The Dodd-Frank Wall Street Reform and Consumer Protection Act ("Act" or "Dodd-Frank") provides the U.S. Securities and Exchange Commission ("SEC" or "Commission") with new and stronger measures to enforce federal securities laws, including incentives and protections for whistleblowers reporting securities law violations to the SEC. One of those measures, though, the so-called "whistleblower bounty" program, runs counter to long-established aims of federal law enforcement policy by threatening the viability and vitality of corporate compliance policies and programs. These programs have been established at considerable expense by companies after years of encouragement by the SEC and the U.S. Department of Justice ("DOJ") to corporations to utilize robust internal reporting and investigation procedures.
The new program entitles qualifying whistleblowers to between 10 and 30 percent of sanctions in a successful SEC enforcement action, a potentially huge sum in actions that end in sanctions worth hundreds of millions of dollars. This strong incentive created by the new whistleblower program threatens to undermine key elements of compliance programs by encouraging individuals to bypass established corporate reporting systems and instead report potential misconduct directly to the government. Since the Act was signed into law on July 21, 2010, the SEC has reportedly experienced an increase in tips related to fraud allegations, presumably supplied by individuals hoping to receive a monetary reward for information leading to successful enforcement actions.1In order to mitigate the adverse impact of Dodd-Frank on corporate compliance programs, the SEC should, through both policy and rulemaking, encourage employees to utilize internal reporting systems and help corporations retain employees as a valuable source of information that supports effective compliance programs.
II. SEC Whistleblower Bounty Program Before Dodd-Frank
A previous whistleblower bounty program had been rarely used by the SEC even though the Commission was given limited authority to provide awards to whistleblowers over twenty years ago. Section 21A(e) of the Securities Exchange Act of 1934 ("Exchange Act"), as amended by the Insider Trading and Securities Fraud Enforcement Act of 1988,2authorizes the SEC to award up to ten percent of the penalty recovered by the agency "to the person or persons who provide information leading to the imposition of such penalty."3Importantly, Section 21A(e) only applies to insider trading cases, and the SEC retains complete discretion as to whether any award is warranted in a particular case.4To date, the SEC has only paid approximately $1.6 million in awards as part of the prior bounty program, $1 million of which was authorized shortly before the enactment of Dodd-Frank.5
III. Dodd-Frank Whistleblower Provisions
Dodd-Frank expanded and remade the SEC whistleblower bounty program by: (1) increasing the amount of potential awards for whistleblowers; (2) authorizing awards for information in connection to enforcement actions brought under any federal securities law; and (3) affording whistleblowers strong protection against retaliation. The primary alterations to the SEC bounty program are found in Section 922, although various provisions that impact whistleblower programs are distributed throughout the Act.6The expansion of the SEC whistleblower bounty program will be codified as Section 21F of the Exchange Act.7
A. Monetary Incentives
Under the new law, the SEC is obligated to pay an award to a qualifying whistleblower valued between 10 and 30 percent of the monetary sanctions collected in a covered action.8In order to qualify for an award, an individual must voluntarily provide "original information" to the SEC that "is derived from the independent knowledge or analysis of a whistleblower."9If another source provides the information to the SEC, the whistleblower may still be eligible for an award if the whistleblower is the original source of the information.10However, an award may not be given for information "exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media."11Whistleblower bounties are available in any successful enforcement action "brought by the Commission under the securities laws that result in monetary sanctions exceeding $1,000,000"12and multiple individuals may jointly provide information and be eligible for an award.13In determining the appropriate amount of the bounty, the SEC is instructed to consider "the significance of the information provided by the whistleblower," "the degree of assistance provided by the whistleblower" in the related enforcement action, and "the programmatic interest of the Commission in deterring violations of the securities laws by making awards to whistleblowers."14
B. Whistleblower Protection from Retaliatory Conduct By Employer
Along with increased monetary incentives, Dodd-Frank also provides significantly enhanced protection for individuals who provide the SEC with information regarding potential securities laws violations. The Act provides that "[n]o employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower."15Lawful acts of whistleblowers include "providing information to the Commission in accordance with [Section 21F]," providing assistance to the SEC in an action related to the information provided by the whistleblower, and making disclosures required by various federal securities laws.16
The Act puts real teeth in this protection by providing individual whistleblowers a federal cause of action for retaliation by employers.17A whistleblower who successfully asserts a retaliation claim against an employer is entitled to reinstatement, double back pay, and litigations costs.18
