Ever Active and Perhaps Not So New—The SEC Awards Three Dodd-Frank Whistleblowers
By Gary F. Giampetruzzi, S. Joy Dowdle, Lucy B. Jennings & Daniel F. Newman
May was the month of the Dodd-Frank Whistleblower Program, with the Securities and Exchange Commission (the “SEC” or the “Commission”) announcing three awards—two multi-million, and each going to insiders (the “May Awards”). While each award is of interest, underscoring the SEC’s prior warnings that whistleblowers are continually more common and sophisticated, the May 13, 2016 award of $3.5 million is particularly noteworthy as the recipient provided information that neither instigated nor expanded an enforcement action. Rather, the recipient was awarded for providing “detailed” information that “significantly contributed” to an ongoing investigation. The take away for companies: get a compliance check-up to ensure policies and procedures relating to investigations, whistleblowers, and employee communications position the company to effectively meet the ever-increasing threat of the Dodd-Frank Whistleblower.
The Dodd-Frank Whistleblower Program (the “Program”) awards individuals who voluntarily provide original information about a possible violation of federal securities laws that leads to a successful enforcement action.
Both the May 17 and May 20, 2016 awards are consistent with prior orders, though each is of interest. On May 17, 2016, the Commission announced a $5-6 million award to an insider who provided information leading to conduct that would have otherwise been “nearly impossible to detect.”
The May 13, 2016 order—yet another to an insider—is, however, particularly noteworthy. There the SEC awarded $3.5 million to a whistleblower for information that neither initiated nor expanded an enforcement action.
Consistent with prior awards and the oft-repeated goal of the SEC to maintain the confidentiality of whistleblowers, the respective award orders are redacted and contain little detail about the underlying matters or recipients. Nonetheless, the May Awards are interesting in a number of respects.
First, these awards continue the trend of insiders—i.e., employees of the subject company—as whistleblowers. While the positions and functions of the insiders-turned-whistleblowers were not identified in May Awards, each underscores the whistleblower risk from within. Second, as demonstrated by the May 13 award, the Commission will award any whistleblower who meaningfully contributes to the success of an investigation—even where that contribution does not initiate or expand the investigation. This award serves as a stark warning to companies to remain vigilant, recognizing that a whistleblower may appear at any stage—even after a matter has been initiated and made public.
Though noteworthy, the May Awards are not particularly surprising. In its Annual Report on the Whistleblower Program for 2015, the SEC noted a continuing increase in reports, culminating in an 8% increase to 3,932 reports received in FY2015.
With awards increasing in size and quantity, and potentially available to any who provide valuable information at seemingly any point in an investigation, companies should regularly revisit their strategies for minimizing whistleblower risks:
Regularly Have Monitoring and Investigatory Efforts Assessed: With the evolution of a company’s risk profile and available tools, both monitoring and investigatory efforts can all too quickly become stale. As such companies should secure periodic evaluations of their compliance programs, which should specifically include an assessment of their monitoring efforts and investigatory strategies to ensure they are tailored to the current risk profile, and facilitating tailored and timely review and remediation of concerns.
Reevaluate The Approach To Communications Regarding Investigations: In a startling reminder that employees generally want to do the “right thing,” the 2015 Annual Report on the Program noted that approximately 80% of all insiders turned whistleblowers had first raised their concerns internally (or knew that supervisors and/or compliance personnel were aware of the issues) before coming to the SEC.Where insiders know of and trust the investigative function and process, they are less likely to feel the need to go external with their concerns. Companies should thus look for appropriate mechanisms to educate employees on the investigation process, and regularly provide information demonstrating its effectiveness. Integrating anonymized case studies into training sessions, or accompanying reporting instructions with a high-level overview of the company’s investigation process are two examples of potentially effective tools.In short, there is opportunity to avoid internal issues becoming external problems.Periodic compliance check-ups can provide practical advice for any needed course corrections to minimize the risk that internal employees become external whistleblowers.
Develop and Deploy an Effective Media Strategy: Regardless of size, companies should proactively develop a strategy in the event it finds itself the subject of negative media attention, in a best-case scenario, part of an overall crisis management plan. Who will be authorized to speak for the company? Who will be involved internally in crafting the response? What employee outreach will be contemplated and who will be responsible for its execution? In the event the media highlights concerns, media plans can outline appropriate mechanisms by which the company can both coordinate an effective external response and assure employees that it is thoroughly considering the highlighted issues.Waiting to plan until the moment strikes is often too little too late.
Thoughtfully Stay in Touch with Your Whistleblower: In many instances it will be possible to remain in contact with a whistleblower. Even anonymous reporting often permits a reach back to the whistleblower while maintaining anonymity. Contacting a whistleblower for additional information or supporting documents may satisfy dual objectives, providing useful data for a more effective investigation, while demonstrating to a whistleblower the seriousness with which the company is treating the matter. Similarly, providing appropriate updates to a whistleblower throughout the investigation—mindful to maintain privilege and anonymity, and prevent retaliation—may also serve to prompt the provision of additional useful information and discourage the whistleblower from taking his or her concerns to the outside.In light of the May Awards, these efforts may be particularly appropriate for internal witnesses / whistleblowers.
Companies who do not respond in a timely and effective manner, or who leave insiders with little comfort that the issues will be meaningfully addressed, may find themselves confronted with a whistleblower even after issues are publically revealed. Dodd-Frank has repeatedly shown its teeth over the past few years, and only seems to be gaining momentum. Despite the growing whistleblower threat, many companies have yet to undertake a formal assessment of how, if at all, they might better position their compliance programs to meet this increased risk of enforcement. Time for a compliance check-up?