower did not receive a bounty award because the information provided did not “lead to or significantly contribute to the SEC’s enforcement action,” according the Commission.

Under the Dodd-Frank Act, the SEC may award whistleblowers between 10% and 30% of the monetary recovery when they voluntarily provide “original information” that leads to a successful enforcement action and sanctions exceeding $1 million. The Chief of the SEC’s Whistleblower Office stated that since the program was established one year ago, the Commission has received about eight tips a day.

The incentives to whistleblowers to earn bounties highlight the importance of internal reporting and compliance programs. To respond to the challenge that employees may report directly to the SEC and bypass internal reporting and compliance programs, companies should review their internal procedures so that, as much as possible, employees can easily report issues and are encouraged to use their company’s internal reporting mechanisms. For example, legal, audit or compliance personnel are not entitled to a bounty if responsible management of the company are aware of the violation and are taking steps to address and prevent it within 120 days after the individual reported the violation, all of which can be accomplished through a timely reporting and investigation protocol, as well as an effective compliance program.

A swift response and thorough investigation by a company faced with a problem may increase the company’s employees’ confidence that their concerns will be taken seriously, despite the lure of a cash bounty, and encourage them to report alleged wrongdoing internally. Swift action will also often minimize the financial scope of a violation, thus minimizing the prospect of a large bounty under the SEC’s program. Most importantly, an effective internal reporting and compliance program will prevent - or at least minimize the scope of - violations of law.