IV. Whistleblower Bounty Undermines Corporate Compliance Programs
The federal government, through its agencies and the U.S. Sentencing Guidelines, has for a substantial period of time strongly encouraged corporations to implement compliance programs and voluntarily disclose potential misconduct. The government pledges to consider such conduct and the importance of corporate compliance as a way to mitigate or avoid potentially harsh penalties for business crimes. These programs are also essential components of sound governance of public corporations.19The SEC's position on the importance of internal investigations and disclosure is evidenced by its recent Enforcement Cooperation Initiative, its Enforcement Manual, and in public statements made by agency officials. The Enforcement Cooperation Initiative, announced in January 2010, formally "establish[ed] incentives for individuals and companies to fully and truthfully cooperate and assist with SEC investigations and enforcement actions"20and authorizes the agency to use cooperation agreements, deferred prosecution agreements, and non-prosecution agreements to encourage cooperation.21
Prior to the recent Enforcement Cooperation Initiative, the so-called Seaboard Report, issued by the SEC in 2001, set forth the agency's policy for crediting cooperation and self-disclosure by corporations. It contains 13 criteria for measuring cooperation efforts of a corporation, including steps taken by the corporation upon learning of the misconduct, whether the corporation disclosed the misconduct to the public and regulators, and whether the corporation provided a comprehensive set of materials to the agency in voluntarily self-disclosing potential misconduct.22In addition to the framework established in the Seaboard Report, the SEC's Division of Enforcement Manual lists self-policing, self-reporting, remediation, and cooperation efforts of a corporation as the "broad measures of a company's cooperation."23
Finally, the SEC has taken the position that in order to faithfully discharge their fiduciary duties to shareholders, corporate directors must investigate credible allegations of misconduct.24The SEC has instituted enforcement actions against individuals for failure to adequately investigate "red flags" of internal misconduct.25
The current U.S. Sentencing Guidelines ("Guidelines") also provide incentives for corporations to install internal compliance programs and self-report potential violations to the appropriate government agency. In the event of prosecution, a corporation can receive credit for having an "effective compliance and ethics program,"26for self-reporting a potential violation, and cooperating fully with the relevant government agency.27One feature of an effective compliance program, as defined by the Guidelines, is "a systemwhereby the organization's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation."28By having an effective compliance program, self-reporting, and cooperating with the government, a corporation can take steps that may decrease the Guidelines' fine range and avoid a potentially harsher punishment. Doing so clearly is acting in the best interest of shareholders.
As a result, many corporations have installed compliance programs that feature and rely on internal reporting systems, often at significant expense to the corporation.29However, effective compliance programs are dependent on employees disclosing information about potential misconduct to the company through internal reporting systems. A Senate Report accompanying Dodd-Frank seemingly recognizes this fact and quotes testimony from a Certified Fraud Examiner, who stated that over half of the "uncovered fraud schemes in public companies" are detected through tips from whistleblowers.30Corporations can only fix the problems that are known. The new whistleblower provisions threaten the effectiveness of internal reporting systems because employees now have a strong financial incentive not to report relevant information to the company, but rather to report it to the SEC.
The Act at the very least complicates, but more likely will frustrate, the task for corporations by encouraging employees to disclose information only to the government. Two primary sources of this problem are the "original information" requirement and the method for calculating an award under Dodd-Frank. First, if a corporation discloses potential misconduct to the government before an employee does so, the employee may be ineligible for an award, unless he or she is the initial source of the "original information." Depending on how the SEC regulates the program, an employee may have to establish that he or she was the initial source of the information in order to be eligible for an award if a corporation is the first to disclose to the government. Second, Section 21F whistleblower awards are calculated as a percentage of sanctions imposed in a successful enforcement action. Employees have little incentive to help a corporation cooperate, since cooperation and voluntary disclosure, per SEC policy, can decrease the sanctions imposed on offending corporations, thereby decreasing the whistleblower's award as well. Thus, by aligning the monetary incentives for employees, Dodd-Frank undermines a key element of the very compliance programs in which many corporations have invested pursuant to government mandates and expectations for proper conduct of corporate affairs. Moreover, any time a corporation has indications of internal wrongdoing, it may be compelled to win the race to the SEC by reporting first, but without the benefit of at least a preliminary internal inquiry to better determine relevant facts.
V. Proposed Solutions
A policy goal in implementing and administering the whistleblower bounty program should be that corporations not be deprived of the invaluable employee sources of information necessary to support robust compliance programs. To protect the integrity of these programs, corporations can proactively respond to Dodd-Frank with programmatic policy suggestions and internal corrective measures to address the most adverse consequences of the Act. These could include considering requirements for simultaneous disclosure clauses in employment contracts and compliance policies. In this way, even if the whistleblower provides the information to the government, companies could continue to reap the benefits of employees using internal reporting systems. Furthermore, simultaneous disclosure maintains the existing opportunity whereby a corporation can mitigate the adverse consequences to shareholders arising from internal wrongdoing by performing its own investigation and obtaining credit in any enforcement action for its rapid response and any appropriate follow-on steps.
However, any proactive response to the new whistleblower bounty program must include consideration of the anti-retaliation provisions of the law, which need clarification and support in regulation and policy for provisions that will not undermine existing internal reporting and review procedures. For example, the legal status under the retaliation provisions of a simultaneous disclosure agreement or employment requirement is uncertain. On the face of those provisions, requiring an employee to disclose to the corporation the same information he or she discloses to the government might be construed as "any other manner" of discrimination and violate the prohibition against retaliation.31Additionally, adverse actions imposed for an employee's failure to comply with a simultaneous disclosure agreement may raise further retaliation concerns. Guidance from the SEC designed to clarify these and related issues could help corporations comply with the new whistleblower laws while maintaining information sources that are key components of an effective compliance program.
Section 21F(j) gives the SEC broad authority to promulgate rules implementing the new program, which must be done by April 2011.32Companies should encourage the SEC to use its authority to mitigate the adverse impact of Dodd-Frank on internal corporate misconduct reporting systems when it issues rules implementing the new whistleblower bounty program, particularly in light of Congress's apparent failure to seriously consider the adverse consequences of the new program.33Among the measures that could be considered would be the SEC encouraging employees to use corporate internal reporting systems by conditioning the amount of a potential award on an employee's contemporaneous use of an internal reporting system at the corporation, unless no such system is available or the employee demonstrates that extraordinary circumstances preclude the use of contemporaneous internal reporting. Such a policy would be consistent with the SEC's prior policies encouraging robust systems of corporate internal reporting and review. Second, the SEC, in providing guidance as to retaliatory conduct, could exclude company requirements that employees also use internal reporting systems absent unusual and compelling circumstances known to the employee at the time that would justify by-passing the internal report. Finally, the SEC should consider a policy under which it affirmatively engages with corporations by sharing whistleblower tips received by the agency. Such a policy, with an appropriate compelling circumstances exception, would avoid penalizing a corporation for an employee's decision to bypass internal reporting systems and allow corporations to obtain cooperation credit for investigating and disclosing its findings to the agency. At the same time, corporate shareholders and the public would continue to benefit from compliance programs that proactively address and investigate internal misconduct.
The SEC has an important opportunity to mitigate adverse consequences on internal corporate reporting policies that the Dodd-Frank bounty program is likely to occasion, and it can do so while remaining fully faithful to the bounty program as required by Congress. The SEC would do the public a service to design rules for administration of the program that both adhere to the fundamental purpose of Dodd-Frank but also preserve essential components of compliance programs that the government itself has recognized as being an integral part of responsible and effective corporate governance.
1Jessica Holzer & Fawn Johnson, Larger Bounties Spur Surge in Fraud Tips, Wall St. J., Sept. 7, 2010.
2Pub. L. No. 100-704 (1988).
315 U.S.C. § 78u-1(e) (2006).
5 See U.S. Sec. & Exch. Comm'n, Office of Inspector General, Report No. 474, Assessment of the SEC's Bounty Program 4 (Mar. 29, 2010); U.S. Sec. & Exch. Comm'n, Litig. Release No. 21601, SEC Awards $1 Million for Information Provided in Insider Trading Case (July 23, 2010) available at http://www.sec. gov/litigation/litreleases/2010/lr21601.htm (last visited September 13, 2010).
6 See e.g. Dodd-Frank, Pub. L. No. 111-203, § 748 (2010) (providing for incentives and protections for individuals that provide information in connection with enforcement actions brought under the Commodity Exchange Act).
8Securities Exchange Act of 1934, § 21F(b)(1), amended by Dodd-Frank, § 922(a).
9 Id. § 21F(a)(3)(A).
10 Id. § 21F(a)(3)(B).
11 Id. § 21F(a)(3)(C).
12 Id. § 21F(a)(1), (b).
13 Id. § 21F(a)(6).
14 Id. § 21F(c).
15 Id. § 21F(h)(1)(A).
16 Id. § 21F(h)(1)(A)(i) - (iii).
17 Id. § 21F(h)(1)(A).
18 Id. § 21F(h)(1)(C).
19 See e.g. S. Rep. No. 111-176, at 110 (2010) (citing testimony that stated "whistleblower tips detected 54.1% of uncovered fraud schemes in public companies."); Association of Certified Fraud Examiners, 2010 Global Fraud Survey at 4-5 (stating that the results of one survey indicate "the typical organization loses 5% of its annual revenue to fraud" and that "[g]iven the high costs of occupational fraud, effective fraud prevention measures are critical").
20Press Release, U.S. Sec. & Exch. Comm'n, SEC Announces Initiative to Encourage Individuals and Companies to Cooperate and Assist in Investigations (Jan. 13, 2010) available at http://www.sec.gov/ news/press/2010/2010-6.htm (last visited Sept. 13, 2010).
22U.S. Sec & Exch. Comm'n, Securities Exchange Act of 1934 Release No. 44969, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions (Oct. 23, 2001) available at http://www. sec.gov/litigation/investreport/34-44969.htm (last visited Sept. 13, 2010).
23U.S. Sec. & Exch. Comm'n, Division of Enforcement, Enforcement Manual 127-128 (Jan. 13, 2010).
24 See e.g. Roel C. Campos, Commissioner, U.S. Sec. & Exch. Comm'n, Speech by SEC Commissioner: How to be an Effective Board Member (Aug. 15, 2006) available at http://www.sec.gov/news/speech/ 2006/spch081506rcc.htm (last visited Sept. 20, 2010) ("From the perspective of the SEC, let me say again - participating in, overlooking, or ignoring red flags indicating possible fraudulent accounting is not a business decision.If the directors do not conduct an independent investigation, they are not acting reasonably or in good faith and should not be protected by the business judgment rule.").
25 See e.g. Press Release, U.S. Sec. & Exch. Comm'n, SEC Charges Former Executives in Illegal Scheme to Enrich CEO With Perks (Mar. 15, 2010) available at http://www.sec.gov/news/press/ 2010/2010-39.htm (last visited Sept. 20, 2010) (announcing enforcement action and settlement of charges against the former chairman of a corporate audit committee, alleging the individual "failed to respond appropriately to various red flags concerning  expenses and  related party transactions."The SEC also alleged that "internal auditors raised concerns to [the individual], yet [he] failed to take meaningful action to further investigate the matter and he omitted critical facts in a report to the board concerning" the alleged misconduct.").
26United States Sentencing Commission, Guidelines Manual, § 8C2.5(f) (Nov. 2009).
27 Id. § 8C2.5(g).
28 Id. § 8B2.1(b)(5)(C).
29One 2005 study found that some corporations expend more than $10 million a year on compliance and ethics programs. The median expenditure across all industry groups ranged from $150,000 to $249,000 a year. See Ronald E. Berenbeim, The Corporate Board, Inc., Research Report R-1393-06-RR, Universal Conduct: An Ethics and Compliance Benchmarking Survey 8-9 (2006).A 2008 survey of Global 2000 corporations conducted by Integrity Interactive Corporation found that corporations spend approximately $80 per employee each year on compliance and risk management programs. See Press Release, Integrity Interactive Corporation, Integrity Deduces Formula for Ethics & Compliance Spending at Global Companies (Oct. 7, 2008) available at http://www. integrityinteractive.com/docs/Compliance-Spending-10-07-08-FINAL.pdf (last visited Sept. 15, 2010).
30S. Rep. No. 111-176, at 110 (2010).
31Exchange Act, § 21F(h)(1).
32 See Dodd-Frank, § 924(a).
33 See S. Rep. No. 111-176, 110-112 (2010) (addressing Section 922 and the new whistleblower program without addressing its potential effects on corporate compliance programs).