In a move poised to transform the landscape of corporate compliance programs and whistleblower practices across a broad spectrum of companies, the U.S. Securities and Exchange Commission has adopted a final rule (Regulation 21F) implementing its Whistleblower Program on May 25, 2011. The SEC's new program, widely described as the "whistleblower bounty program," rewards eligible whistleblowers for reporting potential violations directly to the SEC. In so doing, the new program may encourage employees to bypass internal reporting systems and thus undermine corporate compliance programs specifically developed to foster effective reporting and responses. However, by incorporating best practices and lessons learned from the nuclear industry's experience, companies can preserve successful internal compliance and reporting.

Regulation 21F, promulgated pursuant to Section 21F of the Exchange Act, fulfills the directive contained in the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) to establish a program incorporating incentives and enhanced protections for individuals who report suspected violations of the securities laws directly to the SEC. Section 922 of the Dodd-Frank Act authorizes the SEC to pay awards to eligible whistleblowers who voluntarily provide the SEC with original information leading to an enforcement or related action that results in monetary sanctions in excess of $1 million.

Following the issuance of its proposed rule, the SEC received a flood of compelling comments from the corporate community about the harm the "bounty" component would cause to corporate compliance programs aimed at creating avenues for employees to raise concerns. Such comments were reiterated at a House Committee on Financial Services subcommittee hearing held on May 11, 2011, which included consideration of a proposed bill that would amend the Dodd-Frank Act to contain a mandatory internal reporting requirement. Despite this feedback, the final SEC rule retained the bounty element and did not condition whistleblower eligibility on initial internal reporting by the employee, although it purported to strengthen incentives for first reporting internally, an option ultimately left to the employee’s discretion. In addition, a recent federal court decision confirmed that Dodd-Frank’s anti-retaliation provisions protect concerns raised directly to the SEC and other specified actions, but not concerns raised only internally.

Potential Impact of the Whistleblower Bounty Program

Both industry and regulators agree that employees, as the "eyes and ears" of a company, play an essential role in identifying and reporting potential violations. In the wake of the SEC's new program, companies and commentators fear that employees will head straight to the SEC to report their concerns. Some even predict that employees may wait for an issue to increase in severity before reporting it to the SEC, in order to fulfill the $1 million sanction threshold for whistleblower recovery. Experience shows, however, that employees will resort to this approach only if they perceive it to be their best or only option for having their concerns addressed.

The nuclear energy industry's whistleblower experience illustrates that most employees care foremost about the moral principle (and, where applicable, any potential safety issues) at stake—at least initially. If provided with meaningful internal avenues for raising concerns and a track record of effective management response and resolution, most employees will choose those paths. One avenue implemented by the U.S. nuclear industry is the Employee Concerns Program, a confidential alternative to reporting up the chain of command. Otherwise, where there is a perceived distrust of corporate policies and an absence of effective alternative paths, employees will regard the SEC as the best option in the first instance. Therefore, the impact of the new SEC program on internal compliance programs depends largely on the success of internal reporting avenues and on the effectiveness of initial interactions between the employee and management.

How Companies Should Respond to the New Environment

To ensure the success of internal compliance programs in light of the SEC's new rule, companies are advised to consider adopting the following "best practices."

  • Management Training. Equip supervisors and managers with the tools to successfully respond to employee issues. Managers should take steps to address the underlying concern while treating the employee appropriately throughout the process.
  • New Work Environment Policies. Enhance or adopt programs for effective work environments. It is crucial to recognize the value of having employees raise their concerns, and to demonstrate to employees that their input is responded to seriously and without retaliation.
  • Employee Recognition. Create "good catch" awards and other non-monetary incentives such as company recognition at meetings or in newsletters. Experience has shown that concerned employees value recognition above monetary awards.
  • Benchmark Practices of Other Industries. Identify industries (such as the nuclear energy industry) with proven and effective internal compliance programs and employee reporting avenues.
  • Fraud Detection. Enhance, where possible, fraud detection programs to deter and identify fraudulent activities at early stages, before they mature into full-blown violations.