In the wake of the financial crisis of 2008, the Dodd-Frank Act (“Dodd-Frank”) was signed into federal law on July 21, 2010. At the time, the recession was considered the worst financial crisis since the Great Depression. It seemed like a 100-year storm. As it turns out, it was only a 12-year storm. The passage of Dodd-Frank represented an overhaul of U.S. financial regulations. Among the laws, the most notable achievements were the U.S. Securities and Exchange Commission (SEC) Office of the Whistleblower and the SEC Whistleblower Program. In its short, 10-year history, the SEC Whistleblower Reward Program has been extraordinarily successful in enabling the SEC to root out securities fraud and protect investors. Since the inception of the SEC Whistleblower Program, the SEC has paid more than $900 million in awards to whistleblowers resulting in more than $3.5 billion in financial remedies. According to the SEC Whistleblower Program’s 2020 Annual Report, the SEC is tracking over 1,100 matters in which a whistleblower tip has caused a Matter Under Inquiry or investigation to open.
I recently spoke with someone whose name has become synonymous with the Office of the Whistleblower, former Chief Jane Norberg, now a partner with law firm Arnold & Porter Kaye Scholer.
The label whistleblower has carried with it a certain stigma such that some organizations avoid using the term in favor of the less inflammatory terms relator or reporter. The Office of the Whistleblower has legitimized and taken away a lot of the stigma associated with the term. A big reason for that is that the SEC has promoted the whistleblower program by showcasing the positive impact that whistleblower tips have had on its enforcement efforts. Every time a whistleblower is paid, the SEC issues a press release publicizing the award and shares instructive information about the matter without sacrificing whistleblower confidentiality. It serves to position whistleblowers in the spotlight and takes away some of the negative stigmas.
The SEC Whistleblower Program was established under the Dodd-Frank act to incentivize the reporting to the Commission of information regarding possible securities laws violations. If the information the whistleblower provides leads to a successful enforcement action in which over $1 million in monetary sanctions are ordered, then the individual may be entitled to receive between 10 and 30% of amounts collected in that matter. In addition to monetary awards, the whistleblower program also offers two other components: confidentiality and anti-retaliation protections. These three components make the program incredibly attractive to would-be whistleblowers. Whistleblowers come from diverse backgrounds that include current and former employees of companies with first-hand knowledge of unlawful conduct. Outsiders who provided a detailed analysis of wrongdoing, foreign nationals who shone a light on hard to detect fraud happening abroad but impacting U.S. investors and the marketplace, and investors who lost money at the hands of fraudsters.
Jane was in the SEC Office of the Whistleblower for nearly its entire existence, and I asked her what she considered the program’s most notable accomplishments these past 10 years. She explained that handing out the very first whistleblower award in just a little over a year from the program’s inception was among the program’s most important milestones. Everyone involved in the program held their breath until that first award was paid out knowing that the success of the program hinged on how quickly the SEC did or did not pay out an award. Consequently, making that first award was pivotal. The other very important milestone for the whistleblower program was bringing that first whistleblower retaliation case. The concept of the SEC bringing charges against a company for retaliation was brand new. For some, it felt more like employment law than it did securities enforcement so took some time and a lot of cajoling before the decision was made to move forward. Once that first retaliation case was announced, it felt as if the SEC had planted a stake in the ground for retaliation protections for whistleblowers.
The whole concept of an anti-retaliation policy seems like the statement of the obvious. Is it necessary to put on paper that it’s wrong to attack someone trying to do the right thing? The short answer is, unfortunately, yes. Retaliation is a real dynamic and, it is pervasive within many organizations. Having performed many internal investigations, I’ve conducted thousands of witness interviews. Sometimes, in the middle of an interview, a witness who knows a lot about the allegations at the center of the investigation raises the obvious question: “why didn’t you come forward?” Inevitably, they have a very good reason why they didn’t. Sometimes, it is along the lines of “last time I did, I was retaliated against, had my pay cut and was then demoted”. Retaliation is a very real thing that people must contend with which makes it all the more courageous when a whistleblower is well aware of that dynamic and decides to come forward even though that doing so will result in serious repercussions for them personally. Organizations need to think about ways to make it attractive for employees to report internally. Having a strong anti-retaliation policy should be top of the list.
