The SEC’s New Rules for Whistleblower Awards
This fall, the Securities and Exchange Commission revamped its whistleblower awards program for the first time in 10 years. Those reforms — touching on who is eligible to receive an award for bringing tips to the agency; how large the award might be; and the actual process to submit a tip — went into effect at the beginning of December.
The changes have implications that corporate compliance officers should consider as they run their own internal reporting programs. Broadly speaking, the reforms give whistleblowers more incentive to bring their concerns to the SEC, which means you may lose valuable tips as employees take their suspicions of wrongdoing outside the company. Moreover, reporting a tip to the SEC allows the whistleblower to bring anti-retaliation complaints against his or her employer more easily.
So while compliance officers should always applaud the idea of more support for whistleblowers, we shouldn’t blind ourselves to the reality, either: the SEC’s whistleblower program makes management of your own whistleblower program more complicated.
What the SEC Whistleblower Program Does
Let’s first review precisely what reforms the SEC has implemented.
Small awards will be larger. Under the Dodd-Frank Act, when a whistleblower’s tip leads to a monetary penalty of more than $1 million, the whistleblower is eligible for an award of 10 to 30 percent of the settlement amount. The SEC’s new rules say that for any settlement under $5 million, the whistleblower will automatically receive the maximum 30 percent.
More enforcement actions will qualify for awards. The new rules clarify which types of regulatory settlements count as “enforcement actions” under the law, where whistleblowers would be eligible for an award. Deferred- and non-prosecution agreements struck with the Justice Department, or settlement agreements struck with the SEC outside the normal civil settlement process — any and all of those arrangements would still qualify as an “action,” where whistleblowers could then seek their reward.
Then again, the rules also clarify when a “related action” isn’t eligible for an SEC whistleblower award, too; such as when a tip to the SEC leads to an enforcement action with a different government agency with its own whistleblower award program. The whistleblower won’t be able to apply for rewards from both agencies.
Faster disposal of frivolous or defective tips. The SEC also adopted a procedure for summary disposition of certain types of common denials, such as untimely reward applications. People who abuse the program with frivolous tips can also be barred from future participation in the program. (Applicants whose claims are denied or labeled as frivolous would still have a chance to appeal.)
And some other details. The reforms address a few other matters less relevant to compliance officers. For example, the reforms clarify that the SEC believes it can cap the size of an award by dollar amount, even if that means the award falls below the 10 percent minimum threshold. They also tighten the definition of “independent analysis” (that is, outsiders who study a corporation’s finances for potential fraud) that might also be eligible for an award. Neither of those things matter much to the internal reporting systems within the CCO’s purview, so we won’t explore them here.
What This Means for Corporate Programs
It’s wrong to think of the SEC whistleblower program as a competitor to your own. Numerous studies over the years have shown that most employees genuinely want to raise concerns they have internally, because they want their organization to do well and succeed. When they witness misconduct, their first instinct is not a dispassionate analysis of how to make money off that observation. Their first instinct is to right the wrong.
In that case, the SEC program is more an alternative that whistleblowers can pursue when their first choice — reporting internally — doesn’t seem feasible. So the compliance officer’s objective should be to make internal reporting as easy, safe, and comfortable for employees as possible.
For example, your internal reporting procedures should make the confidentiality of whistleblowers a high priority; when employees see that it’s safe for them to speak up about management abuses, they’re more likely to do so. They’re more likely to talk among themselves and say, essentially, “Yes, you can trust this system. They’re on your side.”
Implementing an effective mechanism for reporting and responding to complaints is key. Empowering your employees to come forward requires more than a simple hotline number, it requires a multi-pronged approach that includes training, reporting, incident management and full transparency of corporate policies and code of conduct. An effective incident management process should act as the connective tissue that keeps a culture of compliance together. It’s the system that takes an employee complaint from start to resolution — and managed correctly, at scale, that system can provide invaluable insight about corporate performance and risks along the way.
Likewise, investigations should be thorough, and include a response to the whistleblower — even if that response is to say the allegation still isn’t resolved, or, has proven unfounded. Talking about investigations is always a delicate matter, but the broader principle here is that employees want to feel heard when they speak up. They want the internal reporting program to be a partner that gives their allegation a fair hearing and treats them as individuals deserving respect.
If your compliance program comes up short on those points — it fails to protect confidentiality, or makes submitting complaints an onerous process, or never follows up with whistleblowers to let them know what happened with their report — then the whistleblower won’t feel like a partner in the company’s quest to do the right thing. He or she will look elsewhere for a friendly audience.
Now the Securities and Exchange Commission has made itself that much more inviting for whistleblowers. Compliance officers should work hard to ensure their employees aren’t tempted to go elsewhere.
For information on Steele’s Incident Manager software and how it can help create a more transparent, effective incident management process visit: steeleglobal.com/incident-manager.