The SEC’s jurisdiction is over companies listed on U.S. stock exchanges yet many whistleblower complaints originate from outside of the U.S. The SEC Whistleblower Program has an incredible international reach and the Office of the Whistleblower’s last annual report informed Congress that it has received tips from 130 countries. The SEC’s promotion of the awards process through the issuance of press releases gets picked up on international news wires. As a result, the prominence and awareness of the U.S. program are very high. Many whistleblowers are from outside of the U.S. and very few countries have similar award programs. Whistleblower complaints that originate from overseas can pose a challenge for companies to consolidate and total reporting to consistently capture the tips. Challenges aside, companies who receive whistleblower tips from wherever they originate must have a process in place to conduct thorough internal investigations before it gets reported out to a regulator or law enforcement. Adding a further layer of complexity is that whistleblower protection laws can vary significantly from one country to the next. For example, there’s the new EU Directive on Whistleblowing for certain companies to consider and to come into compliance under, and the SEC and US law enforcement agencies have jurisdictional hooks in certain areas for foreign companies. Therefore, companies with global operations need to be sure that they’re compliant with both US and international laws. That requires a thorough look at policies, procedures, and controls across US and international operations for compliance and a consistent approach.
One of the 10 hallmarks of what the DOJ and SEC describe as an effective compliance program is Confidential Reporting and Internal Investigation. A company’s approach to confidential reporting and internal investigations is a window into the entire compliance program. Interestingly, the OWB Annual Report to Congress includes the statistic “Approximately
81% of insiders who received awards in FY 2020 raised their concerns internally. . .” What this means is that in the majority of cases in which whistleblowers were paid an award – which means that they reported timely, credible and accurate information – someone at their company knew about the issue either before or at the same time the report was made to the Commission. The statistic does not necessarily mean that the whistleblower reported it to an established hotline or through a formal reporting mechanism. It could also encompass people who reported directly to their supervisor. In many instances in which whistleblowers told the Office of the Whistleblower that they reported to their supervisor, but the supervisor didn’t handle the report in a manner that the whistleblower found to be adequate, which then prompted them to report to the SEC. This is an area where companies could benefit from someone taking a critical look at their internal reporting structure to make sure that all reports made through the universe of confidential reporting channels are captured, triaged and investigated if appropriate.
Part of this process includes training at the middle management level to make sure that those managers can identify an internal report when they get it and know what to do with the information and the implications of failing to act upon it. It may seem logical that someone should know if they receive a tip and what to do with it, but sometimes, it could be as simple as an employee knocking on their boss’s door and saying, “Hey, take a look at this. This doesn’t seem right”. Without proper training and controls in place, it can be easy for a member of management to dismiss that concern as a simple conversation. When in fact, it’s a much larger issue that could easily lead the employee to feel disregarded and then turn to outside the company for help. That is where the breakdown occurs in reporting mechanisms in many companies.
When it comes to internal investigations, many companies do not have formal policies and procedures that govern these activities. This can lead to confusion, privilege issues, inconsistency in the approach and oversight of internal investigations and a system of institutional justice that may cause others to question whether each investigative subject is being held to the same standard of care. This gives rise to the question: What should companies do to ensure that allegations are investigated appropriately, and institutional justice is blind? Companies must take the time to get it right when it comes to internal investigations. Having well-thought-out policies and procedures that are consistently applied is critical. Not every tip will lead to a large-scale internal investigation, but certainly, every tip should be triaged to determine what steps are appropriate. Many times, it makes sense to have independent external parties make those determinations and lead those investigations to avoid any concern that special treatment is being given. Of particular importance is that the identity of the whistleblower should not be the deciding factor on how serious to take a tip or whether to investigate. It shouldn’t matter if it is the worst-performing employee in the company making the tip. That is a difficult concept for most organizations to fathom and yet the only thing that should be considered is if the tip is accurate. And the only way to do so is if you have a process in place to carefully examine the allegation.
If the company ignores the allegation because they believe that reporter to be unreliable, it may backfire. And it certainly won’t go over well with regulators or law enforcement if they end up at the company’s door. It is critical to treat every report consistently, promptly and following company policy and protocols and to be consistent and clear with the accountability and the outcome of the investigation.
To hear the full Fraud Eats Strategy podcast episode with Jane Norberg, click here:
Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions.